About seven years ago, I was on an initiative to explore low-code. When I saw Salesforce’s low-code product in demos, my impression was that the product was only suitable for buyers with a strong Salesforce CRM focus — a feeder to drive more revenue into Salesforce’s flagship product. When Salesforce acquired MuleSoft, many worried that it would turn MuleSoft into a similar appendage of Salesforce CRM. While that might have been good for Salesforce shareholders, it would not have been good for MuleSoft customers. Surprisingly, this never transpired. Although they pursued synergies between parent and child companies such as API Community Manager, MuleSoft’s direction has remained appealing to buyers lacking a Salesforce-centric focus. My experience at Salesforce’s TDX 2025 conference makes me believe that there may finally be a pivot to more deeply merge MuleSoft into the broader Salesforce ecosystem, and this time, it may be a good thing. AppGen Encourages Application Vendors To Rethink Their Strategies Before explaining why this may be good, we should first focus on where software is going. The ability of today’s generative AI tools to generate code snippets will evolve into the ability to generate entire applications (a concept Forrester refers to as application generation, or AppGen). The arrival of AppGen is causing larger tech vendors such as Salesforce to increasingly incorporate capabilities like natural language prompting, visual low-code models, domain-specific languages, and integrated lower-level code generation for custom components and extensions. AppGen threatens smaller app-centric vendors that cannot provide these capabilities. One buys applications today because they offer best practices and domain knowledge. Although vendors strive to make their applications flexible, you are still limited to the application’s way of doing things. What if you could generate a bespoke application with a large language model that contains those same best practices and domain knowledge? This will cause application vendors to rethink their strategies. MuleSoft And Salesforce’s Platform Pivot Today, Salesforce has some of the components of a future AppGen development platform: Apex is for pro code and Flow for low-code; Salesforce Data Cloud brings together the organization’s data with zero copy; Agentforce provides emerging AI agent capabilities; Einstein provides generative AI for compressing the software development lifecycle; and MuleSoft is there to link everything together inside and outside of the Salesforce platform. I’m not going to comment on the quality of all these since, as an analyst, I only cover MuleSoft. (My fellow analysts evaluate other components, such as in The Forrester Wave™: Data Lakehouses, Q2 2024, and The Forrester Wave™: Low-Code Development Platforms For Professional Developers, Q2 2023.) Regardless of their current strengths or weaknesses, however, Salesforce has many pieces needed to build a future platform for generating applications. There were several announcements leading up to and during TDX 2025. For MuleSoft, the main thing was integrating it with other Salesforce platform products. A new connector brings Agentforce’s agents into MuleSoft integrations. Topic Center and API Catalog let Agentforce agents use MuleSoft APIs as tools. MuleSoft for Flow lets citizen developers in Flow more easily consume MuleSoft APIs. What I did not notice was a heavy push toward Salesforce’s applications. Of course, that remains the company’s bread and butter, and TDX ’25 is more oriented toward developers than Dreamforce. Nonetheless, my impression is that Salesforce seeks to move beyond its core and create a next-generation platform for building custom applications of any sort. MuleSoft is finally pivoting toward more Salesforce centricity but not in the way many originally feared. Instead of being a feeder to Salesforce CRM applications, it’s becoming a support pillar of a broader software development platform while still remaining a viable product for organizations that have not bought into that broader platform. When AppGen arises as a disruptor to application vendors, Salesforce will be prepared to respond to that disruption. source

At the Tanzu Division of Broadcom, we focus on how our customers can get the most out of cloud native environments while protecting against the slew of new vulnerabilities and attacks targeting their critical business apps. As important as prevention is, reducing the time it takes to recover from a breach or other issues is just as critical, if not more. This is particularly important for our customers functioning in highly regulated industries who have to keep up with continually changing security, privacy, and compliance requirements. We’ve found that the best way to secure large and diverse application estates is to integrate security-enhancing capabilities and processes throughout the entire application dev and delivery cycle. This means approaching security as an integral and continuous part of the cycle. In working with our many global customers, we recommend the following best practices for a continuous approach to security: Weave security in all your processes Adding security earlier in the app dev and delivery cycle is widely recognized as a best practice. However, sometimes it is not enough. Over the years, we have seen that attack vectors are targeting multiple phases of the software delivery cycle, and in some cases, shifting security left has come to mean shifting security decisions on to developers. This undue burden can become disruptive and slow down the app delivery process. With cyberattacks hitting various aspects of the software supply chain, it is imperative to make security an integrated aspect of the software delivery lifecycle. With this in mind, we designed Tanzu Platform to make security easy, while also reducing friction between dev and platform teams. We do this by allowing for separation of concerns and enabling golden paths curated by the platform engineering team. Tanzu Platform also supports patterns and technologies made popular by Spring Framework, leveraging the Buildpacks model, and the incredible Bitnami software catalog on which Tanzu Application Catalog is based. Turn on your automation superpower Infusing policy-based automation into your application platform is one of the best ways to enforce and scale security policies. Platform engineers need to partner with security and compliance teams to create policies based on changing industry guidelines, vulnerability threat level, audit requirements–just to name a few. Doing this reduces friction in the app dev and delivery process, increases security and compliance leaders’ peace of mind, and empowers platform engineers to deliver a secure and frictionless path to production that ultimately yields value-generating innovation.    Adopt a “continuous upgrade” culture Security is not a one-time thing. Infrastructure needs to be secure by design and continuously updated. Introduced several years ago, the 3Rs – Rotate, Repave, and Repair continue to be our north star when it comes to ensuring Tanzu Platform is among the most secure cloud native application platforms. More specifically, the 3Rs mandate that you:  Rotate system credentials every few minutes or hours. Repave every server and application in the datacenter every few hours to a known, good state. Repair vulnerable operating systems and application stacks consistently within hours of patch availability. Ensuring all software is up to date with the most recent patches, security fixes, and regulatory compliance means continuously checking the health of your system and running the most secure versions. This can be overwhelming without the right mindset and processes. So, in addition to keeping up with patches, upgrades, and bug fixes, we recommend that our customers embrace a continuous upgrade and compliance mindset. Read about what we mean by continuous upgrade culture here. Every day, companies are competing for customers and seeking ways to capitalize on market trends and capture new revenue opportunities. At Tanzu, we advocate that technology leaders should treat security as an accelerator rather than an outcome or a one-time “check the box” requirement. For more about Tanzu’s approach to application security, visit the Tanzu and Security page. About Purnima Padmanabhan Broadcom Purnima Padmanabhan is Vice President and General Manager of Broadcom’s Tanzu Division. Prior to joining Broadcom, she was Senior Vice President and General Manager of VMware’s Modern Applications & Management Business and was responsible for application modernization, cloud native application development and multi-cloud management. She previously led the company’s Cloud Management Business. Ms. Padmanabhan has extensive experience building and launching innovative products in cloud infrastructure, security and enterprise mobility. Prior to joining VMware, she was CEO of Cavirin, a cloud security company, where she drove a turnaround. She was previously COO of MokaFive, a desktop virtualization company, and was responsible for global product operations. Ms. Padmanabhan holds an MBA from Stanford University and an M.S. in Computer Engineering from University of Southern California. source

By Ben Pleune and Karlee Wroblewski ( April 2, 2025, 6:09 PM EDT) — In a previous article, we analyzed a district court opinion finding issue preclusion based on the outcome of an inter partes review decision invaliding the claims of a related patent…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Key takeaways: With AI technology, payment fraud and fraud prevention have become more complex and sophisticated. Both financial data owners and businesses that accept illegal payments are directly affected by payment fraud. The best payment fraud prevention strategy requires careful risk assessment, planning, implementation, incident response preparation, and documentation. What is payment fraud? Payment fraud is the unauthorized use of an individual’s financial information to conduct illegal transactions. The overall strategy is to deceive individuals into sharing their financial and other sensitive information using hardware and software hijacking technology. Payment fraud happens when devices such as scanners, keystroke loggers, and malware capture manually entered data to divert the information back to the perpetrators. Businesses invest significantly in payment fraud prevention tools to counter these attacks. Types of payment fraud With today’s technology, every payment method is unfortunately at risk of fraud. We discuss them briefly below: Credit card fraud According to a 2025 Nilson Report, global payment card fraud losses reached $33.83 billion in 2023, with the US bearing approximately 42% of these losses. The most prevalent type of credit card fraud happens remotely: card-not-present (CNP) fraud, which occurs when stolen card information is used to make purchases online or over the phone. While EMV chip technology has reduced card-present fraud, criminals still find ways to exploit merchant vulnerabilities, often involving cloning, where criminals copy card details onto a blank magnetic stripe card or stolen cards used before the victim notices and reports them. Example: In November 2024, a UK resident’s replacement credit card was intercepted and used fraudulently before she received it, underscoring the vulnerabilities in card issuance and delivery processes. See: Detecting Credit Card Fraud by Decision Trees and Support Vector Machines Debit card fraud Debit card fraud involves the unauthorized withdrawal of funds directly from the victim’s bank account. This happens via physical theft of the card, skimming devices capturing card details, or data breaches exposing card information. Unlike credit card fraud, victims of debit card fraud may experience immediate financial loss as funds are withdrawn directly from their accounts. Example: In October 2024, a UK resident discovered unauthorized transactions exceeding £100 on their Uber and Uber Eats accounts linked to their debit card. Uber refunded the fraudulent charges, but it was unclear where the unauthorized transactions came from. Mobile payment fraud Mobile payment fraud occurs when fraudsters exploit mobile payment systems, apps, or devices to make unauthorized transactions or steal financial information. One way this is done is through SIM swapping, where an attacker gains control of a victim’s phone number to access their accounts, or through malware that infects a device to intercept sensitive information like payment credentials. Example: In November 2024, three Indiana residents were charged in connection with a nationwide SIM-swapping conspiracy. The defendants managed to steal funds and personal data through the mobile numbers connected to the victims’ email, social media, and cryptocurrency accounts. See: Mobile Device Security Policy Wire fraud Wire fraud involves schemes conducted via phone calls, emails, or online messaging platforms, often using false representations or promises to defraud individuals or organizations of money or property. Fraudsters trick victims into transferring funds to accounts they control, leading to substantial financial losses. Example: In July 2024, individuals based in Michigan, Illinois, and Texas pleaded guilty to conspiracy in international mail and wire fraud, defrauding victims of at least $2 million from 2017 to 2022. Check fraud Despite declining check usage due to digital payment methods, check fraud remains common. This involves illegal activities such as forging signatures, altering check details, or depositing counterfeit checks. Example: In late 2024, JPMorgan Chase filed lawsuits against customers who exploited a viral “money glitch” by depositing large, fake checks via ATMs and withdrawing funds before the checks cleared. This scheme resulted in over $660,000 in losses for the bank. Bank fraud Bank fraud involves schemes to steal cash and other bank assets, such as loan fraud, account takeover, fraudulent wire transfers, and embezzlement. Criminals may carry out these types of fraud using stolen identities, forged documents, or insider access. Example: In December 2024, reports emerged of low-level bank employees selling client data to online scammers, facilitating sophisticated financial fraud schemes. Staffers in various banks made copies of customer financial information, which they then sold to buyers on Telegram. Payment fraud strategies The different types of payment fraud involve various deceptive practices aimed at stealing financial data for unauthorized use. Here are seven of the most common ways payment fraud happens: Phishing Phishing is when scammers impersonate legitimate entities to trick individuals into revealing sensitive information. This deception is often carried out using fake emails, text messages, or websites that appear legitimate. How to detect phishing Watch out for unsolicited communications requesting personal information, generic greetings, grammatical errors, and URLs that deviate slightly from authentic addresses. How to prevent phishing Implementing email filtering solutions can help identify and isolate potential phishing attempts. Multi-factor authentication (MFA) adds an extra layer of security, and employees should be trained to recognize phishing emails. Skimming Skimming is when criminals install devices on ATMs or point-of-sale terminals to illicitly capture card information during legitimate transactions. These devices read the magnetic stripe data, enabling the creation of counterfeit cards for fraudulent use. How to detect skimming Signs of skimming devices include loose or misaligned card slots, unfamiliar attachments on payment terminals, or visible adhesive residues. How to prevent skimming Upgrade to payment terminals that support EMV chip technology, which is more secure than magnetic stripe systems. Additionally, install tamper-evident seals and conduct routine checks on all payment devices. Identity theft Identity theft involves the unauthorized access and use of someone’s personal information — such as Social Security numbers, bank account details, or credit card numbers — to commit fraud or theft. How to detect identity theft Consider installing monitoring services that can identify unusual account activities, such as unrecognized transactions, changes in account details, or unexpected credit inquiries. How to prevent identity theft Implement layers of identity verification processes,, such as biometric data and MFA. Update and patch systems regularly to protect against data breaches. Train

By Richard Donoghue ( April 2, 2025, 2:14 PM EDT) — Attorneys frequently transition from government work to private practice during changes in administration, encountering challenges and surprises as they do so. In this Expert Analysis series, attorneys who made that move in the last few years reflect on how they adapted to law firm life, and discuss tips for others. If you are interested in writing about your experience, please email [email protected]…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Leaks show Google’s Pixel 10 Pro Fold resembles its predecessor, shown in this Google ad. Image: Google Google continues to struggle to maintain its foothold in the mobile market. With just 4.5% Americans using a Google smartphone as their primary device, the tech giant is banking on its upcoming Pixel 10 Pro Fold to make a stronger impression than previous iterations — despite not depending on smartphone sales to drive annual revenue. While official details remain limited, a recent leak offered an early glimpse into what users can expect from Google’s next foldable flagship, the successor to the Pixel 9 Pro Fold. What the latest leak reveals The leak includes digital renders of the Google Pixel 10 Pro Fold that experts were quick to point out were similar in design to its predecessor. This may suggest that Google is prioritizing internal upgrades and performance enhancements over cosmetic redesigns. The leaked images of the Google Pixel 10 Pro Fold share a similar, if not identical, form factor to the Pixel 9 Pro Fold. It also has a triple rear camera on the back of the phone. However, like other smartphones in the Pixel 10 series, the SIM card slot has been relocated to the upper edge of the device. Multiple sources also suggest that Google’s new Pixel 10 Pro Fold could launch at a lower price point than the Pixel 9 Pro Fold, which debuted at $1,799 for 256GB or $1,919 for 512GB models. Historically, Google has been aggressive with pricing strategies, often offering steep post-launch discounts on Pixel devices. The Pixel 9 Pro Fold is already available at significantly reduced prices, indicating the Pixel 10 Pro Fold could see early markdowns soon after release. More Google news & tips What we already knew Additional information about the Pixel 10 Pro Fold surfaced earlier — a September 2024 leak revealed the device’s internal codename of “Rango” and hinted at a possible launch in fall 2025. Though the device has yet to be formally announced, its likely competitor will be Samsung’s highly anticipated Galaxy Z Fold 7. According to industry sources, Samsung is expected to unveil the Z Fold 7 in July 2025, with availability in stores to follow weeks later. While an official price hasn’t been disclosed, analysts project a retail cost between $1,899 and $2,199. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Augment Code, an AI coding assistant startup, unveiled its new “Augment Agent” technology today, designed to tackle the complexity of large software engineering projects rather than simple code generation. The company claims its approach represents a significant departure from other AI coding tools by focusing on helping developers navigate and modify large, established codebases that span millions of lines of code across multiple repositories. The company also announced it has achieved the highest score to date on SWE-bench verified, an industry benchmark for AI coding capabilities, by combining Anthropic’s Claude Sonnet 3.7 with OpenAI’s O1 reasoning model. “Most work in the coding AI space, which is clearly a hot sector, has focused on what people call ‘zero to one’ or ‘vibe coding’ – starting with nothing and producing a piece of software by the end of the session,” said Scott Dietzen, CEO of Augment Code, in an exclusive interview with VentureBeat. “What we targeted instead is the software engineering discipline of maintaining big, complex systems — databases, networking stacks, storage — codebases that have evolved over many years with hundreds of developers working on them collaboratively.” Founded in 2022, Augment Code has raised $270 million in total funding, including a $227 million Series B round announced in April 2024 at a post-money valuation of $977 million. The company’s investors include Sutter Hill Ventures, Index Ventures, Innovation Endeavors (led by former Google CEO Eric Schmidt), Lightspeed Venture Partners, and Meritech Capital. How Augment’s context engine tackles multi-million line codebases What sets Augment Agent apart, according to the company, is its ability to understand context across massive codebases. The agent boasts a 200,000 token context window, significantly larger than most competitors. “The challenge for any AI system, including Augment, is that when you’re working with large systems containing tens of millions of lines of code – which is typical for meaningful software applications – you simply can’t pass all that as context to today’s large language models,” explained Dietzen. “We’ve trained our AI models to perform sophisticated real-time sampling, identifying precisely the right subset of the codebase that allows the agent to do its job effectively.” This approach contrasts with competitors that either don’t handle large codebases or require developers to manually assemble the relevant context themselves. Another differentiator is Augment’s real-time synchronization of code changes across teams. “Most of our competitors work with stale versions of the codebase,” said Dietzen. “If you and I are collaborating in the same code branch and I make a change, you’d naturally want your AI to be aware of that change, just as you would be. That’s why we’ve implemented real-time synchronization of everyone’s view of the code.” The company reports its approach has led to a 70% win rate against GitHub Copilot when competing for enterprise business. Why ‘memories’ feature helps AI match your personal coding style Augment Agent includes a “Memories” feature that learns from developer interactions to better align with individual coding styles and preferences over time. “Part of what we wanted to be able to deliver with our agents is autonomy in the sense that you can give them tasks, but you can also intervene,” Dietzen said. “Memories are a tool for the model to generalize your intent, to capture that when I’m in this situation, I want you to take this path rather than the path that you took.” Contrary to the notion that coding is purely mathematical logic without stylistic elements, Dietzen emphasized that many developers care deeply about the aesthetic and structural aspects of their code. “There is definitely a mathematical aspect to code, but there’s also an art to coding as well,” he noted. “Many of our developers want to stay in the code. Some use our agents to write all of the code, but there’s a whole group of engineers that care about what the ultimate code looks like and have strong opinions about that.” Enterprise adoption of AI coding tools has been slowed by concerns about intellectual property protection and security. Augment has focused on addressing these issues with a robust security architecture and enterprise-grade integrations. “Agents need to be trusted. If you’re going to give them this autonomy, you want to make sure that they’re not going to do any harm,” said Dietzen. “We were the first to offer the various levels of SOC compliance and all of the associated penetration testing to harden our solution.” The company has also established integration with developer tools like GitHub, Linear, Jira, Notion, Google Search, and Slack. Unlike some competitors that implement these integrations on the client side, Augment handles these connections in the cloud, making them “easily shareable and consistent across a larger team,” according to Dietzen. Augment Agent is generally available for VS Code users starting today, with early preview access for JetBrains users. The company maintains full compatibility with Microsoft’s ecosystem, unlike competitor Cursor, which forked VS Code. “At some level, customers that choose Cursor are opting out of the Microsoft ecosystem. They’re not allowed to use all of the standard VS Code plug-ins that Microsoft provides for access to their environment, whereas we’ve preserved 100% compatibility with VS Code and the Microsoft ecosystem,” Dietzen explained. The evolving partnership between human engineers and AI assistants Despite the advances in AI coding assistance, Dietzen believes human software engineers will remain essential for the foreseeable future. “The arguments around whether software engineering is a good discipline for people going forward are very much off the mark today,” he said. “The discipline of software engineering is very, very different in terms of crafting and evolving these large code bases, and human insight is going to be needed for years to come.” However, he envisions a future where AI can take on more proactive roles in software development: “The real excitement around where we can ultimately get to with AI is AI just going in and assessing quality

ABOUT PEW RESEARCH CENTER Pew Research Center is a nonpartisan, nonadvocacy fact tank that informs the public about the issues, attitudes and trends shaping the world. It does not take policy positions. The Center conducts public opinion polling, demographic research, computational social science research and other data-driven research. Pew Research Center is a subsidiary of The Pew Charitable Trusts, its primary funder. source

Generative AI was so two years ago. Now, businesses are all about agentic AI (not to be confused with AI agents), channeling the brouhaha of ChatGPT in 2023. But where is the consumer in all this? While businesses are moving to experiment and learn more about agentic AI, consumers are not. Business-oriented, not consumer-oriented, use cases continue to drive most of the buzz around agentic AI. Today, AI Assists And Informs Consumer Decisions For consumers right now, AI primarily helps them access information faster. But while it informs their research and purchase decisions, AI does not pick the right item or complete the transaction; that action still falls to the consumer. For example: Walmart’s GenAI search surfaces collections of products. Consumers now put in a query such as “Plan my daughter’s unicorn-themed fifth birthday” and results will show all the various products related to that ask. Previously, consumers had to search for specific products or product types. Amazon Fashion takes the guesswork out of unfamiliar brands’ sizing. Based on a customer’s past purchases and an analysis of product reviews, Amazon will show the likely size of a clothing item that the customer is viewing. AI @ Morgan Stanley helps advisors better focus on their clients. Financial services companies such as Morgan Stanley are using AI to help assist in note-taking and email summarization for financial advisors so that they can better focus on their conversations with their wealth management clients. Soon, AI Will Be Cognizant Of Consumer Context As businesses implement agentic AI, it will begin to trickle into consumer experiences, but widespread adoption will be limited by consumers’ comfort with agentic AI. An intermediary phase of not-fully-agentic AI will emerge in which AI apps will connect with third-party tools and datasets to understand consumer context and need but won’t yet have the full executional capabilities required to act on a consumer’s behalf. Big Tech — think Microsoft, Apple, and Google — will lead the way, not brands. For example: Project Astra engages multiple sources to better personalize responses. Google’s AI assistant taps into not just Gemini but Google Search, Maps, and Lens to create responses. Apple’s Siri observes users’ interactions to predict next steps. Siri can register the apps that a user has open and derive what the user is hoping to accomplish when Siri is prompted. Microsoft Copilot interacts with different browser tabs to suggest next-step actions. Vision is a feature within Microsoft’s Edge browser that analyzes a user’s browser tabs to answer questions and suggest next steps. What will agentic AI use cases for consumers look like? According to Forrester’s Market Research Online Community, only 12% of consumers have heard of the term agentic AI while 38% have heard of AI agents. But even among those who have heard of either, most assume that they’re terms for AI assistants or customer service help. Check out our new report, Consumer Use Cases For AI, 2025, for a deeper dive into all of the phases of consumer-facing AI. Clients, schedule a guidance session with us to learn more about how to roll out consumer-facing AI experiences in ways that engender trust. source