China is pushing the boundaries of its own AI development every few weeks, and its results are already a serious threat to Western technology. While in the West AI was an exclusive and lucrative resource available only to select companies, China, thanks to its open approach, bypasses sanctions, decentralizes development, and uses available resources for mass AI development. And thanks to the development of AI in the open-source model, hardware availability is no longer a problem, because models are voluntarily tested and improved by their users, e.g., from Europe. If open-source AI becomes as powerful as US proprietary models, the ability to monetize AI as an exclusive product will collapse, which is a key consideration for China. The opening of AI models from China is a surprising move that may also disrupt the foundations of OpenAI’s classic AI model development — based on a small group of companies capitalizing on the latest technological advances. China may be the country that proves that it doesn’t always pay to be first. Its approach could change the balance of power in the development of artificial intelligence. AI will also be an important weapon in the US-China technological war. The coming months will be extremely turbulent in the context of AI development, in addition to the traditional facets of US-China geopolitical and economic friction. source

By Andrew Karpan ( March 14, 2025, 8:18 PM EDT) — The Federal Circuit on Friday signed off on a ruling from the patent board that wiped out all of the claims Apple challenged in a patent covering location-tracking beacons that was asserted against a software protocol developed for iPhones and iPads…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Image: cynoclub/Envato Elements Apache Tomcat is under attack as cybercriminals actively exploit a recently disclosed vulnerability, enabling remote code execution (RCE). With simple HTTP requests, attackers can trigger the deserialisation of malicious data and gain control over affected systems. The vulnerability, CVE-2025-24813, was disclosed by Apache on March 10, with the first proof of concept being released on GitHub about 30 hours later, posted by user iSee857. Soon after, security firm Wallarm later saw that this was being leveraged in the wild, warning that the attacks are undetectable to traditional security filters as HTTP requests appear normal and malicious payloads are base64-encoded. First, an attacker sends a PUT request containing an encoded, serialised Java payload, which is then written inside Tomcat’s session storage and automatically saved in a file. Then they send a GET request with a JSESSIONID cookie pointing to the malicious session. When Tomcat processes this request, it deserialises the session data without proper validation, executing the embedded malicious Java code and giving the attacker full remote access. SEE: How to Use the Apache Web Server to Install and Configure a Website Must-read security coverage Which Apache Tomcat versions are vulnerable? No authentication is required for this to work but, according to Apache’s security note, the following must be true for a Tomcat application to be vulnerable: Writes are enabled for the default servlet Partial PUT request support is enabled Tomcat includes a library that could be leveraged in deserialisation attacks The default storage location uses file-based session persistence As well as remote code execution exploits, the vulnerability can allow attackers to view or amend security-sensitive files if the following conditions are met: Writes are enabled for the default servlet Partial PUT request support is enabled The security-sensitive files are stored in a publicly available directory and were uploaded by partial PUT The attacker knows the filenames With these conditions fulfilled, the following Tomcat versions are all vulnerable: Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0.M1 to 9.0.98 Mitigation: How to protect your system To mitigate the vulnerability, Apache recommends users upgrade to Tomcat versions 11.0.3 or later, 10.1.35 or later, or 9.0.99 or later, respectively, as these are all sufficiently patched. Alternatively, users can turn off partial PUT support, disable writes for the default servlet, and avoid storing security-sensitive files in directories that are publicly accessible. Wallarm researchers warn that this vulnerability highlights the possibility of other security flaws emerging due to Tomcat’s handling of partial PUT requests “which allows uploading practically any file anywhere”. “Attackers will soon start shifting their tactics, uploading malicious JSP files, modifying configurations, and planting backdoors outside session storage,” they wrote in a blog post. “This is just the first wave.” source

By Ali Sullivan ( March 18, 2025, 9:09 PM EDT) — A Maryland federal judge on Tuesday ruled that Elon Musk and his Department of Government Efficiency likely violated the U.S. Constitution “in multiple ways” in their drive to dismantle the U.S. Agency for International Development…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More A few months ago, Google added access to reasoning modes to its Gemini AI chatbot. Now, it’s expanded the reach of Gemini 2.0 Flash Thinking Experimental to other features of the chat experience as it doubles down on context-filled responses.  The company announced it’s making Gemini more personal, connected and helpful. It’s also making its version of Deep Research, which searches the Internet for information, more widely available to Gemini users.  Deep Research will now be backed by Gemini 2.0 Flash Thinking Experimental. Google said in a blog post that, by adding the power of Flash Thinking, Deep Research can now give users “a real-time look into how it’s going about solving your research tasks.” The company said this combination will improve the quality of reports done through Deep Research by providing more details and insights.  Before this update, Gemini 1.5 Pro powered Deep Research and was only available on the $20-a-month Google One AI Premium plan. However, VentureBeat’s Carl Franzen found even this now less-powerful version to be a helpful research assistant.  A more personal Gemini Gemini 2.0 Flash Thinking Experimental will also power a new capability called personalization.  Personalization is precisely that: Responses will be more tailored to the user by referencing previous conversations or searches. To enable this level of personalization, Gemini connects to users’ Google apps and services, including Search and Photos. Google emphasized that it will use information from your Google apps only with permission.  “In the coming months, Gemini will expand its ability to understand you by connecting with other Google apps and services, including Photos and YouTube,” Dave Citron, senior director, product management, Gemini app, said in a blog post. “This will enable Gemini to provide more personalized insights, drawing from a broader understanding of your activities and preferences to deliver responses that truly resonate with you.” Since Gemini 2.0 Flash Thinking Experimental is built into the personalization feature, users can see an outline of which data sources the model is tapping to answer queries or to complete requests.  Gemini Advanced users can toggle other preferences they want the chatbot to remember, such as instructing it to refer to past conversations or reminding it of dietary restrictions. This allows Gemini to offer more natural and relevant responses. Of course, Google is not the only company that recognizes the importance of personalized and relevant responses. In November, Anthropic launched its Styles feature, which allows people to customize how Claude speaks to them.  More connected apps As personalization requires access to more data about the user, think of it as RAG, but for a Gemini user rather than an entire organization, with Google connecting more of its services to Gemini 2.0 Flash Thinking Experimental.  The model can tap apps like Calendar, Notes, Tasks and Photos.  “With this thinking model, Gemini can better tackle complex requests like prompts that involve multiple apps, because the new model can better reason over the overall request, break it down into distinct steps, and assess its own progress as it goes,” Citron said.  Google said that in a couple of weeks, Gemini will be able to look at photos in Google Photos and answer questions based on users’ images. It can create travel itineraries based on pictures from recent trips, and recall information like the expiration date for a driver’s license, or whether you happen to have taken a photo of milk in the store.  Integrating applications to provide more context to chatbot responses has been a big trend for AI companies. This has translated to giving chatbots access to developer environments or emails in the enterprise space. ChatGPT can open most IDEs so developers can bring their code from VSCode and query ChatGPT about it. Google’s coding helper, Code Assist, also connects to IDEs.  Google’s increasing app and service integration and personalizing Gemini underscore the importance of context and data in making these chatbots more useful, even if the query is just asking for a restaurant recommendation. source

Celebrating Excellence: The 2025 Enterprise Architecture Awards Forrester is thrilled to announce the opening of nominations for the 2025 global Enterprise Architecture Awards. In partnership with The Open Group, this year’s awards will again celebrate exceptional enterprise architecture (EA) practices that drive business transformation, enhance risk management, and improve customer experiences. As we embark on a new year of technological advancements, the importance of enterprise architecture in shaping organizational success has never been clearer. The awards recognize organizations that demonstrate how their EA frameworks have helped navigate challenges and fueled innovation. The EA Awards are part of Forrester’s global Technology Awards, which spotlight organizations pushing the boundaries of technology to drive business growth, and remain one of the key accolades in enterprise architecture. A Prestigious Legacy Of Excellence The Enterprise Architecture Awards have been an integral part of Forrester’s awards program since 2010. Last year’s winners, including Scotiabank in North America, DRÄXLMAIER Group in EMEA, and Contact Energy in APAC, demonstrated the depth of impact that a strong EA practice can have on an organization. These organizations were recognized for their ability to use EA to streamline operations, improve agility, reduce costs, and enhance customer and employee experiences. They exemplify the core pillars of successful enterprise architecture: accountability, collaboration, agility, and innovation. As we move forward into 2025, we continue to see a shift in the role of EA from a disengaged ivory tower to a hands-on, outcome-driven practice. In an era of rapid technological evolution, organizations with strong EA capabilities can better align their IT strategies with business objectives, empowering them to stay ahead of the curve. The Award Categories The 2025 Enterprise Architecture Awards will focus on the following criteria: Risk management: how effectively the EA practice manages and mitigates organizational risks, ensuring business continuity and compliance Cost efficiency: the impact of EA in driving operational savings, reducing waste, and maximizing resource allocation Customer experience and employee experience: the role of EA in improving both customer-facing services and internal organizational operations Business transformation: demonstrating how EA has supported the transformation of business models, technologies, and organizational processes to achieve measurable outcomes The awards will also feature special categories for innovations in generative AI and platform engineering, which are becoming increasingly vital in modern enterprise architectures. Last Year’s Winners In 2024, Forrester, in collaboration with The Open Group, recognized outstanding EA practices in three global regions. For example, Scotiabank in North America earned accolades for its use of EA to support its digital transformation, aligning its architecture with business goals to streamline operations and reduce costs. The DRÄXLMAIER Group in EMEA stood out for its commitment to agile, accountable, and influential EA practices, while Contact Energy in APAC demonstrated how EA can be a strategic enabler of both operational efficiency and business growth​. Steve Nunn, president and CEO of The Open Group, shared his thoughts on the importance of EA, saying, “The importance of enterprise architecture is as great as it has ever been, so we are glad to be part of celebrating best practice in the discipline. We look forward to seeing the innovative entries submitted this year and rewarding the outstanding work being done.” Why Enter? Winning the Enterprise Architecture Award not only brings global recognition but also provides valuable exposure to peers, industry experts, and stakeholders. It’s a chance to highlight the hard work, innovation, and transformation driven by EA teams. The 2025 winners will set the standard for excellence in the discipline, showcasing the vital role of EA in modern business operations. For more information and to submit your nomination, visit Forrester’s Technology & Innovation Summit websites for your region. How To Apply Organizations worldwide that have demonstrated success in applying outcome-driven enterprise architecture are encouraged to submit their nominations. The awards are open to companies with 1,000 or more employees, and submissions will be evaluated across the North America; Europe, the Middle East, and Africa (EMEA); and Asia Pacific (APAC) regions. The nomination deadline for each region will be as follows: APAC. Organizations in APAC can visit here to apply for Forrester’s Technology Strategy Impact and Enterprise Architecture Awards, with a submission deadline of May 27, 2025. Award recipients will be announced prior to and honored at Forrester’s Technology & Innovation Summit APAC, being held in Sydney and digitally, August 19, 2025. EMEA. Organizations in EMEA can visit here to apply for Forrester’s Technology Strategy Impact and Enterprise Architecture Awards, with a submission deadline of July 16, 2025. Award recipients will be announced prior to and honored at Forrester’s Technology & Innovation Summit EMEA, being held in London and digitally, October 8–10, 2025. North America. Organizations in North America can visit here to apply for Forrester’s Technology Strategy Impact, Enterprise Architecture, and Data & AI Impact Awards, with a submission deadline of July 16, 2025. Award recipients will be announced prior to and honored at Forrester’s Technology & Innovation Summit North America, being held in Austin, Texas, and digitally, November 2–5, 2025. Winners will be announced at Forrester’s Technology & Innovation Summits in each region later in the year. We invite technology leaders, including chief information officers, enterprise architects, and chief technology officers, to submit their entries and share how their EA practices have contributed to their organizations’ success. Resources Learn more about Forrester’s 2025 Technology Awards program. Register to attend Forrester’s Technology & Innovation Summits this year in North America, EMEA, and APAC. About Forrester Forrester (Nasdaq: FORR) is one of the most influential research and advisory firms in the world. We empower leaders in technology, customer experience, digital, marketing, sales, and product functions to be bold at work and accelerate growth through customer obsession. Our unique research and continuous guidance model helps executives and their teams achieve their initiatives and outcomes faster and with confidence. To learn more, visit Forrester.com. source

Image credit: NVIDIA During the NVIDIA GTC conference in San Jose, CA, the GPU giant announced two small supercomputers: the DGX Spark and DGX Station. Both supercomputers use the NVIDIA Blackwell Ultra platform and are targeted to developers, researchers, data scientists, and students training, running inference, and deploying large language models. “AI has transformed every layer of the computing stack. It stands to reason a new class of computers would emerge — designed for AI-native developers and to run AI-native applications,” said NVIDIA CEO and cofounder Jensen Huang in a press release. “With these new DGX personal AI computers, AI can span from cloud services to desktop and edge applications.” More must-read AI coverage DGX Spark has 784 GB of memory in a small package NVIDIA claimed the DGX Spark, previously known as Project Digits, is the world’s smallest supercomputer. The GB10 Grace Blackwell Superchip inside includes a Blackwell GPU that can perform 1,000 trillion operations per second of AI computing. NVIDIA NVLink-C2C interconnect technology hooks a CPU and the GPU together at five times the bandwidth of fifth-generation PCIe, NVIDIA said. From DGX Spark, users can export AI models to DGX Cloud or any accelerated cloud or data center infrastructure. SEE: Microsoft accidentally removed its Copilot AI assistant from some devices – and some users are glad to hear it. DGX Spark can run NVIDIA’s recently-announced GR00T N1 robotics foundation model, and the Cosmos world generation system that teaches AI-powered robots about the physical world. A waitlist is open now for the DGX Spark, which will cost $3,000. The DGX Spark will be produced by manufacturers including ASUS, Dell, and HP. DGX Station is built for desktop AI development The updated edition of the DGX Station will be available later this year from NVIDIA’s manufacturing partners, including ASUS, BOXX, Dell, HP, Lambda, and Supermicro. The price has not been disclosed. With the current-gen DGX Station, users receive 784 GB of coherent memory space, suitable for training and inferencing for large AI workloads. Inside is the NVIDIA GB300 Grace Blackwell Ultra Desktop Superchip, the Blackwell Ultra GPU, and the NVIDIA Grace CPU, all connected by the NVLink-C2C. Inside the supercomputer also sits an NVIDIA ConnectX-8 SuperNIC, which supports networking at up to 800Gb/s. It can link several DGX stations together for massive workloads or for making network-accelerated data transfers. Plus, the DGX Station interoperates with the NVIDIA CUDA-X AI platform for desktop AI development, the NVIDIA NIM microservices, and the NVIDIA AI Enterprise software platform. source

Image: garloon/Envato Images Senior officials from the U.K. have privately met with their U.S. counterparts to clarify that their request for access to encrypted data in Apple’s iCloud is not a blanket demand; instead, they are seeking access solely to data linked to individuals already involved in crimes such as terrorism, according to Bloomberg. People familiar with the matter told the publication that the British officials emphasized separate warrants would be required for each access request, ensuring they are strictly tied to investigations into serious crime within the U.K. They denied seeking wide-ranging powers to access anyone’s data for any reason, particularly that of U.S. residents, a claim that has fueled controversy. Must-read Apple coverage Apple fights back, restricts encryption for UK users In February, it was reported that the U.K. had asked Apple for a way to access user information that was covered under Advanced Data Protection, an optional security layer introduced in 2022. The Home Secretary’s office invoked the Investigatory Powers Act of 2016, which grants law enforcement the authority to compel companies to provide access to data as part of criminal investigations. The law also prevents Apple from publicly disclosing the request, issued as a Technical Capability Notice, or voicing its concerns to the public, effectively imposing a gag order on the company. In response, Apple took action weeks later, removing access to ADP encryption feature for U.K.-held devices. iPhone, iPad, and Mac users in the country can no longer sign up for ADP, and existing users must disable it manually to retain iCloud access. U.S. Director of National Intelligence Tulsi Gabbard has warned the U.K.’s demands may violate the CLOUD Act, which limits foreign governments from directly accessing encrypted data stored by U.S. companies. US lawmakers warn of free speech and privacy risks Earlier this month, Apple challenged the legality of the U.K. government’s access demands, arguing that compliance would jeopardise user privacy and set a dangerous precedent. “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption,” Apple wrote in a statement to Parliament. The statement, issued in response to proposed amendments to the U.K. Investigatory Powers Act, did not directly confirm the existence of the Technical Capability Notice. Gabbard has also raised concerns about the effective gag order the Investigatory Powers Act of 2016 imposes on Apple, which were reiterated by a bipartisan group of U.S. lawmakers this week. They have urged the U.K. to “remove the cloak of secrecy” surrounding the order, claiming that it is “violating the free speech rights of US companies and impairing Congress’ power and duty to conduct oversight on matters of national security.” Under President Donald Trump’s first term as president, the FBI protested Advanced Data Protection over similar concerns regarding law enforcement’s inability to access encrypted data — a barrier the U.K. is now attempting to bypass. Meanwhile, tech companies like Apple warn that creating a backdoor would increase the risk of abuse by criminals and authoritarian governments alike. source

For IT and support teams, a well-maintained knowledge base is the foundation of efficient service management. An extensive knowledge repository enables employees to quickly find answers to issues, thereby reducing downtime and improving productivity. When current, accurate knowledge is stored, categorized, and easily accessible, IT and support teams can avoid reinventing the wheel, ensuring that best practices and proven solutions are reused instead of being rediscovered repeatedly and inefficiently. However, maintaining a high-quality knowledge base is a challenge for many organizations. As information constantly evolves, support teams struggle to keep articles up to date, eliminate redundant or conflicting content, and ensure knowledge remains relevant and validated. When knowledge bases are poorly managed, employees are more likely to abandon self-service options and escalate issues to service teams, increasing workloads and driving up support costs. Generative and agentic AI are set to transform these processes by automating knowledge creation, curation, and maintenance. By leveraging advanced AI technologies, organizations can enhance self-service adoption, improve support team efficiency, and reduce operational costs. Generative and agentic AI transform knowledge management Building and maintaining a high-quality knowledge base has long been a challenge for IT and support teams. Without consistent updates, articles quickly become outdated or redundant, leading to inefficiencies and frustration for employees searching for answers. Traditional knowledge management requires significant manual effort — from documenting best practices to curating and validating content — which puts a strain on time and resources. This is where generative and agentic AI can transform processes, automating routine tasks and ensuring knowledge remains accurate, accessible, and actionable. There are several ways AI-powered solutions like BMC HelixGPT Knowledge Curator are transforming knowledge management: Automating knowledge creationGenerative AI can draft new knowledge articles by analyzing resolved incidents, support interactions, and historical data. AI can suggest structured, easy-to-understand articles that support teams can review and publish, significantly reducing the time required to document best practices and solutions. Enhancing knowledge curationAgentic AI can continuously monitor knowledge usage, identifying which articles are most helpful and which need updates. The technology can also recommend archiving or consolidating outdated or underutilized articles, ensuring that only the most relevant and effective content remains accessible. Deduplicating and consolidating contentAI can scan the knowledge base to detect duplicate or conflicting articles and merge them into a single, authoritative source, making reliable answers easier to find. Automating knowledge validationAI-driven validation processes can cross-check articles against the latest policies and best practices. Automated validation reduces the risk of incorrect information persisting in the knowledge base, ensuring employees always have access to accurate guidance. Delivering actionable, summarized answersInstead of requiring employees to browse lengthy documents, AI can provide concise, actionable summaries based on validated knowledge articles, enabling faster decision-making and minimizing the time employees spend searching for information. The benefits to support teams, employees, and the organization The adoption of generative and agentic AI in knowledge management benefits support teams, employees, and the organization. For IT and other support teams, AI automates knowledge creation and maintenance, reducing manual workloads, improving response times, and minimizing escalations. Employees gain faster self-service resolutions through AI-driven interfaces, accessing up-to-date knowledge without sifting through outdated information. Organizations see lower operational costs as AI reduces manual efforts, increases self-service adoption, and decreases ticket volume. With AI enabling employees to quickly find and act on information, businesses improve agility, ensuring IT and support teams can focus more on strategic initiatives rather than repetitive, routine support tasks. The future of knowledge and service management is AI-driven As AI capabilities continue to evolve, the role of generative and agentic AI in service management will expand. The integration of AI into knowledge management is not just an enhancement, it is also a transformation enabler. Generative and agentic AI provide the automation and intelligence needed to overcome traditional knowledge management challenges, delivering precise, actionable answers that empower employees and optimize support operations. By adopting AI-driven knowledge management, organizations can achieve higher productivity, lower costs, and better experiences that benefit everyone. For IT executives seeking to future-proof their organizations, BMC HelixGPT offers a glimpse into the potential of agentic AI. The question is no longer whether enterprises should adopt AI-driven service management, but how quickly can organizations embrace this transformative technology? To see how BMC Helix can help you transform enterprise IT work with agentic AI, visit here for more information or contact BMC. source

By Gina Kim ( March 18, 2025, 10:32 PM EDT) — The NBA has urged the U.S. Supreme Court to weigh in on a Second Circuit decision that revived a Video Privacy Protection Act suit alleging that the league shared video viewing activities of its website’s visitors with Meta, arguing that the plaintiff lacked standing since the information wasn’t publicly disseminated or highly personal…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source