By Tom Zanki ( February 25, 2025, 5:01 PM EST) — A U.S. Securities and Exchange Commission advisory group is recommending the agency ease rules to allow qualifying venture funds to attract more investors without registering with the SEC, hoping to bolster capital available to small businesses…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

By Nadia Dreid ( February 27, 2025, 7:00 PM EST) — Television commercials might be getting too loud again, the Federal Communications Commission recognized Thursday when it voted to take a look at whether its rules about commercial volume are due for an update…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More In the wake of the disruptive debut of DeepSeek-R1, reasoning models have been all the rage so far in 2025. IBM is now joining the party, with the debut today of its Granite 3.2 large language model (LLM) family. Unlike other reasoning approaches such as DeepSeek-R1 or OpenAI’s o3, IBM is deeply embedding reasoning into its core open-source Granite models. It’s an approach that IBM refers to as conditional reasoning, where the step-by-step chain of thought (CoT) reasoning is an option within the models (as opposed to being a separate model). It’s a flexible approach where reasoning can be conditionally activated with a flag, allowing users to control when to use more intensive processing. The new reasoning capability builds on the performance gains IBM introduced with the release of the Granite 3.1 LLMs in Dec. 2024. IBM is also releasing a new vision model in the Granite 3.2 family specifically optimized for document processing. The model is particularly useful for digitizing legacy documents, a challenge many large organizations struggle with. Another enterprise AI challenge IBM aims to solve with Granite 3.2 is predictive modelling. Machine learning (ML) has been used for predictions for decades, but it hasn’t had the natural language interface and ease of use of modern gen AI. That’s where IBM’s Granite time series forecasting models fit in; they apply transformer technology to predict future values from time-based data. “Reasoning is not something a model is, it’s something a model does,” David Cox, VP for AI models at IBM Research, told VentureBeat. What IBM’s reasoning actually brings to enterprise AI While there has been no shortage of excitement and hype around reasoning models in 2025, reasoning for its own sake doesn’t necessarily provide value to enterprise users. The ability to reason in many respects has long been part of gen AI. Simply prompting an LLM to answer in a step-by-step approach triggers a basic CoT reasoning output. Modern reasoning in models like DeepSeek-R1 and now Granite 3.2 goes a bit deeper by using reinforcement learning to train and enable reasoning capabilities. While CoT prompts may be effective for certain tasks like mathematics, the reasoning capabilities in Granite 3.2 can benefit a wider range of enterprise applications. Cox noted that by encouraging the model to spend more time thinking, enterprises can improve complex decision-making processes. Reasoning can benefit software engineering tasks, IT issue resolution and other agentic workflows where the model can break down problems, make better judgments and recommend more informed solutions. IBM also claims that, with reasoning turned on, Granite 3.2 is able to outperform rivals including DeepSeek-R1 on instruction-following tasks. Not every query needs more reasoning; why conditional thinking matters Although Granite 3.2 has advanced reasoning capabilities, Cox stressed that not every query actually needs more reasoning. In fact, many types of common queries can actually be negatively impacted with more reasoning. For example, for a knowledge-based query, a standalone reasoning model like DeepSeek-R1 might spend up to 50 seconds on an internal monologue to answer a basic question like “Where is Rome?” One of the key innovations in Granite 3.2 is the introduction of a conditional thinking feature, which allows developers to dynamically activate or deactivate the model’s reasoning capabilities. This flexibility enables users to strike a balance between speed and depth of analysis, depending on the specific task at hand. Going a step further, the Granite 3.2 models benefit from a method developed by IBM’s Red Hat business unit that uses something called a “particle filter” to enable more flexible reasoning capabilities. This approach allows the model to dynamically control and manage multiple threads of reasoning, evaluating which ones are the most promising to arrive at the final result. This provides a more dynamic and adaptive reasoning process, rather than a linear CoT. Cox explained that this particle filter technique gives enterprises even more flexibility in how they can use the model’s reasoning capabilities. In the particle filter approach, there are many threads of reasoning occurring simultaneously. The particle filter is pruning the less effective approaches, focusing on the ones that provide better outcomes. So, instead of just doing CoT reasoning, there are multiple approaches to solving a problem. The model can intelligently navigate complex problems, selectively focusing on the most promising lines of reasoning. How IBM is solving real enterprise uses cases for documents Large organizations tend to have equally large volumes of documents, many of which were scanned years ago and now sitting in archives. All that data has been difficult to use with modern systems. The new Granite 3.2 vision model is designed to help solve that enterprise challenge. While many multimodal models focus on general image understanding, Granite 3.2’s vision capabilities are engineered specifically for document processing — reflecting IBM’s focus on solving tangible enterprise problems rather than chasing benchmark scores. The system targets what Cox described as “irrational amounts of old scanned documents” sitting in enterprise archives, particularly in financial institutions. These represent opaque data stores that have remained largely untapped despite their potential business value. For organizations with decades of paper records, the ability to intelligently process documents containing charts, figures and tables represents a substantial operational advantage over general-purpose multimodal models that excel at describing vacation photos but struggle with structured business documents. On enterprise benchmarks such as DocVQA and ChartQA, IBM Granite vision 3.2 shows strong results against rivals. Time series forecasting addresses critical business prediction needs Perhaps the most technically distinctive component of the release is IBM’s “tiny time mixers” (TTM)– specialized transformer-based models designed specifically for time series forecasting. However, time series forecasting, which enables predictive analytics and modelling, is not new. Cox noted that for various reasons, time series models have remained stuck in the older era of machine learning (ML) and have not benefited from the same attention of the newer, flashier gen AI models. The Granite TTM models apply the architectural innovations that powered

The third installment of The Forrester Wave™: Managed Detection And Response Services is now live, and there’s so much to love about the managed detection and response (MDR) services market: fantastic providers, engaged clients, and meaningful outcomes. This year is no different. Forrester clients can access the full report here. As we mentioned in Choose Your Own MDR Adventure Amid Ever-Expanding Services, the MDR market continues to evolve. New services have launched, vendors have consolidated, and some providers have taken a few steps backward as legacy managed security services provider-style services enter the MDR space to cloud an already fragmented market. Two of the biggest trends hitting MDR today are detection engineering and security posture management. Detection as code is all the rage for providers and rightfully so. Put simply, the only way to scale detection meaningfully as an MDR provider is to adopt detection-as-code methodologies. While MDR was born as a reactive service, it needs to become more proactive by assisting clients in making choices that improve their security posture. Providers are taking a key step forward in 2025 through a combination of exposure management, attack surface management, and system prioritization that helps teams improve their overall security posture. Stats About The Evaluative Research Process This blog is more than just a research announcement. I also want to share some statistics about what goes on behind the scenes during the evaluation process. And it is a process, not only within Forrester but also across the providers that participate. Throughout the Wave evaluation process, we: Read 290,000 characters of text or approximately 40,000+ words (many, many times). Attended approximately 13.5 hours of demonstration briefings. Interviewed customer references over 13.5 hours of calls. Reviewed over 400 slides. Examined 46 case studies. Assessed quotes for 10,000 endpoints ranging in price from $400K to $1,000,000+. Demonstration Scenarios As part of the evaluation, we asked providers to cover four scenarios during the demonstration portion. These also make excellent potential proof-of-concept cases. The four scenarios that participating vendors demonstrated during the evaluation are mapped to recent incidents happening around the time our research kicked off. The four scenarios are: Scenario 1: Insider Threat A threat actor poses as a newly hired employee and gains access. The employee passes through several rounds of interviews and background checks. Upon receipt of their corporate laptop, their user activity includes suspicious/anomalous login activity, system actions, and attempts at file transfers. Scenario 2: Account Takeover In SaaS Platform A threat actor gains access to an enterprise software-as-a-service (SaaS) platform via a valid user account and performs actions to gain access to and exfiltrate sensitive corporate data. Scenario 3: Social-Engineering Help Desk Teams To Gain Access A threat actor uses various social engineering techniques to obtain credentials and gain access, using existing or installing new remote access tools to persist with the goals of exfiltrating data and extorting funds from the compromised company. Scenario 4: Software Supply Chain Poisoning A threat actor takes over a commonly used third-party library that an enterprise uses in an application it sells and hosts via SaaS platforms for its customers. The third-party library is compromised and allows the adversary to access the client’s on-premises continuous integration and continuous delivery platform, as well as access to the source code for the application. Customize The Wave Based On What You Care About Forrester clients can browse to this site when logged in and select “Help me find a vendor” and then select what they care about most in an MDR provider. The site will return a ranked list that aligns to their selected priorities. Forrester’s transparency policy — we detail the full criteria, scale explanations, and scores — allows us to offer an interactive experience to help inform the choices our clients make about their providers. Unfortunately, I can’t show you the results, so there’s some blurring in the image that’s intentional. But as an example, let’s say that you care most about which providers are strongest at a few specific parts of MDR. Here, it’s core MDR capabilities: detection, investigation, and response. Here’s a screenshot of exactly those items prioritized:   Maybe you are more interested in the providers that can help you improve your metrics, security posture, and vulnerability management processes the most:   You can customize these as much as necessary to narrow down the right vendor for your circumstances. Forrester clients can read the full report, The Forrester Wave™: Managed Detection And Response Services, Q1 2025. If you have any additional questions, request an inquiry or guidance session with me. source

One positive development from the COVID-19 pandemic was that it forced companies to take hard looks at external supply chains to ensure they were reliable, secure and trustworthy, and that should one vendor fail, another could step in.  There were numerous supply chain misfires during the pandemic, and companies and consumers suffered and learned from the experience.  That brings us to IT.  The IT supply chain comes with its own set of risks, but it faces the same vulnerabilities corporate production supply chains encounter. One key difference is that organizations don’t regularly focus on those IT supply chains. While IT departments have active disaster recovery and failover plans, there are few that regularly vet vendors, or that audit their tech supply chains for resiliency.  Moody’s tells us, “Disruption in one part of the supply chain can have significant ripple effects, impacting businesses and economies across sectors and regions,” and the IT supply chain is no exception when it comes to risk.  I have seen these things firsthand:  A trustworthy vendor gets acquired by another vendor that IT has had poor past experience within the past. How easy is it to migrate to another new vendor?  A company suddenly and unexpectedly sunsets its technology and with it, the tech support. Can IT find a third party that will step in to support the old tech if the IT department had relied on the original vendor for its know-how, and doesn’t have the budget to move to another tech option?  Related:Bridging the Tech Gap: Fostering Cross-Generational Adoption There is a component shortage at the vendor, so IT is unable to upgrade routers on its network. Is there an alternative vendor?  IT has contracted with a service company to provide technical and user support for a multi-national application, but now the provider ceases operations in one of the countries where the company has a facility. What do you do now?  All are real-world examples that I’ve personally seen. They call into question the IT supply chain’s resiliency. When these incidents occurred, there was no ready route for IT to cure a supply chain conundrum, and the IT departments involved found themselves in difficult positions, having to “tough it out” with unsupported technologies, or pause certain technologies, and/or create workarounds for processes that no longer functioned.   No one likes to be in that position. So, are there tried and true supply chain methodologies that can be applied to the IT supply chain, too?  Yes, there are proven supply chain strategies and methods out there. Here are four of them:  Related:Tech Company Layoffs: The COVID Tech Bubble Bursts Assess your supply chain.   Who are your mission critical vendors? Do they present significant risks (for example, risk of a merger, or going out of business)? Where are your IT supply chain “weak links” (such as vendors whose products and services repeatedly fail). Are they impairing your ability to provide top-grade IT to the business?   What countries do you operate in? Are there technology and support issues that could emerge in those locations? Do you annually send questionnaires to vendors that query them so you can ascertain that they are strong, reliable and trustworthy suppliers? Do you request your auditors periodically review IT supply chain vendors for resiliency, compliance and security?  Those are a few questions that IT departments should ask when reviewing tech supply chains, but when I mention these to IT leaders, few tell me that they do them.  Mitigate the supply chain’s weak links.   If you have a mission-critical supplier and you find there are no alternative suppliers, you’re exposed to risk if that supplier gets acquired, goes out of business, or has a component shortfall and can’t deliver.  For any mission-critical sole source supplier, it’s incumbent on IT to locate alternate suppliers that can step in, and to be ready to use them if an emergency warrants it.  Related:The Top Habits of High-Performing IT Development Teams One key area is internet service providers (ISPs). Companies should always have more than one ISP so Internet service will remain uninterrupted.  Audit your suppliers.   Most enterprises include security and compliance checkpoints on their initial dealings with vendors, but few check back with the vendors on a regular basis after the contracts are signed.  Security and governance guidelines change from year to year. Have your IT vendors kept up? When was the last time you requested their latest security and governance audit reports from them?  Verifying that vendors stay in step with your company’s security and governance requirements should be done annually.  Include the IT supply chain in the corporate risk management plan.   Although companies include their production supply chains in their corporate risk management plans, they don’t consistently consider the IT supply chain and its risks.  Today’s digital companies won’t function if the IT isn’t working, so CIOs must push for the IT supply chain to be part of overall corporate risk management if it isn’t already.  source

As new technologies emerge, security measures often trail behind, requiring time to catch up. This is particularly true for Generative AI, which presents several inherent security challenges. Here are some of the key risks related to AI that organizations need to bear in mind. 1. No Delete Button The absence of a “delete button” in Generative AI technologies poses a serious security threat. Once personal or sensitive data is used in prompts or incorporated into the training set of these models, recovering or removing it becomes a daunting task. A data leak into an AI model is not just a breach; it leaves a permanent imprint. Therefore, protecting data against such irreversible exposure is more critical than ever. 2. No Access Control The lack of access control in Generative AI presents significant security risks in business environments. Not only is it wise to control unsanctioned AI apps but also control access and usage based on who is using AI and how.  This is because once information is transformed into embeddings (numerical representations showing relationships between data points), those can only be accessed in their entirety or not at all. This absence of Role-Based Access Control (RBAC) makes all data vulnerable, given there are no guardrails for who can access data, creating hazards in settings where restricted, role-based access is essential. 3. No Control Plane Generative AI technology often fails to separate its control and data planes, a fundamental security practice established in the 1990s. This oversight blurs the lines between different types of data—such as foundation model data, app training data, and user prompts—treating them all as a single entity. This merging increases AI’s vulnerability, as malicious user interactions like prompt injections or data poisoning can compromise the AI’s core, creating a potential danger zone for security breaches. 4. Chat Interface Challenges The integration of chat interfaces has made Generative AI more accessible and user-friendly, prompting many companies to adopt them for improved customer interaction. However, this shift introduces challenges. Unlike controlled interfaces with limited Natural Language Processing capabilities, chat interfaces allow unlimited user inputs, which can include harmful content or misuse of resources. For instance, a Chevrolet dealership experienced unexpected responses from their chat interface when abused by web visitors, underscoring the need for careful management and oversight. 5. Silent Gen AI Enablement Organizations typically have three options for incorporating AI: creating their own solutions, purchasing new products, or relying on existing vendors with integrated AI. However, the latter can lead to issues, as the data processed by these authorized tools often remains unclear. This concern, already prevalent with general AI, has intensified with the rise of Generative AI, which poses higher risks. Recent controversies, such as those surrounding Zoom’s use of AI that could access and store sensitive information shared during Zoom sessions, or concerns about applications like Grammarly, highlight the need for transparency and control in how AI implements data privacy in business settings. 6. Lack of Transparency The absence of transparency in training data for AI models poses a major security risk. If data sources are not well understood, hidden biases may influence the model’s outputs, leading to false information or unintended outcomes. Moreover, a lack of transparency can jeopardize user privacy, as individuals may be unaware of how their data is being used or exposed. Balancing security, privacy, and openness remains a challenging aspect of AI advancement. 7. Supply Chain Poisoning Using Generative AI in code generation carries significant risks, especially if the training data contains vulnerable code or if the AI model is compromised. This can create considerable threats in the supply chain, particularly in critical tasks like autopilot systems or automated code production. The risk of duplicating vulnerabilities or introducing new ones can have serious consequences for the reliability and safety of technological systems, especially since current Generative AI models lack built-in safeguards against this. 8. Lack of Watermarking The absence of established watermarking guidelines in Generative AI poses a severe security risk, particularly regarding deepfake production. Without effective watermarking, distinguishing between real and artificially generated content becomes increasingly difficult, raising the likelihood of spreading false information. Zscaler is protecting enterprises from Gen AI Threats While Generative AI offers transformative potential, it also brings fundamental security risks that must be addressed to ensure safety and reliability in its application. Zscaler is a prime example of an advanced security vendor that approaches securing Generative AI from the lens of having strong data protection capabilities, implementing strict access controls, delivering advanced threat detection, and a true Zero Trust security architecture designed to minimize risks by assuming no user or device is inherently trusted.  To learn more, visit us here. source

Germany’s armed forces have commissioned Bremen-based startup Polaris to develop a two-stage, fully reusable hypersonic space plane — and given the team just three years to build it.  Dubbed Aurora, the 28-metre-long aircraft will be part rocket, part plane — designed to take off and land on a runway but also blast through the atmosphere and place payloads up to 1-ton in low-Earth orbit.  Under the contract, the startup will design, build, and flight test the spaceplane. The aircraft will serve as a testbed for hypersonic flight and defence research. It could be used as a small satellite carrier if fitted with a non-reusable upper stage, Polaris said.  Polaris was founded in 2019 by Alexander Kopp as a spin-off from the German Aerospace Center (DLR). It builds upon over three decades of German and European spaceplane research.  The startup has already built three demonstrators of its Aurora spaceplane. The first, Mira I, crashed shortly after its inaugural flight. But the next two iterations — Mira-II and Mira-III — had better luck. These 5-meter-long vehicles, each weighing 240kg, have completed over 100 successful test flights since they first launched in September last year. The 💜 of EU tech The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now! The Mira prototype series relies on jet engines for takeoff, cruise, and landing, while incorporating an aerospike rocket engine for high-speed propulsion tests. First conceived in the 1960s, aerospike engines adjust to air pressure changes at all altitudes, making them more efficient than traditional designs. However, aerospikes never entered the mainstream because they are hard to cool and difficult to build. Polaris’ work on advanced cooling technologies and materials may just overcome past engineering challenges.  Polaris made history in October last year when it conducted the first-ever flight powered by an aerospike engine. The AS-1 engine was ignited in flight for three seconds aboard the Mira-II over the Baltic Sea, delivering a thrust of 900 Newtons and accelerating the 229kg vehicle to 864km/h.   The Mira’s future big sister Aurora, however, will be designed to reach hypersonic speeds above Mach 5 (over 6,125km/h) and beyond.  Spaceplanes like Aurora could prove a more cost-effective way to access space than rockets because they can take off from a conventional runway and be reused time and time again — just like a plane, but with more juice.   Polaris’ announcement comes days after Germany’s incoming Chancellor Friedrich Merz cast doubts over whether NATO would remain in its “current form,” urging Europe to increase defence spending.    source

By Christopher Cole ( February 24, 2025, 8:43 PM EST) — The Federal Communications Commission appears ready to make some changes to how it views the legal protections afforded to online platforms for content posted by their users…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Image: Microsoft Microsoft is officially retiring Skype on May 5, ending the app’s two-decade run as a pioneer in video calling. The move signals Microsoft’s full shift toward Teams, its all-in-one messaging and video platform. “At this point, putting all our focus behind Teams will let us give a simpler message and drive faster innovation,” Microsoft 365 collaborative apps and platforms President Jeff Teper told TechCrunch. Skype service will end on May 5 An XDA Developers reader first spotted a string of code inside Skype in Windows preview displaying a message about migration. The message says “Starting in May, Skype will no longer be available. Continue your calls and chats in Teams.” Microsoft confirmed the Skype shutdown in an official blog on Friday. “With Teams, users have access to many of the same core features they use in Skype, such as one-on-one calls and group calls, messaging, and file sharing,” Teper wrote. “Additionally, Teams offers enhanced features like hosting meetings, managing calendars, and building and joining communities for free.” SEE: A Slack outage this week stemmed from a problem in the Events API and an ongoing issue. What’s hot at TechRepublic Skype struggled to find a place next to Teams Once a dominant force in video communication, Skype has struggled to compete in a market now led by Zoom, Google Meet, and FaceTime. Despite seeing some growth during the 2020 lockdowns, Skype’s user base dwindled to 36 million by 2023, while Microsoft Teams surged to 320 million users. Microsoft offered a Skype for Business tier from 2015 to 2021; after 2021, it prioritized Teams as both a messaging and video solution on Windows 11. How to transition from Skype to Teams In the coming days, Skype users will be able to sign in to Teams using their existing Skype credentials. Members of the Teams and Skype Insider programs can make the switch immediately, with all Skype chats and contacts automatically appearing in Teams. Between now and May, Teams and Skype users will be able to call and chat across platforms. Skype data (chats, contacts, and call history) can be exported manually if the user wants to hang on to it instead of shifting it to Teams. However, Skype Credit and international calling subscriptions are no longer available. Existing Skype subscriptions will remain active until their next renewal date. The Skype Dial Pad will stay online for paid users, residing within the Skype web portal and in Teams. source