NerdNews

The UK government has partnered with Google DeepMind to use AI for scientific breakthroughs and public services. The partnership includes access to AI models like AlphaGenome and AI Co-scientist, and the development of a new AI system called Gemini for Government.

The IT market has seen its largest increase in almost 30 years, with a 14% growth driven by artificial intelligence infrastructure investment. IDC forecasts IT spending to reach $4.25tn this year, with service providers investing heavily in AI deployment. Enterprise software spending is also expected to increase by 14%, with AI deployments driving investments in security, optimization, and analytics.

Fei-Fei Li's startup World Labs has launched Marble, a platform that allows users to create 3D environments from text, image, or video prompts. The goal is to create 'spatial intelligence' and enable AI systems to interact with the world in a more meaningful way. While the technology is still in its early stages, it has the potential to revolutionize various industries such as design, architecture, and education.

Google has elevated Amin Vahdat to chief technologist for AI infrastructure, a newly created position reporting directly to CEO Sundar Pichai. Vahdat has been building Google's AI backbone for 15 years and has been instrumental in developing custom TPU chips, the Jupiter network, and the Borg software system. This move signals the importance of AI infrastructure to Google's competitiveness and may also be a retention strategy for top AI talent.

ChatGPT has become the most downloaded free iPhone app in the US for 2025, surpassing popular apps like TikTok and Instagram. This indicates the growing penetration of AI in everyday life and potential disruption to Google's search market dominance.

Microsoft has fixed three zero-day vulnerabilities, including an elevation of privilege bug in the Windows Cloud Files Mini Filter Driver, an RCE vulnerability in PowerShell, and an RCE flaw in GitHub Copilot for Jetbrains. These vulnerabilities could allow attackers to gain system-level code execution, execute arbitrary code, and execute additional commands.

Mistral AI has released Devstral 2, a 123 billion parameter open-weights coding model, and Mistral Vibe, a command line interface for interacting with the model. Devstral 2 achieves a 72.2% score on the SWE-bench Verified benchmark, nearing proprietary rivals. The model is designed to work as part of an autonomous software engineering agent and can track framework dependencies, handle tasks like bug fixing, and modernize legacy systems.

Andra Lezza discusses strategies and practices for protecting data in AI assistants, including the OWASP AI Exchange threat model, copilot architectures, and threat landscapes. She emphasizes the importance of end-to-end security, architectural tradeoffs, and granular access control.

This article provides a comprehensive guide to Docker security best practices, including image security, container runtime security, network security, and secrets management. It also covers common pitfalls to avoid and provides a cheat sheet for quick implementation.

This article provides a cheat sheet for securing GitHub Actions, including controlling credentials, using specific action version tags, and avoiding plain-text secrets. It also covers advanced topics like monitoring and anomaly detection, hardening runners, and implementing OpenID Connect for cloud resource access.

The 2025 edition of re:Invent featured significant announcements in serverless space, including Lambda Managed Instances and Lambda Durable Functions. Werner Vogels' final keynote as Amazon CTO discussed the dawn of 'renaissance developer'. Other key announcements included new Graviton5 processors, Trainium3 UltraServers, and Database Savings Plans.

Amazon has expanded its same-day delivery service to include perishable groceries in 2,300 US cities. The service is free for Prime members on orders over $25 and includes a six-point quality check and temperature-controlled fulfillment network.

Google has launched fully managed MCP servers to make its services easier for AI agents to plug into. The move aims to solve the problem of connecting AI agents to external tools and data. The MCP servers will initially support Google Maps, BigQuery, Compute Engine, and Kubernetes Engine, with more services to be added in the future.

A zero-day bug in Gogs, a self-hosted Git service, is being actively exploited, with over 700 instances compromised. The bug, tracked as CVE-2025-8110, allows remote code execution and is exploited by creating a symbolic link to a sensitive target and overwriting it using the PutContents API.

Adobe has integrated its Photoshop, Acrobat, and Express apps with ChatGPT, allowing users to edit photos and PDFs by describing their desired changes. The apps are free to use and can be activated by typing the app name alongside an uploaded file and conversational instruction. This integration brings Adobe's Creative Cloud apps directly into ChatGPT, enabling users to create designs or adjust photos and PDFs without switching apps.

Rivian has spent nearly two years building its own AI assistant, which will be integrated with all vehicle controls. The company aims to develop an AI assistant that increases customer trust and engagement, using a hybrid software stack that combines edge AI and cloud AI.

Ford and Renault announced a partnership to produce two affordable Ford-branded electric vehicles in Europe by 2028, using Renault's Ampere technology platform. This move aims to help Ford remain competitive in the European market amid pressure from Chinese competitors.

As humanoid robots become more prevalent, security experts are warning of the risks of botnets on legs. With 3 billion robots expected to be in use by 2060, the potential for cyberattacks and data breaches is high. Experts are calling for increased security measures to be built into these robots to prevent such attacks.

A Ukrainian national, Victoria Eduardovna Dubranova, has been charged by US prosecutors for her alleged role in cyberattacks targeting critical infrastructure worldwide, including US water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. Dubranova pleaded not guilty and faces up to 27 years in prison if found guilty.

The Really Simple Licensing (RSL) spec has reached version 1.0, providing guidance on how to set machine-readable rules for crawlers. This spec allows web publishers to demand payment from AI scrapers, which could impact companies like Google. RSL builds upon the Robots Exclusion Protocol and provides a way to declare requirements for accessing and processing content, including a demand for compensation.