For decades, enterprises have allowed their workers to use whatever free browser they wanted to access the most sensitive files possible. CIOs believed that security software in the environment such as endpoint security apps or supposedly secure web gateways would deliver any needed protections.And until 2020, that view was somewhat valid. But when various pandemic-fueled changes hit the workplace, almost everything changed. But as extreme browser exposure became far more dangerous, the shift was so gradual that almost no one in IT noticed any danger. Those changes included massive numbers of new remote sites; skyrocketing shifts away from on-premises tools and apps to the cloud; and far more SaaS deployments.The browser issue here actually arises from two distinct problems: virtually no limits on which browser can be used and no protections at the enterprise level that sit atop those browsers.The first is the most bizarre.Somehow, IT permits any browser to be used in their sensitive environments. Can you imagine that being permitted for anything else? How many CIOs would tell workers they can use whichever VPN app they want, including free consumer-grade VPNs? Would an enterprise CIO be OK with someone in finance ignoring the corporate license for Excel and instead opting to put sensitive payroll details into a freeware spreadsheet found at a gaming site in China? Or maybe an employee could forego a company-paid Zoom account for discussions of that upcoming acquisition and use a freebie service no ones ever heard of?[Related: 10 tips for a secure browsing experience]IT typically maintains strict controls over all software that touches their privileged areas, but browsers are a security free-for-all?Lets delve briefly into the history. When graphical browsers first moved into the enterprise in large numbers (dont forget that the earliest browsers, such as Cello and Lynx, were pure text) around 1994, the goal was to make it as easy as possible for people to interact with the web. The internet at that point had been around for decades, but the web had only recently become popularized.The problem is that as environments became exponentially more complex and access to ultra-sensitive data soared, IT didnt stop to reconsider ancient browser policies.If IT admins were to choose one specific browser to mandate, controls would become light-years easier. They could even require users to access the latest version from IT, allowing for updates to be strictly maintained. Internal web pages could be designed for that browser, making it far more likely to deliver an identical experience for all users.I routinely run into secure areas where critical text (such as the next button) is offscreen. That means trying three or four browsers until one works. Imagine that problem disappearing simply by mandating one browser for all.That kind of corporate mandate brings up a few issues:Desktop vs. mobile. Some enterprises might need to consider standardizing on one browser for desktop and possibly a different browser for mobile.IT political issues. Some of the browsers with major market share are deeply integrated with one vendors environments, such as Google Chrome and Microsoft Edge. Depending on how your environments are integrated with different platforms, this could be an issue.Compliance. Some of the browser makers are more aggressive at pushing privacy and other data boundaries, especially when generative AI is involved. Standardizing on one of those might lead to corporate compliance issues, especially if you have a substantial presence in Western Europe, Australia or Canada.Geography. Beyond the compliance issues, there are language and other regional support issues to consider, especially if you have a major presence in Asia.That brings us to problem two. Browsers were never designed to be even a little bit secure in the early days and not much has changed today. Thats why IT needs to insist that something act as a secure layer between your environment and any browser even your hand-chosen favorite browser.Because the needs of every enterprise are different, theres no one-size-fits-all browser security solution. The browser security layer must play well with your existing systems and your particular compliance needs colored by geography and verticals are critical factors.The browser is the number one app that everyone is using. The browsers of today are much more powerful than the older versions, said Dor Zvi, CEO of security firm Red Access. They allow you to run Javascript, login and tokens and render HTML. The browser today is so powerful that it acts almost like an operating system.Zvi argues that there is a reason those browser capabilities are so dangerous.A lot of the attacks today can now happen entirely within the browser. It is happening inside the frame of the browser, which means it is not on the network side and not on the endpoint side. The browser now holds the cookies and tokens for all of your applications, he said. Lets say someone is trying to steal my Okta two-factor authentication. [The attacker] can run it by solely using the browser privileges and no one will ever know about it.Another problem with allowing any browser from around the world to access your systems involves browser extensions. In the same way Apple and Google cant adequately police their apps to detect and remove malicious ones, browser teams cant verify the legitimacy of extensions. A malicious browser often has unlimited access to everything the browser can do or see.Thats why standardizing on one browser is important; it allows IT to also rein in browser extensions.Its a lot to think about but preferably not right before bed.

Left to their own devices, an army of AI characters didnt just survive they thrived. They developed in-game jobs, shared memes, voted on tax reforms and even spread a religion.The experiment played out on the open-world gaming platform Minecraft, where up to 1000 software agents at a time used large language models (LLMs) to interact with one another. Given just a nudge through text prompting, they developed a remarkable range of personality traits, preferences and specialist roles, with no further inputs from their human creators.The work, from AI startup Altera, is part of a broader field that wants to use simulated agents to model how human groups would react to new economic policies or other interventions.But for Alteras founder, Robert Yang, who quit his position as an assistant professor in computational neuroscience at MIT to start the company, this demo is just the beginning. He sees it as an early step towards large-scale AI civilizations that can coexist and work alongside us in digital spaces. The true power of AI will be unlocked when we have actually truly autonomous agents that can collaborate at scale, says Yang.Yang was inspired by Stanford University researcher Joon Sung Park who, in 2023, found that surprisingly humanlike behaviors arose when a group of 25 autonomous AI agents was let loose to interact in a basic digital world.Once his paper was out, we started to work on it the next week, says Yang. I quit MIT six months after that.Yang wanted to take the idea to its extreme. We wanted to push the limit of what agents can do in groups autonomously.ALTERAAltera quickly raised more than $11m in funding from investors including A16Z and the former Google CEO Eric Schmidts emerging tech VC firm. Earlier this year Altera released its first demo: an AI-controlled character in Minecraft that plays alongside you.Alteras new experiment, Project Sid, uses simulated AI agents equipped with brains made up of multiple modules. Some modules are powered by LLMs and designed to specialize in certain tasks, such as reacting to other agents, speaking, or planning the agents next move.The team started small, testing groups of around 50 agents in Minecraft to observe their interactions. Over 12 in-game days (4 real-world hours) the agents began to exhibit some interesting emergent behavior. For example, some became very sociable and made many connections with other characters, while others appeared more introverted. The likability rating of each agent (measured by the agents themselves) changed over time as the interactions continued. The agents were able to track these social cues and react to them: in one case an AI chef tasked with distributing food to the hungry gave more to those who he felt valued him most.More humanlike behaviors emerged in a series of 30-agent simulations. Despite all the agents starting with the same personality and same overall goalto create an efficient village and protect the community against attacks from other in-game creaturesthey spontaneously developed specialized roles within the community, without any prompting. They diversified into roles such as builder, defender, trader, and explorer. Once an agent had started to specialize, its in-game actions began to reflect its new role. For example, an artist spent more time picking flowers, farmers gathered seeds and guards built more fences.We were surprised to see that if you put [in] the right kind of brain, they can have really emergent behavior, says Yang. Thats what we expect humans to have, but dont expect machines to have.Yangs team also tested whether agents could follow community-wide rules. They introduced a world with basic tax laws and allowed agents to vote for changes to the in-game taxation system. Agents prompted to be pro or anti tax were able to influence the behavior of other agents around them, enough that they would then vote to reduce or raise tax depending on who they had interacted with.The team scaled up, pushing the number of agents in each simulation to the maximum the Minecraft server could handle without glitching, up to 1000 at once in some cases. In one of Alteras 500-agent simulations, they watched how the agents spontaneously came up with and then spread cultural memes (such as a fondness for pranking, or an interest in eco-related issues) among their fellow agents. The team also seeded a small group of agents to try to spread the (parody) religion, Pastafarianism, around different towns and rural areas that made up the in-game world, and watched as these Pastafarian priests converted many of the agents they interacted with. The converts went on to spread Pastafarianism (the word of the Church of the Flying Spaghetti Monster) to nearby towns in the game world.The way the agents acted might seem eerily lifelike, but really all they are doing is regurgitating patterns the LLMshave learned from being trained on human-created data on the internet. The takeaway is that LLMs have a sophisticated enough model of human social dynamics [to] mirror these human behaviors, says Altera co-founder Andrew Ahn.ALTERAIn other words, the data makes them excellent mimics of human behavior, but they are in no way alive.But Yang has grander plans. Altera plans to expand into Roblox next, but Yang hopes to eventually move beyond game worlds altogether. Ultimately, his goal is a world in which humans dont just play alongside AI characters, but also interact with them in their day-to-day lives. His dream is to create a vast number of digital humans who actually care for us and will work with us to help us solve problems, as well as keep us entertained. We want to build agents that can really love humans (like dogs love humans, for example), he says.This viewpointthat AI could love usis pretty controversial in the field, with many experts arguing its not possible to recreate emotions in machines using current techniques. AI veteran Julian Togelius, for example, who runs games testing company Modl.ai, says he likes Alteras work, particularly because it lets us study human behavior in simulation. But could these simulated agents ever learn to care for us, love us, or become self-aware? Togelius doesnt think so. There is no reason to believe a neural network running on a GPU somewhere experiences anything at all, he says.But maybe AI doesnt have to love us for real to be useful.If the question is whether one of these simulated beings could appear to care, and do it so expertly that it would have the same value to someone as being cared for by a human, that is perhaps not impossible, Togelius adds. You could create a good-enough simulation of care to be useful. The question is whether the person being cared for would care that the carer has no experiences.In other words, so long as our AI characters appear to care for us in a convincing way, that might be all we really care about.

Every time a new AI model is released, its typically touted as acing its performance against a series of benchmarks. OpenAIs GPT-4o, for example, was launched in May with a compilation of results that showed its performance topping every other AI companys latest model in several tests.The problem is that these benchmarks are poorly designed, the results hard to replicate, and the metrics they use are frequently arbitrary, according to new research. That matters because AI models scores against these benchmarks will determine the level of scrutiny and regulation they receive.It seems to be like the Wild West because we dont really have good evaluation standards, says Anka Reuel, an author of the paper, who is a PhD student in computer science at Stanford University and a member of its Center for AI Safety.A benchmark is essentially a test that an AI takes. It can be in a multiple-choice format like the most popular one, the Massive Multitask Language Understanding benchmark, known as the MMLU, or it could be an evaluation of AIs ability to do a specific task or the quality of its text responses to a set series of questions.AI companies frequently cite benchmarks as testament to a new models success. The developers of these models tend to optimize for the specific benchmarks, says Anna Ivanova, professor of psychology at the Georgia Institute of Technology and head of its Language, Intelligence, and Thought (LIT) lab, who was not involved in the Stanford research.These benchmarks already form part of some governments plans for regulating AI. For example, the EU AI Act, which goes into force in August 2025, references benchmarks as a tool to determine whether or not a model demonstrates systemic risk; if it does, it will be subject to higher levels of scrutiny and regulation. The UK AI Safety Institute references benchmarks in Inspect, which is its framework for evaluating the safety of large language models.But right now, they might not be good enough to use that way. Theres this potential false sense of safety were creating with benchmarks if they arent well designed, especially for high-stakes use cases, says Reuel. It may look as if the model is safe, but it is not.Given the increasing importance of benchmarks, Reuel and her colleagues wanted to look at the most popular examples to figure out what makes a good oneand whether the ones we use are robust enough. The researchers first set out to verify the benchmark results that developers put out, but often they couldnt reproduce them. To test a benchmark, you typically need some instructions or code to run it on a model. Many benchmark creators didnt make the code to run their benchmark publicly available. In other cases, the code was outdated.Benchmark creators often dont make the questions and answers in their data set publicly available either. If they did, companies could just train their model on the benchmark; it would be like letting a student see the questions and answers on a test before taking it. But that makes them hard to evaluate.Another issue is that benchmarks are frequently saturated, which means all the problems have been pretty much been solved. For example, lets say theres a test with simple math problems on it. The first generation of an AI model gets a 20% on the test, failing. The second generation of the model gets 90% and the third generation gets 93%. An outsider may look at these results and determine that AI progress has slowed down, but another interpretation could just be that the benchmark got solved and is no longer that great a measure of progress. It fails to capture the difference in ability between the second and third generations of a model.One of the goals of the research was to define a list of criteria that make a good benchmark. Its definitely an important problem to discuss the quality of the benchmarks, what we want from them, what we need from them, says Ivanova. The issue is that there isnt one good standard to define benchmarks. This paper is an attempt to provide a set of evaluation criteria. Thats very useful.The paper was accompanied by the launch of a website, BetterBench, that ranks the most popular AI benchmarks. Rating factors include whether or not experts were consulted on the design, whether the tested capability is well defined, and other basicsfor example, is there a feedback channel for the benchmark, or has it been peer-reviewed?The MMLU benchmark had the lowest ratings. I disagree with these rankings. In fact, Im an author of some of the papers ranked highly, and would say that the lower ranked benchmarks are better than them, says Dan Hendrycks, director of CAIS, the Center for AI Safety, and one of the creators of the MMLU benchmark. That said, Hendrycks still believes that the best way to move the field forward is to build better benchmarks.Some think the criteria may be missing the bigger picture. The paper adds something valuable. Implementation criteria and documentation criteriaall of this is important. It makes the benchmarks better, says Marius Hobbhahn, CEO of Apollo Research, a research organization specializing in AI evaluations. But for me, the most important question is, do you measure the right thing? You could check all of these boxes, but you could still have a terrible benchmark because it just doesnt measure the right thing.Essentially, even if a benchmark is perfectly designed, one that tests the models ability to provide compelling analysis of Shakespeare sonnets may be useless if someone is really concerned about AIs hacking capabilities.Youll see a benchmark thats supposed to measure moral reasoning. But what that means isnt necessarily defined very well. Are people who are experts in that domain being incorporated in the process? Often that isnt the case, says Amelia Hardy, another author of the paper and an AI researcher at Stanford University.There are organizations actively trying to improve the situation. For example, a new benchmark from Epoch AI, a research organization, was designed with input from 60 mathematicians and verified as challenging by two winners of the Fields Medal, which is the most prestigious award in mathematics. The participation of these experts fulfills one of the criteria in the BetterBench assessment. The current most advanced models are able to answer less than 2% of the questions on the benchmark, which means theres a significant way to go before it is saturated.We really tried to represent the full breadth and depth of modern math research, says Tamay Besiroglu, associate director at Epoch AI. Despite the difficulty of the test, Besiroglu speculates it will take only around four years for AI models to saturate the benchmark, scoring higher than 80%.And Hendrycks organization, CAIS, is collaborating with Scale AI to create a new benchmark that he claims will test AI models against the frontier of human knowledge, dubbed Humanitys Last Exam, HLE. HLE was developed by a global team of academics and subject-matter experts, says Hendrycks. HLE contains unambiguous, non-searchable, questions that require a PhD-level understanding to solve. If you want to contribute a question, you can here.Although there is a lot of disagreement over what exactly should be measured, many researchers agree that more robust benchmarks are needed, especially since they set a direction for companies and are a critical tool for governments.Benchmarks need to be really good, Hardy says. We need to have an understanding of what really good means, which we dont right now.

A new record low price has landed on Apple's 2024 iPad mini 7, with the $100 discount arriving right before Black Friday.Get the lowest price ever on Apple's new iPad mini 7.All four iPad mini 6 colors are on sale for $399.99 at Amazon this Wednesday when you clip an on-page coupon, delivering the best iPad mini 7 deal we've seen since the device launched in October.$399 at Amazon Continue Reading on AppleInsider | Discuss on our Forums

Drake has started a beef with Apple, claiming that Siri has been bribed to play Kendrick Lamar's "Not Like Us", even when you ask for "Certified Lover Boy."Cover of Drake's "Certified Lover Boy" album which Siri allegedly hides from you image credit: DrakeBack when radio stations didn't sound identical across the nation, there was the problem of payola where a DJ could be paid to promote certain songs. Rapper Drake believes this is still continuing to this day but that the name of the DJ in question is Siri."On information and belief, UMG [Universal Music Group] paid, or approved payments to, Apple Inc. to have its voice-activated digital assistant 'Siri' purposely misdirect users to 'Not Like Us,'" says a court filing by Drake's lawyers. "Online sources reported that when users asked Siri to play the album 'Certified Loverboy' by recording artist Aubrey Drake Graham d/b/a [doing business as] Drake, Siri instead played 'Not Like Us,' which contains the lyric 'certified pedophile,' an allegation against Drake." Continue Reading on AppleInsider | Discuss on our Forums

Kor Architects Seattle Sound Penthouse in Washington, USA, is a refined example of minimalist design, focusing on expansive views across the waterhttps://www.e-architect.com/seattle/seattle-sound-penthouse-washington-property#architects #seattle #penthouseliving #washingtonstate #USA #architecture

The Yuekai Asset Management Tower, designed by Aedas Architects in Guangzhou, China, is a beacon of architectural vitality on the Pearl Riverhttps://www.e-architect.com/guangzhou/yuekai-asset-management-tower-guangzhou#tower #architects #guangzhou #china #architectureThe Yuekai Asset Management Tower, designed by Aedas Architects in Guangzhou, is a beacon of architectural vitality on the Pearl River

While big architectural gestures commonly feature glass and steel, those building with the material hope to show that hemp can be grand in its own right.The Guardian points out Public Realm Labs Powerhouse Place, the recently named winner of the National Award for Sustainable Architecture at the 2024 National Architecture Awards, as an example of Australias embrace of hempcrete and other hemp products as alternative building materials. Hemp is gaining in popularity in the United States after being effectively outlawed until a 2018 federal reclassification paved the way for it to be added to the U.S. building code appendix in 2022.Back down under, Public Realm Labs co-founder Anna Maskiell tells the outlet: "We were really sick of designing buildings that were just less bad, tinkering around the edges with solar panels and that kind of thing. We were really on this mission to try to find a material that was truly regenerative. Its a very different way of working, but we think theres a lot of efficiencies in it."

The New York Times recently outlined some of the facts underpinning NYCs housing crisis ahead of an upcoming final City Council vote on Mayor Eric Adams amended City of Yes zoning overhaul plan for 80,000 new residential units on December 5th.Among the interesting takeaways: only 10% of zoned residential lots allow for the construction of high- or moderate-density buildings through "as of right" development. The plan also calls for ADUs and a framework to fund office conversions, which account for 20,000 units.Currently, the rate of new apartment construction in the city is still at historic lows. The Regional Plan Association estimates there will have to be 473,000 more units of housing by 2032 to match its current needs.(h/t Forbes.)

Architecture Research Office (ARO) clad a school with Ironspot brick that makes the building feel modern and timeless, much like the work of C. B. J. Snyder, an architect who served as superintendent of New York public schools.Architecture Research Office (ARO) designed two schools in Brooklyn that share facilities. The building is the first passive house school in New York City.