Email authentication protocols like SPF, DKIM, and DMARC play a critical role in protecting domains from spoofing and phishing. However, when SEGs are introduced into the email path, the interaction with these protocols becomes more complex. Security gateways(SEGs) are a core part of many organizations’ email infrastructure. They act as intermediaries between the public internet and internal mail systems, inspecting, filtering, and routing messages. This blog examines how security gateways handle SPF, DKIM, and DMARC, with real-world examples from popular gateways such as Proofpoint, Mimecast, and Avanan. We’ll also cover best practices for maintaining authentication integrity and avoiding misconfigurations that can compromise email authentication or lead to false DMARC failures. Security gateways often sit at the boundary between your organization and the internet, managing both inbound and outbound email traffic. Their role affects how email authentication protocols behave. An inbound SEG examines emails coming into your organization. It checks SPF, DKIM, and DMARC to determine if the message is authentic and safe before passing it to your internal mail servers. An outbound SEG handles emails sent from your domain. It may modify headers, rewrite envelope addresses, or even apply DKIM signing. All of these can impact SPF,  DKIM, or DMARC validation on the recipient’s side. Understanding how SEGs influence these flows is crucial to maintaining proper authentication and avoiding unexpected DMARC failures. Inbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When an email comes into your organization, your security gateway is the first to inspect it. It checks whether the message is real, trustworthy, and properly authenticated. Let’s look at how different SEGs handle these checks. Avanan (by Check Point) SPF: Avanan verifies whether the sending server is authorized to send emails for the domain by checking the SPF record. DKIM: It verifies if the message was signed by the sending domain and if that signature is valid. DMARC: It uses the results of the SPF and DKIM check to evaluate DMARC. However, final enforcement usually depends on how DMARC is handled by Microsoft 365 or Gmail, as Avanan integrates directly with them. Avanan offers two methods of integration:1. API integration: Avanan connects via APIs, no change in MX, usually Monitor or Detect modes.2. Inline integration: Avanan is placed inline in the mail flow (MX records changed), actively blocking or remediating threats. Proofpoint Email Protection SPF: Proofpoint checks SPF to confirm the sender’s IP is authorized to send on behalf of the domain. You can set custom rules (e.g. treat “softfail” as “fail”). DKIM: It verifies DKIM signatures and shows clear pass/fail results in logs. DMARC: It fully evaluates DMARC by combining SPF and DKIM results with alignment checks. Administrators can configure how to handle messages that fail DMARC, such as rejecting, quarantining, or delivering them. Additionally, Proofpoint allows whitelisting specific senders you trust, even if their emails fail authentication checks. Integration Methods Inline Mode: In this traditional deployment, Proofpoint is positioned directly in the email flow by modifying MX records. Emails are routed through Proofpoint’s infrastructure, allowing it to inspect and filter messages before they reach the recipient’s inbox. This mode provides pre-delivery protection and is commonly used in on-premises or hybrid environments. API-Based (Integrated Cloud Email Security – ICES) Mode: Proofpoint offers API-based integration, particularly with cloud email platforms like Microsoft 365 and Google Workspace. In this mode, Proofpoint connects to the email platform via APIs, enabling it to monitor and remediate threats post-delivery without altering the email flow. This approach allows for rapid deployment and seamless integration with existing cloud email services. Mimecast SPF: Mimecast performs SPF checks to verify whether the sending server is authorized by the domain’s SPF record. Administrators can configure actions for SPF failures, including block, quarantine, permit, or tag with a warning. This gives flexibility in balancing security with business needs. DKIM: It validates DKIM signatures by checking that the message was correctly signed by the sending domain and that the content hasn’t been tampered with. If the signature fails, Mimecast can take actions based on your configured policies. DMARC: It fully evaluates DMARC by combining the results of SPF and DKIM with domain alignment checks. You can choose to honor the sending domain’s DMARC policy (none, quarantine, reject) or apply custom rules, for example, quarantining or tagging messages that fail DMARC regardless of the published policy. This allows more granular control for businesses that want to override external domain policies based on specific contexts. Integration Methods Inline Deployment: Mimecast is typically deployed as a cloud-based secure email gateway. Organizations update their domain’s MX records to point to Mimecast, so all inbound (and optionally outbound) emails pass through it first. This allows Mimecast to inspect, filter, and process emails before delivery, providing robust protection. API Integrations: Mimecast also offers API-based services through its Mimecast API platform, primarily for management, archival, continuity, and threat intelligence purposes. However, API-only email protection is not Mimecast’s core model. Instead, the APIs are used to enhance the inline deployment, not replace it. Barracuda Email Security Gateway SPF: Barracuda checks the sender’s IP against the domain’s published SPF record. If the check fails, you can configure the system to block, quarantine, tag, or allow the message, depending on your policy preferences. DKIM: It validates whether the incoming message includes a valid DKIM signature. The outcome is logged and used to inform further policy decisions or DMARC evaluations. DMARC: It combines SPF and DKIM results, checks for domain alignment, and applies the DMARC policy defined by the sender. Administrators can also choose to override the DMARC policy, allowing messages to pass or be treated differently based on organizational needs (e.g., trusted senders or internal exceptions). Integration Methods Inline mode (more common and straightforward): Barracuda Email Security Gateway is commonly deployed inline by updating your domain’s MX records to point to Barracuda’s cloud or on-premises gateway. This ensures that all inbound emails pass through Barracuda first for filtering and SPF, DKIM, and DMARC validation before being delivered to your mail servers. Deployment Behind the Corporate Firewall: Alternatively, Barracuda can be deployed in transparent or bridge mode without modifying MX records. In this setup, the gateway is placed inline at the network level, such as behind a firewall, and intercepts mail traffic transparently. This method is typically used in complex on-premises environments where changing DNS records is not feasible. Cisco Secure Email (formerly IronPort) Cisco Secure Email acts as an inline gateway for inbound email, usually requiring your domain’s MX records to point to the Cisco Email Security Appliance or cloud service. SPF: Cisco Secure Email verifies whether the sending server is authorized in the sender domain’s SPF record. Administrators can set detailed policies on how to handle SPF failures. DKIM: It validates the DKIM signature on incoming emails and logs whether the signature is valid or has failed. DMARC: It evaluates DMARC by combining SPF and DKIM results along with domain alignment checks. Admins can configure specific actions, such as quarantine, reject, or tag, based on different failure scenarios or trusted sender exceptions. Integration methods On-premises Email Security Appliance (ESA): You deploy Cisco’s hardware or virtual appliance inline, updating MX records to route mail through it for filtering. Cisco Cloud Email Security: Cisco offers a cloud-based email security service where MX records are pointed to Cisco’s cloud infrastructure, which filters and processes inbound mail. Cisco Secure Email also offers advanced, rule-based filtering capabilities and integrates with Cisco’s broader threat protection ecosystem, enabling comprehensive inbound email security. Outbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When your organization sends emails, security gateways can play an active role in processing and authenticating those messages. Depending on the configuration, a gateway might rewrite headers, re-sign messages, or route them through different IPs – all actions that can help or hurt the authentication process. Let’s look at how major SEGs handle outbound email flow. Avanan – Outbound Handling and Integration Methods Outbound Logic Avanan analyzes outbound emails primarily to detect data loss, malware, and policy violations. In API-based integration, emails are sent directly by the original mail server (e.g., Microsoft 365 or Google Workspace), so SPF and DKIM signatures remain intact. Avanan does not alter the message or reroute traffic, which helps maintain full DMARC alignment and domain reputation. Integration Methods 1. API Integration: Connects to Microsoft 365 or Google Workspace via API. No MX changes are needed. Emails are scanned after they are sent, with no modification to SPF, DKIM, or the delivery path.  How it works: Microsoft Graph API or Google Workspace APIs are used to monitor and intervene in outbound emails. Protection level: Despite no MX changes, it can offer inline-like protection, meaning it can block, quarantine, or encrypt emails before they are delivered externally. SPF/DKIM/DMARC impact: Preserves original headers and signatures since mail is sent directly from Microsoft/Google servers. 2. Inline Integration: Requires changing MX records to route email through Avanan. In this mode, Avanan can intercept and inspect outbound emails before delivery. Depending on the configuration, this may affect SPF or DKIM if not properly handled. How it works: Requires adding Avanan’s Protection level: Traditional inline security with full visibility and control, including encryption, DLP, policy enforcement, and advanced threat protection. SPF/DKIM/DMARC impact: SPF configuration is needed by adding Avanan’s include mechanism to the sending domain’s SPF record. The DKIM record of the original sending source is preserved. For configurations, you can refer to the steps in this blog. Proofpoint – Outbound Handling and Integration Methods Outbound Logic Proofpoint analyzes outbound emails to detect and prevent data loss (DLP), to identify advanced threats (malware, phishing, BEC) originating from compromised internal accounts, and to ensure compliance. Their API integration provides crucial visibility and powerful remediation capabilities, while their traditional gateway (MX record) deployment delivers true inline, pre-delivery blocking for outbound traffic. Integration methods 1. API Integration: No MX record changes are required for this deployment method. Integration is done with Microsoft 365 or Google Workspace. How it works: Through its API integration, Proofpoint gains deep visibility into outbound emails and provides layered security and response features, including: Detect and alert: Identifies sensitive content (Data Loss Prevention violations), malicious attachments, or suspicious links in outbound emails. Post-delivery remediation (TRAP): A key capability of the API model is Threat Response Auto-Pull (TRAP), which enables Proofpoint to automatically recall, quarantine, or delete emails after delivery. This is particularly useful for internally sent messages or those forwarded to other users. Enhanced visibility: Aggregates message metadata and logs into Proofpoint’s threat intelligence platform, giving security teams a centralized view of outbound risks and user behavior. Protection level: API-based integration provides strong post-delivery detection and response, as well as visibility into DLP incidents and suspicious behavior.  SPF/DKIM/DMARC impact: Proofpoint does not alter SPF, DKIM, or DMARC because emails are sent directly through Microsoft or Google servers. Since Proofpoint’s servers are not involved in the actual sending process, the original authentication headers remain intact. 2. Gateway Integration (MX Record/Smart Host): This method requires updating MX records or routing outbound mail through Proofpoint via a smart host. How it works: Proofpoint acts as an inline gateway, inspecting emails before delivery. Inbound mail is filtered via MX changes; outbound mail is relayed through Proofpoint’s servers. Threat and DLP filtering: Scans outbound messages for sensitive content, malware, and policy violations. Real-time enforcement: Blocks, encrypts, or quarantines emails before they’re delivered. Policy controls: Applies rules based on content, recipient, or behavior. Protection level: Provides strong, real-time protection for outbound traffic with pre-delivery enforcement, DLP, and encryption. SPF/DKIM/DMARC impact: Proofpoint becomes the sending server: SPF: You need to configure ProofPoint’s SPF. DKIM: Can sign messages; requires DKIM setup. DMARC: DMARC passes if SPF and DKIM are set up properly. Please refer to this article to configure SPF and DKIM for ProofPoint. Mimecast – Outbound Handling and Integration Methods Outbound Logic Mimecast inspects outbound emails to prevent data loss (DLP), detect internal threats such as malware and impersonation, and ensure regulatory compliance. It primarily functions as a Secure Email Gateway (SEG), meaning it sits directly in the outbound email flow. While Mimecast offers APIs, its core outbound protection is built around this inline gateway model. Integration Methods 1. Gateway Integration (MX Record change required) This is Mimecast’s primary method for outbound email protection. Organizations route their outbound traffic through Mimecast by configuring their email server (e.g., Microsoft 365, Google Workspace, etc.) to use Mimecast as a smart host. This enables Mimecast to inspect and enforce policies on all outgoing emails in real time. How it works: Updating outbound routing in your email system (smart host settings), or Using Mimecast SMTP relay to direct messages through their infrastructure. Mimecast then scans, filters, and applies policies before the email reaches the final recipient. Protection level: Advanced DLP: Identifies and prevents sensitive data leaks. Impersonation and Threat Protection: Blocks malware, phishing, and abuse from compromised internal accounts. Email Encryption and Secure Messaging: Applies encryption policies or routes messages via secure portals. Regulatory Compliance: Enforces outbound compliance rules based on content, recipient, or metadata. SPF/DKIM/DMARC impact: SPF: Your SPF record must include Mimecast’s SPF mechanism based on your region to avoid SPF failures. DKIM: A new DKIM record should be configured to make sure your emails are DKIM signed when routing through Mimecast. DMARC: With correct SPF and DKIM setup, Mimecast ensures DMARC alignment, maintaining your domain’s sending reputation. Please refer to the steps in this detailed article to set up SPF and DKIM for Mimecast. 2. API Integration (Complementary to Gateway) Mimecast’s APIs complement the main gateway by providing automation, reporting, and management tools rather than handling live outbound mail flow. They allow you to manage policies, export logs, search archived emails, and sync users. APIs enhance visibility and operational tasks but do not provide real-time filtering or blocking of outbound messages. Since APIs don’t process live mail, they have no direct effect on SPF, DKIM, or DMARC; those depend on your gateway (smart host) setup. Barracuda – Outbound Handling and Integration Methods Outbound Logic Barracuda analyzes outbound emails to prevent data loss (DLP), block malware, stop phishing/impersonation attempts from compromised internal accounts, and ensure compliance. Barracuda offers flexible deployment options, including both traditional gateway (MX record) and API-based integrations. While both contribute to outbound security, their roles are distinct. Integration Methods 1. Gateway Integration (MX Record / Smart Host) — Primary Inline Security How it works: All outbound emails pass through Barracuda’s security stack for real-time inspection, threat blocking, and policy enforcement before delivery. Protection level: Comprehensive DLP (blocking, encrypting, or quarantining sensitive content)  Outbound spam and virus filtering  Enforcement of compliance and content policies This approach offers a high level of control and immediate threat mitigation on outbound mail flow. SPF/DKIM/DMARC impact: SPF: Update SPF records to include Barracuda’s sending IPs or SPF include mechanism. DKIM: Currently, no explicit setup is needed; DKIM of the main sending source is preserved. Refer to this article for more comprehensive guidance on Barracuda SEG configuration. 2. API Integration (Complementary & Advanced Threat Focus) How it works: The API accesses cloud email environments to analyze historical and real-time data, learning normal communication patterns to detect anomalies in outbound emails. It also supports post-delivery remediation, enabling the removal of malicious emails from internal mailboxes after sending. Protection level: Advanced AI-driven detection and near real-time blocking of outbound threats, plus strong post-delivery cleanup capabilities. SPF/DKIM/DMARC impact: Since mail is sent directly by the original mail server (e.g., Microsoft 365), SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. Cisco Secure Email (formerly IronPort) – Outbound Handling and Integration Methods Outbound Logic Cisco Secure Email protects outbound email by preventing data loss (DLP), blocking spam and malware from internal accounts, stopping business email compromise (BEC) and impersonation attacks, and ensuring compliance. Cisco provides both traditional gateway appliances/cloud gateways and modern API-based solutions for layered outbound security. Integration Methods 1. Gateway Integration (MX Record / Smart Host) – Cisco Secure Email Gateway (ESA) How it works: Organizations update MX records to route mail through the Cisco Secure Email Gateway or configure their mail server (e.g., Microsoft 365, Exchange) to smart host outbound email via the gateway. All outbound mail is inspected and policies enforced before delivery. Protection level: Granular DLP (blocking, encrypting, quarantining sensitive content) Outbound spam and malware filtering to protect IP reputation Email encryption for sensitive outbound messages Comprehensive content and attachment policy enforcement SPF: Check this article for comprehensive guidance on Cisco SPF settings. DKIM: Refer to this article for detailed guidance on Cisco DKIM settings. 2. API Integration – Cisco Secure Email Threat Defense How it works: Integrates directly via API with Microsoft 365 (and potentially Google Workspace), continuously monitoring email metadata, content, and user behavior across inbound, outbound, and internal messages. Leverages Cisco’s threat intelligence and AI to detect anomalous outbound activity linked to BEC, account takeover, and phishing. Post-Delivery Remediation: Automates the removal or quarantine of malicious or policy-violating emails from mailboxes even after sending. Protection level: Advanced, AI-driven detection of sophisticated outbound threats with real-time monitoring and automated remediation. Complements gateway filtering by adding cloud-native visibility and swift post-send action. SPF/DKIM/DMARC impact: Since emails are sent directly by the original mail server, SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. If you have any questions or need assistance, feel free to reach out to EasyDMARC technical support.

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response team, said. "By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext." The fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences. The list of identified extensions are below - SEMRush Rank (extension ID: idbhoeaiokcojcgappfigpifhpkjgmab) and PI Rank (ID: ccgdboldgdlngcgfdolahmiilojmfndl), which call the URL "rank.trellian[.]com" over plain HTTP Browsec VPN (ID: omghfjlpggmjjaagoclmmobgdodcjboh), which uses HTTP to call an uninstall URL at "browsec-uninstall.s3-website.eu-central-1.amazonaws[.]com" when a user attempts to uninstall the extension MSN New Tab (ID: lklfbkdigihjaaeamncibechhgalldgl) and MSN Homepage, Bing Search & News (ID: midiombanaceofjhodpdibeppmnamfcj), which transmit a unique machine identifier and other details over HTTP to "g.ceipmsn[.]com" DualSafe Password Manager & Digital Vault (ID: lgbjhdkjmpgjgcbcdlhkokkckpjmedgc), which constructs an HTTP-based URL request to "stats.itopupdate[.]com" along with information about the extension version, user's browser language, and usage "type" "Although credentials or passwords do not appear to be leaked, the fact that a password manager uses unencrypted requests for telemetry erodes trust in its overall security posture," Guo said. Symantec said it also identified another set of extensions with API keys, secrets, and tokens directly embedded in the JavaScript code, which an attacker could weaponize to craft malicious requests and carry out various malicious actions - Online Security & Privacy extension (ID: gomekmidlodglbbmalcneegieacbdmki), AVG Online Security (ID: nbmoafcmbajniiapeidgficgifbfmjfo), Speed Dial [FVD] - New Tab Page, 3D, Sync (ID: llaficoajjainaijghjlofdfmbjpebpa), and SellerSprite - Amazon Research Tool (ID: lnbmbgocenenhhhdojdielgnmeflbnfb), which expose a hard-coded Google Analytics 4 (GA4) API secret that an attacker could use to bombard the GA4 endpoint and corrupt metrics Equatio – Math Made Digital (ID: hjngolefdpdnooamgdldlkjgmdcmcjnc), which embeds a Microsoft Azure API key used for speech recognition that an attacker could use to inflate the developer's costs or exhaust their usage limits Awesome Screen Recorder & Screenshot (ID: nlipoenfbbikpbjkfpfillcgkoblgpmj) and Scrolling Screenshot Tool & Screen Capture (ID: mfpiaehgjbbfednooihadalhehabhcjo), which expose the developer's Amazon Web Services (AWS) access key used to upload screenshots to the developer's S3 bucket Microsoft Editor – Spelling & Grammar Checker (ID: gpaiobkfhnonedkhhfjpmhdalgeoebfa), which exposes a telemetry key named "StatsApiKey" to log user data for analytics Antidote Connector (ID: lmbopdiikkamfphhgcckcjhojnokgfeo), which incorporates a third-party library called InboxSDK that contains hard-coded credentials, including API keys. Watch2Gether (ID: cimpffimgeipdhnhjohpbehjkcdpjolg), which exposes a Tenor GIF search API key Trust Wallet (ID: egjidjbpglichdcondbcbdnbeeppgdph), which exposes an API key associated with the Ramp Network, a Web3 platform that offers wallet developers a way to let users buy or sell crypto directly from the app TravelArrow – Your Virtual Travel Agent (ID: coplmfnphahpcknbchcehdikbdieognn), which exposes a geolocation API key when making queries to "ip-api[.]com" Attackers who end up finding these keys could weaponize them to drive up API costs, host illegal content, send spoofed telemetry data, and mimic cryptocurrency transaction orders, some of which could see the developer's ban getting banned. Adding to the concern, Antidote Connector is just one of over 90 extensions that use InboxSDK, meaning the other extensions are susceptible to the same problem. The names of the other extensions were not disclosed by Symantec. "From GA4 analytics secrets to Azure speech keys, and from AWS S3 credentials to Google-specific tokens, each of these snippets demonstrates how a few lines of code can jeopardize an entire service," Guo said. "The solution: never store sensitive credentials on the client side." Developers are recommended to switch to HTTPS whenever they send or receive data, store credentials securely in a backend server using a credentials management service, and regularly rotate secrets to further minimize risk. The findings show how even popular extensions with hundreds of thousands of installations can suffer from trivial misconfigurations and security blunders like hard-coded credentials, leaving users' data at risk. "Users of these extensions should consider removing them until the developers address the insecure [HTTP] calls," the company said. "The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks." "The overarching lesson is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share, to ensure users' information remains truly safe." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

June 3, 20258 min readWhite House Budget Plan Would Devastate U.S. Space ScienceScientists are rallying to reverse ruinous proposed cuts to both NASA and the National Science FoundationBy Nadia Drake edited by Lee BillingsFog shrouds the iconic Vehicle Assembly Building at NASA’s Kennedy Space Center in Florida in this photograph from February 25, 2025. Gregg Newton/AFP via GettyLate last week the Trump Administration released its detailed budget request for fiscal year 2026 —a request that, if enacted, would be the equivalent of carpet-bombing the national scientific enterprise.“This is a profound, generational threat to scientific leadership in the United States,” says Casey Dreier, chief of space policy at the Planetary Society, a science advocacy group. “If implemented, it would fundamentally undermine and potentially devastate the most unique capabilities that the U.S. has built up over a half-century.”The Trump administration’s proposal, which still needs to be approved by Congress, is sure to ignite fierce resistance from scientists and senators alike. Among other agencies, the budget deals staggering blows to NASA and the National Science Foundation (NSF), which together fund the majority of U.S. research in astronomy, astrophysics, planetary science, heliophysics and Earth science —all space-related sciences that have typically mustered hearty bipartisan support.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.The NSF supports ground-based astronomy, including such facilities as the Nobel Prize–winning gravitational-wave detectors of the Laser Interferometer Gravitational-Wave Observatory (LIGO), globe-spanning arrays of radio telescopes, and cutting-edge observatories that stretch from Hawaii to the South Pole. The agency faces a lethal 57 percent reduction to its $9-billion budget, with deep cuts to every program except those in President Trump’s priority areas, which include artificial intelligence and quantum information science. NASA, which funds space-based observatories, faces a 25 percent reduction, dropping the agency’s $24.9-billion budget to $18.8 billion. The proposal beefs up efforts to send humans to the moon and to Mars, but the agency’s Science Mission Directorate —home to Mars rovers, the Voyager interstellar probes, the James Webb Space Telescope (JWST), the Hubble Space Telescope, and much more —is looking at a nearly 50 percent reduction, with dozens of missions canceled, turned off or operating on a starvation diet.“It’s an end-game scenario for science at NASA,” says Joel Parriott, director of external affairs and public policy at the American Astronomical Society. “It’s not just the facilities. You’re punching a generation-size hole, maybe a multigenerational hole, in the scientific and technical workforce. You don’t just Cryovac these people and pull them out when the money comes back. People are going to move on.”Adding to the chaos, on Saturday President Trump announced that billionaire entrepreneur and private astronaut Jared Isaacman was no longer his pick for NASA administrator—just days before the Senate was set to confirm Isaacman’s nomination. Initial reports—which have now been disputed—explained the president’s decision as stemming from his discovery that Isaacman recently donated money to Democratic candidates. Regardless of the true reason, the decision leaves both NASA and the NSF, whose director abruptly resigned in April, with respective placeholder “acting” leaders at the top. That leadership vacuum significantly weakens the agencies’ ability to fight the proposed budget cuts and advocate for themselves. “What’s more inefficient than a rudderless agency without an empowered leadership?” Dreier asks.Actions versus WordsDuring his second administration, President Trump has repeatedly celebrated U.S. leadership in space. When he nominated Isaacman last December, Trump noted “NASA’s mission of discovery and inspiration” and looked to a future of “groundbreaking achievements in space science, technology and exploration.” More recently, while celebrating Hubble’s 35th anniversary in April, Trump called the telescope “a symbol of America’s unmatched exploratory might” and declared that NASA would “continue to lead the way in fueling the pursuit of space discovery and exploration.” The administration’s budgetary actions speak louder than Trump’s words, however. Instead of ushering in a new golden age of space exploration—or even setting up the U.S. to stay atop the podium—the president’s budget “narrows down what the cosmos is to moon and Mars and pretty much nothing else,” Dreier says. “And the cosmos is a lot bigger, and there’s a lot more to learn out there.”Dreier notes that when corrected for inflation, the overall NASA budget would be the lowest it’s been since 1961. But in April of that year, the Soviet Union launched the first human into orbit, igniting a space race that swelled NASA’s budget and led to the Apollo program putting American astronauts on the moon. Today China’s rapidprogress and enormous ambitions in space would make the moment ripe for a 21st-century version of this competition, with the U.S. generously funding its own efforts to maintain pole position. Instead the White House’s budget would do the exact opposite.“The seesaw is sort of unbalanced,” says Tony Beasley, director of the NSF-funded National Radio Astronomy Observatory (NRAO). “On the one side, we’re saying, ‘Well, China’s kicking our ass, and we need to do something about that.’ But then we’re not going to give any money to anything that might actually do that.”How NASA will achieve a crewed return to the moon and send astronauts to Mars—goals that the agency now considers part of “winning the second space race”—while also maintaining its leadership in science is unclear.“This is Russ Vought’s budget,” Dreier says, referring to the director of the White House’s Office of Management and Budget (OMB), an unelected bureaucrat who has been notorious for his efforts to reshape the U.S. government by weaponizing federal funding. “This isn’t even Trump’s budget. Trump’s budget would be good for space. This one undermines the president’s own claims and ambitions when it comes to space.”“Low Expectations” at the High FrontierRumors began swirling about the demise of NASA science in April, when a leaked OMB document described some of the proposed cuts and cancellations. Those included both the beleaguered, bloated Mars Sample Return (MSR) program and the on-time, on-budget Nancy Grace Roman Space Telescope, the next astrophysics flagship mission.The top-line numbers in the more fleshed-out proposal are consistent with that document, and MSR would still be canceled. But Roman would be granted a stay of execution: rather than being zeroed out, it would be put on life support.“It’s a reprieve from outright termination, but it’s still a cut for functionally no reason,” Dreier says. “In some ways, [the budget] is slightly better than I was expecting. But I had very low expectations.”In the proposal, many of the deepest cuts would be made to NASA science, which would sink from $7.3 billion to $3.9 billion. Earth science missions focused on carbon monitoring and climate change, as well as programs aimed at education and workforce diversity, would be effectively erased by the cuts. But a slew of high-profile planetary science projects would suffer, too, with cancellations proposed for two future Venus missions, the Juno mission that is currently surveilling Jupiter, the New Horizons mission that flew by Pluto and two Mars orbiters. (The Dragonfly mission to Saturn’s moon Titan would survive, as would the flagship Europa Clipper spacecraft, which launched last October.) NASA’s international partnerships in planetary science fare poorly, too, as the budget rescinds the agency’s involvement with multiple European-led projects, including a Venus mission and Mars rover.The proposal is even worse for NASA astrophysics—the study of our cosmic home—which “really takes it to the chin,” Dreier says, with a roughly $1-billion drop to just $523 million. In the president’s proposal, only three big astrophysics missions would survive: the soon-to-launch Roman and the already-operational Hubble and JWST. The rest of NASA’s active astrophysics missions, which include the Chandra X-ray Observatory, the Fermi Gamma-Ray Space Telescope and the Transiting Exoplanet Survey Satellite (TESS), would be severely pared back or zeroed out. Additionally, the budget would nix NASA’s contributions to large European missions, such as a future space-based gravitational-wave observatory.“This is the most powerful fleet of missions in the history of the study of astrophysics from space,” says John O’Meara, chief scientist at the W. M. Keck Observatory in Hawaii and co-chair of a recent senior review panel that evaluated NASA’s astrophysics missions. The report found that each reviewed mission “continues to be capable of producing important, impactful science.” This fleet, O’Meara adds, is more than the sum of its parts, with much of its power emerging from synergies among multiple telescopes that study the cosmos in many different types, or wavelengths, of light.By hollowing out NASA’s science to ruthlessly focus on crewed missions, the White House budget might be charitably viewed as seeking to rekindle a heroic age of spaceflight—with China’s burgeoning space program as the new archrival. But even for these supposedly high-priority initiatives, the proposed funding levels appear too anemic and meager to give the U.S. any competitive edge. For example, the budget directs about $1 billion to new technology investments to support crewed Mars missions while conservative estimates have projected that such voyages would cost hundreds of billions of dollars more.“It cedes U.S. leadership in space science at a time when other nations, particularly China, are increasing their ambitions,” Dreier says. “It completely flies in the face of the president’s own stated goals for American leadership in space.”Undermining the FoundationThe NSF’s situation, which one senior space scientist predicted would be “diabolical” when the NASA numbers leaked back in April, is also unsurprisingly dire. Unlike NASA, which is focused on space science and exploration, the NSF’s programs span the sweep of scientific disciplines, meaning that even small, isolated cuts—let alone the enormous ones that the budget has proposed—can have shockingly large effects on certain research domains.“Across the different parts of the NSF, the programs that are upvoted are the president’s strategic initiatives, but then everything else gets hit,” Beasley says.Several large-scale NSF-funded projects would escape more or less intact. Among these are the panoramic Vera C. Rubin Observatory, scheduled to unveil its first science images later this month, and the Atacama Large Millimeter/submillimeter Array (ALMA) radio telescope. The budget also moves the Giant Magellan Telescope, which would boast starlight-gathering mirrors totaling more than 25 meters across, into a final design phase. All three of those facilities take advantage of Chile’s pristine dark skies. Other large NSF-funded projects that would survive include the proposed Next Generation Very Large Array of radio telescopes in New Mexico and several facilities at the South Pole, such as the IceCube Neutrino Observatory.If this budget is enacted, however, NSF officials anticipate only funding a measly 7 percent of research proposals overall rather than 25 percent; the number of graduate research fellowships awarded would be cleaved in half, and postdoctoral fellowships in the physical sciences would drop to zero. NRAO’s Green Bank Observatory — home to the largest steerable single-dish radio telescope on the planet — would likely shut down. So would other, smaller observatories in Arizona and Chile. The Thirty Meter Telescope, a humongous, perennially embattled project with no clear site selection, would be canceled. And the budget proposes closing one of the two gravitational-wave detectors used by the LIGO collaboration—whose observations of colliding black holes earned the 2017 Nobel Prize in Physics—even though both detectors need to be online for LIGO’s experiment to work. Even factoring in other operational detectors, such as Virgo in Europe and the Kamioka Gravitational Wave Detector (KAGRA) in Japan, shutting down half of LIGO would leave a gaping blind spot in humanity’s gravitational-wave view of the heavens.“The consequences of this budget are that key scientific priorities, on the ground and in space, will take at least a decade longer—or not be realized at all,” O’Meara says. “The universe is telling its story at all wavelengths. It doesn’t care what you build, but if you want to hear that story, you must build many things.”Dreier, Parriott and others are anticipating fierce battles on Capitol Hill. And already both Democratic and Republican legislators have issued statement signaling that they won’t support the budget request as is. “This sick joke of a budget is a nonstarter,” said Representative Zoe Lofgren of California, ranking member of the House Committee on Science, Space, and Technology, in a recent statement. And in an earlier statement, Senator Susan Collins of Maine, chair of the powerful Senate Committee on Appropriations, cautioned that “the President’s Budget Request is simply one step in the annual budget process.”The Trump administration has “thrown a huge punch here, and there will be a certain back-reaction, and we’ll end up in the middle somewhere,” Beasley says. “The mistake you can make right now is to assume that this represents finalized decisions and the future—because it doesn’t.”

Debate about whether artificial intelligence can replicate the intellectual labor of doctors, lawyers, or PhDs forgoes a deeper concern that’s looming: Entire companies—not just individual jobs—may be rendered obsolete by the accelerating pace of AI adoption. Reports suggesting OpenAI will charge $20,000 per month for agents trained at a PhD level spun up the ongoing debate about whose job is safe from AI and whose job is not. “I’ve not seen it be that impressive yet, but it’s likely not far off,” James Villarrubia, head of digital innovation and AI at NASA CAS, told me. Sean McGregor, the founder of Responsible AI Collaborative who earned a PhD in computer science, pointed out how many jobs are about more than just a set of skills: “Current AI technology is not sufficiently robust to allow unsupervised control of hazardous chemistry equipment, human experimentation, or other domains where human PhDs are currently required.” The big reason I polled the audience on this one was because I wanted to broaden my perspective on what jobs would be eliminated. Instead, it changed my perspective. AI needs to outperform the system, not the role Suzanne Rabicoff, founder of the human agency think tank and fractional practice, The Pie Grower, gave me some reading assignments from her work, instead of a quote. Her work showed me that these times are unprecedented. But something clicked in my brain when she said in her writing that she liked the angle of more efficient companies rising instead of jobs being replaced at companies with a lot of tech and human capital debt. Her response to that statement? “Exactly my bet.”  Sure, this is the first time that a robot is doing the homework for some college students. However, there is more precedent for robots moving market share than for replacing the same job function across a sector. Fortune 500 companies—especially those bloated with legacy processes and redundant labor—are always vulnerable to decline as newer, more nimble competitors rise. And not because any single job is replaced, but because the foundational economics of their business models no longer hold. AI doesn’t need to outperform every employee to render an enterprise obsolete. It only needs to outperform the system. Case study: The auto industry Take, for example, the decline of American car manufacturers in the late 20th century. In the 1950s, American automakers had a stranglehold on the car industry, not unlike today’s tech giants. In 1950, the U.S. produced about 75% of the world’s cars. But in the 1970s, Japanese automakers pioneered the use of robotics in auto manufacturing. These companies produced higher-quality vehicles at great value thanks to leaner operations that were also more precise. Firms like GM struggled to keep up, burdened by outdated factories and excessive human capital costs—including bloated pensions. The seismic shift in the decades to follow paints a picture of what could be in store for large companies now. In 1960, the U.S. produced about 48% of the world’s cars, while Japan accounted for just 5%. By 1980, Japan had captured around 29% of the market, while the U.S. had fallen to 23%. Today’s AI shakeup could look similar. Decades from now, we could look at Apple similarly to how we look at Ford now. AI startups with more agile structures are poised to eat market share. On top of that, startups can focus on solving specialized problems, sharpening their competitive edge. Will your company shrivel and die? The fallout has already begun. Gartner surveyed organizations in late 2023, finding that about half were developing their own AI tools. By the end of 2024, that dropped to 20%. As hype around generative AI cools, Gartner notes that many chief information officers are instead using outside vendors—either large language model providers or traditional software sellers with AI-enhanced offerings. In 2024, AI startups received nearly half of the $209 billion in global venture funding. If only 20% of legacy organizations currently feel confident competing with these upstarts, how many will feel that confidence as these startups mature? While headlines continue to fixate on whether AI can match PhD-level expertise, the deeper risk remains largely unspoken: Giant companies will shrivel and some may die. And when they do, your job is at risk whether you greet customers at the front desk or hold a PhD in an engineering discipline. But there are ways to stay afloat. One of the most impactful pieces of advice I ever received came from Jonathan Rosenberg, former SVP of products at Google and current advisor to Alphabet, when I visited the company’s campus in college. “You can’t just be great at what you do, you have to catch a great wave. Early people think it’s about the company, then the job, then the industry. It’s actually industry, company, job…” So, how do you catch the AI wave? Ankur Patel, CEO of Multimodal, advises workers to learn how to do their current jobs using AI tools that enhance productivity. He also notes that soft skills—mobilizing people, building relationships, leading teams—will become increasingly valuable as AI takes over more technical or routine tasks. “You can’t have AI be a group leader or team leader, right? I just don’t see that happening, even in the next generation forward,” Patel said. “So I think that’s a huge opportunity…to grow and learn from.” The bottom line is this: Even if the AI wave doesn’t replace you, it may replace the place you work. Will you get hit by the AI wave—or will you catch it? George Kailas is CEO of Prospero.ai.

I don't expect Meta to respect my data or my privacy, but the company continues to surprise me with how low they're willing to go in the name of data collection. The latest such story comes to us from a report titled "Disclosure: Covert Web-to-App Tracking via Localhost on Android." In short, Meta and Yandex (a Russian technology company) have been tracking potentially billions of Android users by abusing a security loophole in Android. That loophole allows the companies to access identifying browsing data from your web browser as long as you have their Android apps installed. How does this tracking work?As the report explains, Android allows any installed app with internet permissions to access the "loopback address" or localhost, an address a device uses to communicate with itself. As it happens, your web browser also has access to the localhost, which allows JavaScripts embedded on certain websites to connect to Android apps and share browsing data and identifiers.What are those JavaScripts, you might ask? In this case, that's Meta Pixel and Yandex Metrica, scripts that let companies track users on their sites. Trackers are an unfortunate part of the modern internet, but Meta Pixel is only supposed to be able to follow you while you browse the web. This loop lets Meta Pixel scripts send your browsing data, cookies, and identifiers back to installed Meta apps like Facebook and Instagram. The same goes for Yandex with its apps like Maps and Browser.You certainly didn't sign up for that when you installed Instagram on your Android device. But once you logged in, the next time you visited a website that embedded Meta Pixel, the script beamed your information back to the app. All of a sudden, Meta had identifying browsing data from your web activity, not via the browsing itself, but from the "unrelated" Instagram app. Chrome, Firefox, and Edge were all affected in these findings. DuckDuckGo blocked some but not all of the domains here, so it was "minimally affected." Brave does block requests to the localhost if you don't consent to it, so it did successfully protect users from this tracking.Researchers say Yandex has been doing this since February of 2017 on HTTP sites, and May of 2018 on HTTPS sites. Meta Pixel, on the other hand, hasn't been tracking this way for long: It only started September of 2024 for HTTP, and ended that practice in October. It started via Websocket and WebRTC STUN in November, and WebRTC TURN in May. Website owners apparently complained to Meta starting in September, asking why Meta Pixel communicates with the localhost. As far as researchers could find, Meta never responded.Researchers make it clear that the type of tracking is possible on iOS, as developers can establish localhost connections and apps can "listen in" too. However, they found no evidence of this tracking on iOS devices, and hypothesize that it has to do with how iOS restricts native apps running in the background.Meta has officially stopped this tracking The good news is, as of June 3, researchers say they have not observed Meta Pixel communicating with the localhost. They didn't say the same for Yandex Metrika, though Yandex told Ars Technica it was "discontinuing the practice." Ars Technica also reports that Google has opened an investigation into these actions that "blatantly violate our security and privacy principles."However, even if Meta has stopped this tracking following the report, the damage could be widespread. As highlighted in the report, estimates put Meta Pixel adoption anywhere from 2.4 million to 5.8 million sites. From here, researchers found that just over 17,000 Meta Pixel sites in the U.S. attempt to connect to the localhost, and over 78% of those do so without any user consent needed, including sites like AP News, Buzzfeed, and The Verge. That's a lot of websites that could have been sending your data back to your Facebook and Instagram apps. The report features a tool that you can use to look for affected sites, but notes the list is not exhaustive, and absence doesn't mean the site is safe.Meta sent me the following statement in response to my request for comment: “We are in discussions with Google to address a potential miscommunication regarding the application of their policies. Upon becoming aware of the concerns, we decided to pause the feature while we work with Google to resolve the issue.”

The Digital Manufacturing and Cybersecurity Institute (MxD) has released its Strategic Investment Plan (SIP) for 2025-2027, presenting a detailed roadmap to bolster the competitiveness, resilience, and cybersecurity of U.S. manufacturing.  Shaped by insights from manufacturers, technology providers, academic institutions, and government partners, the plan lays out a targeted investment strategy in digital engineering, factory modernization, supply chain resilience, and workforce development.  Published on March 19, 2025, the SIP identifies core areas for MxD’s focus over the next three years: digital engineering and design, future factory systems, supply chain visibility, and cybersecurity integration. These initiatives aim to address persistent challenges within the industrial base, particularly among small and medium-sized manufacturers (SMMs) that often lack the resources needed to adopt and scale digital manufacturing solutions. “We will continue to prioritize projects and proposals designed to meet the evolving needs of the industrial base, relying on your insights and involvement throughout. Our collaborative approach has proven to be effective during MxD’s first decade and continues to be the model driving this SIP and MxD forward,” Berardino Baratta, CEO at MxD. Illustration of the product lifecycle and how the flow of data represents a complex interconnected web among all aspects. Image via MxD. Data lifecycle framework and investment focus At the center of the SIP is a technical framework called the data lifecycle. This framework maps the flow of data across the various stages of a product’s lifecycle, from development and manufacturing to deployment and support. MxD underscores the importance of seamless data movement and high-fidelity data collection, which are vital for unlocking capabilities such as predictive maintenance, quality control, and secure information sharing throughout supply chains. MxD’s data lifecycle approach has already been applied in 189 research, cybersecurity, and workforce development projects totaling $415 million in public-private investments. One example, Project 22-06-01, titled “Proactive Worker Safety for Industry 4.0 Using AI,” employed artificial intelligence (AI) and Internet of Things (IoT) sensors to reduce worker fatigue, addressing a $136 billion annual challenge for US employers. For the 2025-2027 period, MxD plans to prioritize projects that promote technology adoption across supply chains, supported by new playbooks and guides to help manufacturers modernize, close digital gaps, and apply lessons from pilot programs. This approach aims to foster coordinated, sector-wide adoption. Another central pillar of the SIP is interoperability and data standards. MxD is working on a Machine-to-X Data Standards Playbook to consolidate and harmonize data standards used by manufacturers. This effort addresses the challenge of fragmented data formats and standards across different systems, which can hinder consistent data flows and semantic interoperability. To support digital engineering and design, MxD is updating model-based definition assessments to address the shortcomings of current evaluations and provide clearer guidance for manufacturers aiming to improve digital maturity. These updates will bolster MxD’s broader goal of enhancing collaboration and data sharing across product lifecycles, enabling better designs, improved performance, and reduced costs. Future factory development is another key emphasis of the SIP. MxD’s projects in this area aim to build digital environments that support real-time process optimization, data-driven decision-making, and production lines that can adapt quickly to disruptions and new customer demands. Initiatives around digital twins, 5G/6G integration, and cybersecurity best practices will help shape these future factories. In terms of supply chain resilience, the SIP outlines plans for new risk assessment tools and visibility platforms. These tools will rely on secure data-sharing practices and advanced analytics to reduce disruptions and improve the agility of domestic manufacturing in a volatile global landscape. Cybersecurity is also a core focus of the SIP, reflecting MxD’s role as the National Center for Cybersecurity in Manufacturing. With manufacturing identified as the most targeted sector for cyberattacks in recent years, MxD’s cybersecurity projects aim to enhance protections for both operational technology (OT) and information technology (IT) environments.  Two engineers walking through a manufacturing facility. Photo via MxD. The Digital Education, Resilience, and Innovation for Supply Chain (DERISC) initiative, carried out with the Defense Logistics Agency (DLA), is an example of how MxD is equipping U.S. manufacturers with the tools and protocols needed to secure their supply chains against digital threats. Workforce training and capability roadmaps On the workforce development front, MxD’s Virtual Training Center (VTC) offers around 20,000 courses tailored to meet the evolving needs of manufacturers.  These courses include advanced role-based training programs in data analytics, cybersecurity, and extended reality applications. As an affordable and scalable learning platform, the VTC aims to close the gap in workforce training for SMMs that often lack access to comprehensive learning management systems. MxD’s training programs, such as the Curriculum and Pathways Integrating Technology and Learning Program (CAPITAL) and Cybersecurity for Manufacturing Operational Technology (CyMOT) initiatives, are designed to prepare workers for digital manufacturing roles while also supporting national defense efforts by delivering specialized cybersecurity training for supply chain participants. The SIP identifies these workforce initiatives as critical, noting that 1.9 million manufacturing jobs could remain unfilled by 2033 without targeted upskilling efforts. Beyond individual projects, the SIP features an Appendix of Capability Advancement Roadmaps. These roadmaps chart technical progress across multiple domains, emphasizing that data standards, architecture, and interoperability are essential to enabling future-ready manufacturing.  For instance, roadmaps for digital twin deployment and supply chain visibility outline clear timelines and performance milestones, providing a transparent view of how MxD plans to scale its impact. MxD’s structured approach and technical framework are designed to help manufacturers adopt secure, data-driven practices that align with broader economic and defense objectives. As digital manufacturing influences operational practices and product standards, the SIP provides a framework that supports a more adaptable and resilient US manufacturing sector. Take the 3DPI Reader Survey — shape the future of AM reporting in under 5 minutes. What 3D printing trends should you watch out for in 2025? How is the future of 3D printing shaping up? To stay up to date with the latest 3D printing news, don’t forget to subscribe to the 3D Printing Industry newsletter or follow us on Twitter, or like our page on Facebook. While you’re here, why not subscribe to our Youtube channel? Featuring discussion, debriefs, video shorts, and webinar replays. Featured image shows illustration of the product lifecycle and how the flow of data represents a complex interconnected web among all aspects. Image via MxD. Ada Shaikhnag With a background in journalism, Ada has a keen interest in frontier technology and its application in the wider world. Ada reports on aspects of 3D printing ranging from aerospace and automotive to medical and dental.

Large Reasoning Models (LRMs), trained from LLMs using reinforcement learning (RL), demonstrated great performance in complex reasoning tasks, including mathematics, STEM, and coding. However, existing LRMs face challenges in completing various puzzle tasks that require purely logical reasoning skills, which are easy and obvious for humans. Current methods targeting puzzles focus only on designing benchmarks for evaluation, lacking the training methods and resources for modern LLMs to tackle this challenge. Current puzzle datasets lack diversity and scalability, covering limited puzzle types with little control over generation or difficulty. Moreover, due to the success of the “LLM+RLVR” paradigm, it has become crucial to obtain large, diverse, and challenging sets of verifiable puzzle prompts for training agents. Reinforcement Learning with Verifiable Rewards (RLVR) has emerged as a key method for improving models’ reasoning capabilities, removing the need for reward models by directly assigning rewards based on objectively verifiable answers. Puzzles are particularly well-suited for RLVR. However, most prior RLVR research has overlooked the puzzles’ potential for delivering effective reward signals. In puzzle reasoning of LLMs, existing benchmarks evaluate different types of reasoning, including abstract, deductive, and compositional reasoning. Few benchmarks support scalable generation and difficulty control but lack puzzle diversity. Moreover, the improvement of LLMs’ puzzle-solving abilities mainly falls into two categories: tool integration and RLVR. Researchers from ByteDance Seed, Fudan University, Tsinghua University, Nanjing University, and Shanghai Jiao Tong University have proposed Enigmata, the first comprehensive toolkit designed for improving LLMs with puzzle reasoning skills. It contains 36 tasks across seven categories, each featuring a generator that produces unlimited examples with controllable difficulty and a rule-based verifier for automatic evaluation. The researchers further developed Enigmata-Eval as a rigorous benchmark and created optimized multi-task RLVR strategies. Puzzle data from Enigmata enhances SoTA performance on advanced math and STEM reasoning tasks like AIME, BeyondAIME, and GPQA when trained on larger models like Seed1.5-Thinking. This shows the generalization benefits of Enigmata. The Enigmata-Data comprises 36 puzzle tasks organized into 7 primary categories, including Crypto, Arithmetic, Logic, Grid, Graph, Search, and Sequential Puzzle, making it the only dataset having multiple task categories with scalability, automatic verification, and public availability. The data construction follows a three-phase pipeline: Tasks Collection and Design, Auto-Generator and Verifier Development, and Sliding Difficulty Control. Moreover, the Enigmata-Eval is developed by systematically sampling from the broader dataset, aiming to extract 50 instances per difficulty level for each task. The final evaluation set contains 4,758 puzzle instances rather than the theoretical maximum of 5,400, due to inherent constraints, where some tasks generate fewer instances per difficulty level. The proposed model outperforms most public models on Enigmata-Eval with 32B parameters, showing the effectiveness of the dataset and training recipe. The model stands out on the challenging ARC-AGI benchmark, surpassing strong reasoning models such as Gemini 2.5 Pro, o3-mini, and o1. The Qwen2.5-32B-Enigmata shows outstanding performance in structured reasoning categories, outperforming in Crypto, Arithmetic, and Logic tasks, suggesting effective development of rule-based reasoning capabilities. The model shows competitive performance in search tasks that require strategic exploration and planning capabilities. Moreover, Crypto and Arithmetic tasks tend to provide the highest accuracy, while spatial and sequential tasks remain more difficult. In this paper, researchers introduced Enigmata, a comprehensive suite for equipping LLMs with advanced puzzle reasoning that integrates seamlessly with RL using verifiable rule-based rewards. The trained Enigmata-Model shows superior performance and robust generalization skills through RLVR training. Experiments reveal that when applied to larger models such as Seed1.5-Thinking (20B/200B parameters), synthetic puzzle data brings additional benefits in other domains, including mathematics and STEM reasoning over state-of-the-art models. Enigmata provides a solid foundation for the research community to advance reasoning model development, offering a unified framework that effectively bridges logical puzzle-solving with broader reasoning capabilities in LLMs. Check out the Paper, GitHub Page and Project Page. All credit for this research goes to the researchers of this project. Also, feel free to follow us on Twitter and don’t forget to join our 95k+ ML SubReddit and Subscribe to our Newsletter. Sajjad AnsariSajjad Ansari is a final year undergraduate from IIT Kharagpur. As a Tech enthusiast, he delves into the practical applications of AI with a focus on understanding the impact of AI technologies and their real-world implications. He aims to articulate complex AI concepts in a clear and accessible manner.Sajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/Multimodal Foundation Models Fall Short on Physical Reasoning: PHYX Benchmark Highlights Key Limitations in Visual and Symbolic IntegrationSajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/Meta AI Introduces Multi-SpatialMLLM: A Multi-Frame Spatial Understanding with Multi-modal Large Language ModelsSajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/Can LLMs Really Judge with Reasoning? Microsoft and Tsinghua Researchers Introduce Reward Reasoning Models to Dynamically Scale Test-Time Compute for Better AlignmentSajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/NVIDIA AI Introduces AceReason-Nemotron for Advancing Math and Code Reasoning through Reinforcement Learning

When I launched my third “brilliant” side project last year (don’t ask about the first two), I was hit with an annoying realization: having a website is crazy expensive. Ten bucks here, $15 there, and suddenly I was paying more to keep it alive than I was hoping to make selling my cute little stickers. So I started looking for alternatives, and that’s when I stumbled onto BonoHost’s lifetime web hosting plan. No monthly bills. No tiered “basic” vs “pro” nonsense. Just one payment, unlimited everything. Naturally, I was suspicious. But I took the plunge, and months later, I haven’t paid another cent, and everything still runs like clockwork. Here’s what you actually get For a one-time fee ($58.50 with code BONO10 at checkout, normally $64.99), you get unlimited websites, domains, bandwidth, email addresses, databases, and storage. No caps. No creeping usage fees. It also includes a beginner-friendly control panel and one-click installs for 1,500+ apps—like WordPress, e-commerce stores, CRMs, and more. Basically, BonoHost gives you the tools most other providers hide behind paywalls—and the support staff hasn’t ghosted me once. What it doesn’t include (but that’s OK) You’ll still need to buy your own domain name (think: myweirdproject.com), which usually runs $10–$15/year through registrars like Namecheap or GoDaddy. There’s no way around that. Also, this is shared hosting. So, while it works great for blogs, portfolios, and small business sites, it’s not meant for running a high-traffic SaaS empire or spinning up an AI chatbot with GPU needs. A no-brainer for anyone tired of paying monthly forever If you’re launching a blog, freelancing, selling art, or just want your own corner of the internet, this hosting plan gives you what you need without the recurring charge. It’s like buying your own coffee maker instead of paying $6 at a time for someone else to do it at Starbucks. Use code BONO10 at checkout to drop the price from $64.99 to $58.50 (MSRP is usually $1,614.60, so this is a crazy-good deal on an unlimited web hosting plan). StackSocial prices subject to change. _ BonoHost Unlimited Plan: Lifetime Web Hosting Subscription See Deal