Monitoring and Support EngineerKeyword StudiosPasig City Metro Manila Philippines2 hours agoApplyWe are seeking an experienced Monitoring and Support Engineer to support the technology initiatives of the IT Infrastructure team at Keywords. The Monitoring and Support Engineer will be responsible for follow-the-sun monitoring of IT infrastructure, prompt reaction on all infrastructure incident, primary resolution of infrastructure incidents and support requests.ResponsibilitiesFull scope of tasks including but not limited to:Ensure that all incidents are handled within SLAs.Initial troubleshooting of Infrastructure incidents.Ensure maximum network & service availability through proactive monitoring.Ensure all the incident and alert tickets contain detailed technical information.Initial troubleshooting of Infrastructure incidents, restoration of services and escalation to level 3 experts if necessary.Participate in Problem management processes.Ensure that all incidents and critical alerts are documented and escalated if necessary.Ensure effective communication to customers about incidents and outages.Identify opportunities for process improvement and efficiency enhancements.Participate in documentation creation to reduce BAU support activities by ensuring that the Service Desks have adequate knowledge articles to close support tickets as level 1.Participate in reporting on monitored data and incidents on company infrastructure.Implement best practices and lessons learned from initiatives and projects to optimize future outcomes.RequirementsBachelor's degree in a relevant technical field or equivalent experience.Understanding of IT Infrastructure technologies, standards and trends.Technical background with 3+ years’ experience in IT operations role delivering IT infrastructure support, monitoring and incident management.Technical knowledge of the Microsoft Stack, Windows networking, Active Directory, ExchangeTechnical knowledge of Network, Storage and Server equipment, virtualization and production setupsExceptional communication and presentation skills, with the ability to articulate technical concepts to non-technical audiences.Strong analytical and problem-solving skills.Strong customer service orientation.BenefitsGreat Place to Work certified for 4 consecutive yearsFlexible work arrangementGlobal exposure Create Your Profile — Game companies can contact you with their relevant job openings. Apply

The Secure Government Email (SGE) Common Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government Email (SGE) Common Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairs (DIA) as part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name System (DNS) to enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiation (by allowing only authorized senders) Domain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPT (TLS Reporting) SPF (Sender Policy Framework) DKIM (DomainKeys Identified Mail) DMARC (Domain-based Message Authentication, Reporting, and Conformance) with reporting MTA-STS (Mail Transfer Agent Strict Transport Security) Data Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government Email (SGE) Common Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR). Compliance Monitoring and Reporting The All of Government Service Delivery (AoGSD) team will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly (see first screenshot). If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface (see second screenshot). EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA (e.g., Postfix), DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS (see third and fourth screenshots). 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. Read more about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention (DLP), which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government Email (SGE) Framework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.

Last year, MACK Books published Architecture from Below, which anthologized writings by the French Brazilian architect, theorist, and painter Sérgio Ferro. (Douglas Spencer reviewed it for AN.) Now, MACK follows with Design and the Building Site and Complementary Essays, the second in the trilogy of books dedicated to Ferro’s scholarship. The following excerpt of the author’s 2023 preface to the English edition, which preserves its British phrasing, captures Ferro’s realization about the working conditions of construction sites in Brasília. The sentiment is likely relatable even today for young architects as they discover how drawings become buildings. Design and the Building Site and Complementary Essays will be released on May 22. If I remember correctly, it was in 1958 or 1959, when Rodrigo and I were second- or third year architecture students at FAUUSP, that my father, the real estate developer Armando Simone Pereira, commissioned us to design two large office buildings and eleven shops in Brasilia, which was then under construction. Of course, we were not adequately prepared for such an undertaking. Fortunately, Oscar Niemeyer and his team, who were responsible for overseeing the construction of the capital, had drawn up a detailed document determining the essential characteristics of all the private sector buildings. We followed these prescriptions to the letter, which saved us from disaster. Nowadays, it is hard to imagine the degree to which the construction of Brasilia inspired enthusiasm and professional pride in the country’s architects. And in the national imagination, the city’s establishment in the supposedly unpopulated hinterland evoked a re-founding of Brazil. Up until that point, the occupation of our immense territory had been reduced to a collection of arborescent communication routes, generally converging upon some river, following it up to the Atlantic Ocean. Through its ports, agricultural or extractive commodities produced by enslaved peoples or their substitutes passed towards the metropolises; goods were exchanged in the metropolises for more elaborate products, which took the opposite route. Our national identity was summed up in a few symbols, such as the anthem or the flag, and this scattering of paths pointing overseas. Brasilia would radically change this situation, or so we believed. It would create a central hub where the internal communication routes could converge, linking together hithertoseparate junctions, stimulating trade and economic progress in the country’s interior. It was as if, for the first time, we were taking care of ourselves. At the nucleus of this centripetal movement, architecture would embody the renaissance. And at the naval of the nucleus, the symbolic mandala of this utopia: the cathedral. Rodrigo and I got caught up in the euphoria. And perhaps more so than our colleagues, because we were taking part in the adventure with ‘our’ designs. The reality was very different — but we did not know that yet. At that time, architects in Brazil were responsible for verifying that the construction was in line with the design. We had already monitored some of our first building sites. But the construction company in charge of them, Osmar Souza e Silva’s CENPLA, specialized in the building sites of modernist architects from the so-called Escola Paulista led by Vilanova Artigas (which we aspired to be a part of, like the pretentious students we were). Osmar was very attentive to his clients and his workers, who formed a supportive and helpful team. He was even more careful with us, because he knew how inexperienced we were. I believe that the CENPLA was particularly important in São Paulo modernism: with its congeniality, it facilitated experimentation, but for the same reason, it deceived novices like us about the reality of other building sites. Consequently, Rodrigo and I travelled to Brasilia several times to check that the constructions followed ‘our’ designs and to resolve any issues. From the very first trip, our little bubble burst. Our building sites, like all the others in the future capital, bore no relation to Osmar’s. They were more like a branch of hell. A huge, muddy wasteland, in which a few cranes, pile drivers, tractors, and excavators dotted the mound of scaffolding occupied by thousands of skinny, seemingly exhausted wretches, who were nevertheless driven on by the shouts of master builders and foremen, in turn pressured by the imminence of the fateful inauguration date. Surrounding or huddled underneath the marquees of buildings under construction, entire families, equally skeletal and ragged, were waiting for some accident or death to open up a vacancy. In contact only with the master builders, and under close surveillance so we would not speak to the workers, we were not allowed to see what comrades who had worked on these sites later told us in prison: suicide abounded; escape was known to be futile in the unpopulated surroundings with no viable roads; fatal accidents were often caused by weakness due to chronic diarrhoea, brought on by rotten food that came from far away; outright theft took place in the calculation of wages and expenses in the contractor’s grocery store; camps were surrounded by law enforcement. I repeat this anecdote yet again not to invoke the benevolence of potential readers, but rather to point out the conditions that, in my opinion, allowed two students (Flávio Império joined us a little later) still in their professional infancy to quickly adopt positions that were contrary to the usual stance of architects. As the project was more Oscar Niemeyer’s than it was our own, we did not have the same emotional attachment that is understandably engendered between real authors and their designs. We had not yet been imbued with the charm and aura of the métier. And the only building sites we had visited thus far, Osmar’s, were incomparable to those we discovered in Brasilia. In short, our youthfulness and unpreparedness up against an unbearable situation made us react almost immediately to the profession’s satisfied doxa. Unprepared and young perhaps, but already with Marx by our side. Rodrigo and I joined the student cell of the Brazilian Communist Party during our first year at university. In itself, this did not help us much: the Party’s Marxism, revised in the interests of the USSR, was pitiful. Even high-level leaders rarely went beyond the first chapter of Capital. But at the end of the 1950s, the effervescence of the years to come was already nascent:  […] this extraordinary revival […] the rediscovery of Marxism and the great dialectical texts and traditions in the 1960s: an excitement that identifies a forgotten or repressed moment of the past as the new and subversive, and learns the dialectical grammar of a Hegel or an Adorno, a Marx or a Lukács, like a foreign language that has resources unavailable in our own. And what is more: the Chinese and Cuban revolutions, the war in Vietnam, guerrilla warfare of all kinds, national liberation movements, and a rare libertarian disposition in contemporary history, totally averse to fanaticism and respect for ideological apparatuses of (any) state or institution. Going against the grain was almost the norm. We were of course no more than contemporaries of our time. We were soon able to position ourselves from chapters 13, 14, and 15 of Capital, but only because we could constantly cross-reference Marx with our observations from well-contrasted building sites and do our own experimenting. As soon as we identified construction as manufacture, for example, thanks to the willingness and even encouragement of two friends and clients, Boris Fausto and Bernardo Issler, I was able to test both types of manufacture — organic and heterogeneous — on similar-sized projects taking place simultaneously, in order to find out which would be most convenient for the situation in Brazil, particularly in São Paulo. Despite the scientific shortcomings of these tests, they sufficed for us to select organic manufacture. Arquitetura Nova had defined its line of practice, studies, and research. There were other sources that were central to our theory and practice. Flávio Império was one of the founders of the Teatro de Arena, undoubtedly the vanguard of popular, militant theatre in Brazil. He won practically every set design award. He brought us his marvelous findings in spatial condensation and malleability, and in the creative diversion of techniques and material—appropriate devices for an underdeveloped country. This is what helped us pave the way to reformulating the reigning design paradigms.  We had to do what Flávio had done in the theatre: thoroughly rethink how to be an architect. Upend the perspective. The way we were taught was to start from a desired result; then others would take care of getting there, no matter how. We, on the other hand, set out to go down to the building site and accompany those carrying out the labor itself, those who actually build, the formally subsumed workers in manufacture who are increasingly deprived of the knowledge and know-how presupposed by this kind of subsumption. We should have been fostering the reconstitution of this knowledge and know-how—not so as to fulfil this assumption, but in order to reinvigorate the other side of this assumption according to Marx: the historical rebellion of the manufacture worker, especially the construction worker. We had to rekindle the demand that fueled this rebellion: total self-determination, and not just that of the manual operation as such. Our aim was above all political and ethical. Aesthetics only mattered by way of what it included—ethics. Instead of estética, we wrote est ética [this is ethics]. We wanted to make building sites into nests for the return of revolutionary syndicalism, which we ourselves had yet to discover. Sérgio Ferro, born in Brazil in 1938, studied architecture at FAUUSP, São Paulo. In the 1960s, he joined the Brazilian communist party and started, along with Rodrigo Lefevre and Flávio Império, the collective known as Arquitetura Nova. After being arrested by the military dictatorship that took power in Brazil in 1964, he moved to France as an exile. As a painter and a professor at the École Nationale Supérieure d’Architecture de Grenoble, where he founded the Dessin/Chantier laboratory, he engaged in extensive research which resulted in several publications, exhibitions, and awards in Brazil and in France, including the title of Chevalier des Arts et des Lettres in 1992. Following his retirement from teaching, Ferro continues to research, write, and paint.

ILM teams with Ben Stiller and Apple TV+ to bring thousands of seamless visual effects shots to the hit drama’s second season. By Clayton Sandell There are mysterious and important secrets to be uncovered in the second season of the wildly popular Apple TV+ series Severance (2022-present). About 3,500 of them are hiding in plain sight. That’s roughly the number of visual effects shots helping tell the Severance story over 10 gripping episodes in the latest season, a collaborative effort led by Industrial Light & Magic. ILM’s Eric Leven served as the Severance season two production visual effects supervisor. We asked him to help pull back the curtain on some of the show’s impressive digital artistry that most viewers will probably never notice. “This is the first show I’ve ever done where it’s nothing but invisible effects,” Leven tells ILM.com. “It’s a really different calculus because nobody talks about them. And if you’ve done them well, they are invisible to the naked eye.” With so many season two shots to choose from, Leven helped us narrow down a list of his favorite visual effects sequences to five. (As a bonus, we’ll also dive into an iconic season finale shot featuring the Mr. Milchick-led marching band.) Before we dig in, a word of caution. This article contains plot spoilers for Severance. (And in case you’re already wondering: No, the goats are not computer-graphics.) Severance tells the story of Mark Scout (Adam Scott), department chief of the secretive Severed Floor located in the basement level of Lumon Industries, a multinational biotech corporation. Mark S., as he’s known to his co-workers, heads up Macrodata Refinement (MDR), a department where employees help categorize numbers without knowing the true purpose of their work.  Mark and his team – Helly R. (Britt Lower), Dylan G. (Zach Cherry), and Irving B. (John Turturro), have all undergone a surgical procedure to “sever” their personal lives from their work lives. The chip embedded in their brains effectively creates two personalities that are sometimes at odds: an “Innie” during Lumon office hours and an “Outie” at home. “This is the first show I’ve ever done where it’s nothing but invisible effects. It’s a really different calculus because nobody talks about them. And if you’ve done them well, they are invisible to the naked eye.”Eric Leven 1. The Running Man (Episode 201: “Hello, Ms. Cobel”) The season one finale ends on a major cliffhanger. Mark S. learns that his Outie’s wife, Gemma – believed killed in a car crash years ago – is actually alive somewhere inside the Lumon complex. Season two opens with Mark S. arriving at the Severed Floor in a desperate search for Gemma, who he only knows as her Innie persona, Ms. Casey. The fast-paced sequence is designed to look like a single, two-minute shot. It begins with the camera making a series of rapid and elaborate moves around a frantic Mark S. as he steps out of the elevator, into the Severed Floor lobby, and begins running through the hallways. “The nice thing about that sequence was that everyone knew it was going to be difficult and challenging,” Leven says, adding that executive producer and Episode 201 director, Ben Stiller, began by mapping out the hallway run with his team. Leven recommended that a previsualization sequence – provided by The Third Floor – would help the filmmakers refine their plan before cameras rolled. “While prevising it, we didn’t worry about how we would actually photograph anything. It was just, ‘These are the visuals we want to capture,’” Leven says. “‘What does it look like for this guy to run down this hallway for two minutes? We’ll figure out how to shoot it later.’” The previs process helped determine how best to shoot the sequence, and also informed which parts of the soundstage set would have to be digitally replaced. The first shot was captured by a camera mounted on a Bolt X Cinebot motion-control arm provided by The Garage production company. The size of the motion-control setup, however, meant it could not fit in the confined space of an elevator or the existing hallways. “We couldn’t actually shoot in the elevator,” Leven says. “The whole elevator section of the set was removed and was replaced with computer graphics [CG].” In addition to the elevator, ILM artists replaced portions of the floor, furniture, and an entire lobby wall, even adding a reflection of Adam Scott into the elevator doors. As Scott begins running, he’s picked up by a second camera mounted on a more compact, stabilized gimbal that allows the operator to quickly run behind and sometimes in front of the actor as he darts down different hallways. ILM seamlessly combined the first two Mark S. plates in a 2D composite. “Part of that is the magic of the artists at ILM who are doing that blend. But I have to give credit to Adam Scott because he ran the same way in both cameras without really being instructed,” says Leven. “Lucky for us, he led with the same foot. He used the same arm. I remember seeing it on the set, and I did a quick-and-dirty blend right there and thought, ‘Oh my gosh, this is going to work.’ So it was really nice.” The action continues at a frenetic pace, ultimately combining ten different shots to complete the sequence. “We didn’t want the very standard sleight of hand that you’ve seen a lot where you do a wipe across the white hallway,” Leven explains. “We tried to vary that as much as possible because we didn’t want to give away the gag. So, there are times when the camera will wipe across a hallway, and it’s not a computer graphics wipe. We’d hide the wipe somewhere else.” A slightly more complicated illusion comes as the camera sweeps around Mark S. from back to front as he barrels down another long hallway. “There was no way to get the camera to spin around Mark while he is running because there’s physically not enough room for the camera there,” says Leven. To capture the shot, Adam Scott ran on a treadmill placed on a green screen stage as the camera maneuvered around him. At that point, the entire hallway environment is made with computer graphics. Artists even added a few extra frames of the actor to help connect one shot to the next, selling the illusion of a single continuous take. “We painted in a bit of Adam Scott running around the corner. So if you freeze and look through it, you’ll see a bit of his heel. He never completely clears the frame,” Leven points out. Leven says ILM also provided Ben Stiller with options when it came to digitally changing up the look of Lumon’s sterile hallways: sometimes adding extra doors, vents, or even switching door handles. “I think Ben was very excited about having this opportunity,” says Leven. “He had never had a complete, fully computer graphics version of these hallways before. And now he was able to do things that he was never able to do in season one.” (Credit: Apple TV+). 2. Let it Snow (Episode 204: “Woe’s Hollow”) The MDR team – Mark, Helly, Dylan, and Irving – unexpectedly find themselves in the snowy wilderness as part of a two-day Lumon Outdoor Retreat and Team-Building Occurrence, or ORTBO.  Exterior scenes were shot on location at Minnewaska State Park Preserve in New York. Throughout the ORTBO sequence, ILM performed substantial environment enhancements, making trees and landscapes appear far snowier than they were during the shoot. “It’s really nice to get the actors out there in the cold and see their breath,” Leven says. “It just wasn’t snowy during the shoot. Nearly every exterior shot was either replaced or enhanced with snow.” For a shot of Irving standing on a vast frozen lake, for example, virtually every element in the location plate – including an unfrozen lake, mountains, and trees behind actor John Turturro – was swapped out for a CG environment. Wide shots of a steep, rocky wall Irving must scale to reach his co-workers were also completely digital. Eventually, the MDR team discovers a waterfall that marks their arrival at a place called Woe’s Hollow. The location – the state park’s real-life Awosting Falls – also got extensive winter upgrades from ILM, including much more snow covering the ground and trees, an ice-covered pond, and hundreds of icicles clinging to the rocky walls. “To make it fit in the world of Severance, there’s a ton of work that has to happen,” Leven tells ILM.com. (Credit: Apple TV+). 3. Welcome to Lumon (Episode 202: “Goodbye, Mrs. Selvig” & Episode 203: “Who is Alive?”) The historic Bell Labs office complex, now known as Bell Works in Holmdel Township, New Jersey, stands in as the fictional Lumon Industries headquarters building. Exterior shots often underwent a significant digital metamorphosis, with artists transforming areas of green grass into snow-covered terrain, inserting a CG water tower, and rendering hundreds of 1980s-era cars to fill the parking lot. “We’re always adding cars, we’re always adding snow. We’re changing, subtly, the shape and the layout of the design,” says Leven. “We’re seeing new angles that we’ve never seen before. On the roof of Lumon, for example, the air conditioning units are specifically designed and created with computer graphics.” In real life, the complex is surrounded by dozens of houses, requiring the digital erasure of entire neighborhoods. “All of that is taken out,” Leven explains. “CG trees are put in, and new mountains are put in the background.” Episodes 202 and 203 feature several night scenes shot from outside the building looking in. In one sequence, a camera drone flying outside captured a long tracking shot of Helena Eagan (Helly R.’s Outie) making her way down a glass-enclosed walkway. The building’s atrium can be seen behind her, complete with a massive wall sculpture depicting company founder Kier Eagan. “We had to put the Kier sculpture in with the special lighting,” Leven reveals. “The entire atrium was computer graphics.” Artists completed the shot by adding CG reflections of the snowy parking lot to the side of the highly reflective building. “We have to replace what’s in the reflections because the real reflection is a parking lot with no snow or a parking lot with no cars,” explains Leven. “We’re often replacing all kinds of stuff that you wouldn’t think would need to be replaced.” Another nighttime scene shot from outside the building features Helena in a conference room overlooking the Lumon parking lot, which sits empty except for Mr. Milchick (Tramell Tillman) riding in on his motorcycle. “The top story, where she is standing, was practical,” says Leven, noting the shot was also captured using a drone hovering outside the window. “The second story below her was all computer graphics. Everything other than the building is computer graphics. They did shoot a motorcycle on location, getting as much practical reference as possible, but then it had to be digitally replaced after the fact to make it work with the rest of the shot.” (Credit: Apple TV+). 4. Time in Motion (Episode 207: “Chikhai Bardo”) Episode seven reveals that MDR’s progress is being monitored by four dopplegang-ish observers in a control room one floor below, revealed via a complex move that has the camera traveling downward through a mass of data cables. “They built an oversize cable run, and they shot with small probe lenses. Visual effects helped by blending several plates together,” explains Leven. “It was a collaboration between many different departments, which was really nice. Visual effects helped with stuff that just couldn’t be shot for real. For example, when the camera exits the thin holes of the metal grate at the bottom of the floor, that grate is computer graphics.” The sequence continues with a sweeping motion-control time-lapse shot that travels around the control-room observers in a spiral pattern, a feat pulled off with an ingenious mix of technical innovation and old-school sleight of hand. A previs sequence from The Third Floor laid out the camera move, but because the Bolt arm motion-control rig could only travel on a straight track and cover roughly one-quarter of the required distance, The Garage came up with a way to break the shot into multiple passes. The passes would later be stitched together into one seemingly uninterrupted movement. The symmetrical set design – including the four identical workstations – helped complete the illusion, along with a clever solution that kept the four actors in the correct position relative to the camera. “The camera would basically get to the end of the track,” Leven explains. “Then everybody would switch positions 90 degrees. Everyone would get out of their chairs and move. The camera would go back to one, and it would look like one continuous move around in a circle because the room is perfectly symmetrical, and everything in it is perfectly symmetrical. We were able to move the actors, and it looks like the camera was going all the way around the room.” The final motion-control move switches from time-lapse back to real time as the camera passes by a workstation and reveals Mr. Drummond (Ólafur Darri Ólafsson) and Dr. Mauer (Robby Benson) standing behind it. Leven notes that each pass was completed with just one take. 5. Mark vs. Mark (Episode 210: “Cold Harbor”) The Severance season two finale begins with an increasingly tense conversation between Innie Mark and Outie Mark, as the two personas use a handheld video camera to send recorded messages back and forth. Their encounter takes place at night in a Lumon birthing cabin equipped with a severance threshold that allows Mark S. to become Mark Scout each time he steps outside and onto the balcony. The cabin set was built on a soundstage at York Studios in the Bronx, New York. The balcony section consisted of the snowy floor, two chairs, and a railing, all surrounded by a blue screen background. Everything else was up to ILM to create. “It was nice to have Ben’s trust that we could just do it,” Leven remembers. “He said, ‘Hey, you’re just going to make this look great, right?’ We said, ‘Yeah, no problem.’” Artists filled in the scene with CG water, mountains, and moonlight to match the on-set lighting and of course, more snow. As Mark Scout steps onto the balcony, the camera pulls back to a wide shot, revealing the cabin’s full exterior. “They built a part of the exterior of the set. But everything other than the windows, even the railing, was digitally replaced,” Leven says. “It was nice to have Ben [Stiller’s] trust that we could just do it. He said, ‘Hey, you’re just going to make this look great, right?’ We said, ‘Yeah, no problem.’”Eric Leven Bonus: Marching Band Magic (Episode 210: “Cold Harbor”) Finally, our bonus visual effects shot appears roughly halfway through the season finale. To celebrate Mark S. completing the Cold Harbor file, Mr. Milchick orders up a marching band from Lumon’s Choreography and Merriment department. Band members pour into MDR, but Leven says roughly 15 to 20 shots required adding a few more digital duplicates. “They wanted it to look like MDR was filled with band members. And for several of the shots there were holes in there. It just didn’t feel full enough,” he says. In a shot featuring a God’s-eye view of MDR, band members hold dozens of white cards above their heads, forming a giant illustration of a smiling Mark S. with text that reads “100%.” “For the top shot, we had to find a different stage because the MDR ceiling is only about eight feet tall,” recalls Leven. “And Ben really pushed to have it done practically, which I think was the right call because you’ve already got the band members, you’ve made the costumes, you’ve got the instruments. Let’s find a place to shoot it.” To get the high shot, the production team set up on an empty soundstage, placing signature MDR-green carpet on the floor. A simple foam core mock-up of the team’s desks occupied the center of the frame, with the finished CG versions added later. Even without the restraints of the practical MDR walls and ceiling, the camera could only get enough height to capture about 30 band members in the shot. So the scene was digitally expanded, with artists adding more green carpet, CG walls, and about 50 more band members. “We painted in new band members, extracting what we could from the practical plate,” Leven says. “We moved them around; we added more, just to make it look as full as Ben wanted.” Every single white card in the shot, Leven points out, is completely digital. (Credit: Apple TV+). A Mysterious and Important Collaboration With fans now fiercely debating the many twists and turns of Severance season two, Leven is quick to credit ILM’s two main visual effects collaborators: east side effects and Mango FX INC, as well as ILM studios and artists around the globe, including San Francisco, Vancouver, Singapore, Sydney, and Mumbai. Leven also believes Severance ultimately benefited from a successful creative partnership between ILM and Ben Stiller. “This one clicked so well, and it really made a difference on the show,” Leven says. “I think we both had the same sort of visual shorthand in terms of what we wanted things to look like. One of the things I love about working with Ben is that he’s obviously grounded in reality. He wants to shoot as much stuff real as possible, but then sometimes there’s a shot that will either come to him late or he just knows is impractical to shoot. And he knows that ILM can deliver it.” — Clayton Sandell is a Star Wars author and enthusiast, TV storyteller, and a longtime fan of the creative people who keep Industrial Light & Magic and Skywalker Sound on the leading edge of visual effects and sound design. Follow him on Instagram (@claytonsandell) Bluesky (@claytonsandell.com) or X (@Clayton_Sandell).

Great star corals in the grip of disease have been saved with probiotics — beneficial bacteria that attack or displace invading pathogens or possibly trigger immune responses to them. What’s causing this deadly disease remains unidentified. But researchers at the Smithsonian Marine Station in Fort Pierce, Fla., were able to successfully halt progression of the disease’s symptoms, the team reports June 5 in Frontiers in Marine Science. The condition is called stony coral tissue loss disease and is characterized by white lesions that lead to the loss of polyps — tiny soft-bodied organisms similar to sea anemones — blanketing coral. Eventually, nothing but the white coral skeleton is left behind. The disease emerged in Florida in 2014 and has spread rampantly throughout the Florida Keys and the Caribbean. A great star coral (M. cavernosa) colony is infected with stony coral tissue loss disease on the coral reef in Fort Lauderdale. The lesion, where the white band of tissue occurs, typically moves across the coral, killing coral tissue along the way. Kelly Pitts/Smithsonian Researchers suspect that the disease is bacterial in nature. Antibiotic treatments can offer a quick fix, but these drugs do not prevent reinfection and carry the risk of the mysterious pathogen building resistance against them. So, in late 2020, the Smithsonian group tried for a more sustainable solution, giving probiotics to 30 infected great star coral colonies. The helpful microbes came from corals tested in the lab that showed resistance to the disease. “We noticed that one of the coral fragments would not get infected … so one of the first things we did was try to culture the microbes that are on this coral,” says microbiologist Blake Ushijima, who developed the probiotic used in the team’s experiment. “These microbes produce antibacterial compounds … and one had a high level of activity against bacteria from diseased corals,” acting as a “pro” biotic, by somehow neutralizing pathogens. The identified microbe, a bacterium called McH1-7, became the active ingredient in a paste delivered by divers to several infected colonies. They covered these colonies with plastic bags to immerse them in the probiotic solution, injecting the paste into the bags using a syringe. They also applied the paste directly to other colonies, slathering lesions caused by the disease. A probiotic paste of McH1-7 is applied to the disease lesion of a great star coral (M. cavernosa) colony infected with stony coral tissue loss disease. The paste was then smoothed flat with a gloved hand so that all apparently infected tissue was covered by the lesion-specific treatment.Kelly Pitts/Smithsonian For two and a half years, the team monitored the corals’ health. The probiotics slowed or stopped the disease from spreading in all eight colonies treated inside bags. On average, the disease’s ugly advance was held to only 7 percent of tissue, compared with an aggressive 30 percent on untreated colonies. The paste put directly on the coral had no beneficial effect. The results are encouraging, but coauthor Valerie Paul cautions against declaring the probiotic a cure. She doubts the practicality of swimming around with heavily weighted plastic bags and putting them on corals. And, she points out, the study was limited to one species of coral, when the disease plagues over 30. Sponsor Message Still, Ushijima considers the study a proof of concept. “The idea of coral probiotics has been thrown around for decades, but no one has directly shown their effects on disease in the wild,” he says. “I think it’s very exciting because it’s actually opening the door to a new field.”

Get the Popular Science daily newsletter💡 Breakthroughs, discoveries, and DIY tips sent every weekday. Probiotics are everywhere, claiming to help us poop, restore gut health, and more. They can also be used to help threatened coral reefs. A bacterial probiotic has helped slow the spread of stony coral tissue loss disease (SCTLD) in wild corals in Florida that were already infected with the disease. The findings are detailed in a study published June 5 in the journal Frontiers in Marine Science and show that applying this new probiotic treatment across coral colines helped prevent further tissue loss. What is stony coral tissue loss disease (SCTLD)? SCTLD first emerged in Florida in 2014. In the 11 years since, it has rapidly spread throughout the Caribbean. This mysterious ailment has been confirmed in at least 20 other countries and territories. Other coral pathogens typically target specific species. SCTLD infects more than 30 different species of stony corals, including pillar corals and brain corals. The disease causes the soft tissue in the corals to slough off, leaving behind white patches of exposed skeleton. The disease can devastate an entire coral colony in only a few weeks to months.  A great star coral (Montastraea cavernosa) colony infected with stony coral tissue lossdisease (SCTLD) on the coral reef in Fort Lauderdale, FL. The lesion, where the white band of tissue occurs, typically moves across the coral, killing coral tissue along the way. CREDIT: KellyPitts, Smithsonian. The exact cause of SCTLD is still unknown, but it appears to be linked to some kind of harmful bacteria. Currently, the most common treatment for SCTLD is using a paste that contains the antibiotic amoxicillin on diseased corals. However, antibiotics are not a silver bullet. This amoxicillin balm can temporarily halt SCTLD’s spread, but it needs to be frequently reapplied to the lesions on the corals. This takes time and resources, while increasing the likelihood that the microbes causing SCTLD might develop resistance to amoxicillin and related antibiotics. “Antibiotics do not stop future outbreaks,” Valerie Paul, a study co-author and the head scientist at the Smithsonian Marine Station at Fort Pierce, Florida, said in a statement. “The disease can quickly come back, even on the same coral colonies that have been treated.” Finding the right probiotic Paul and her colleagues have spent over six years investigating whether beneficial microorganisms (aka probiotics) could be a longer lasting alternative to combat this pathogen. Just like humans, corals are host to communities known as microbiomes that are bustling with all different types of bacteria. Some of these miniscule organisms produce antioxidants and vitamins that can help keep their coral hosts healthy.  First, the team looked at the microbiomes of corals that are impervious to SCTLD to try and harvest probiotics from these disease-resistant species. In theory, these could be used to strengthen the microbiomes of susceptible corals.  They tested over 200 strains of bacteria from disease-resistant corals and published a study in 2023 about the probiotic Pseudoalteromonas sp. McH1-7 (or McH1-7 for short). Taken from the great star coral (Montastraea cavernosa), this probiotic produces several antibacterial compounds. Having such a stacked antibacterial toolbox made McH1-7 an ideal candidate to combat a pathogen like SCTLD. They initially tested McH1-7 on live pieces of M. cavernosa and found that the probiotic reliably prevented the spread of SCTLD in the lab. After these successful lab tests, the wild ocean called next. Testing in the ocean The team conducted several field tests on a shallow reef near Fort Lauderdale, focusing on 40 M. cavernosa colonies that showed signs of SCTLD. Some of the corals in these colonies received a paste containing the probiotic McH1-7 that was applied directly to the disease lesions. They treated the other corals with a solution of seawater containing McH1-7 and covered them using weighted plastic bags. The probiotics were administered inside the bag in order to cover the entire coral colony.   “This created a little mini-aquarium that kept the probiotics around each coral colony,” Paul said. For two and a half years, they monitored the colonies, taking multiple rounds of tissue and mucus samples to see how the corals’ microbiomes were changing over time. They found that  the McH1-7 probiotic successfully slowed the spread of SCTLD when it was delivered to the entire colony using the bag and solution method. According to the samples, the probiotic was effective without dominating the corals’ natural microbes.  Kelly Pitts, a research technician with the Smithsonian Marine Station at Ft. Pierce, Floridaand co-lead author of the study treats great star coral (Montaststraea cavernosa) colonies infected with SCTLD with probiotic strain McH1-7 by covering the coral colony in a plastic bag, injecting a probiotic bacteria solution into the bag and leaving the bag for two hours to allow for the bacteria to colonize on the coral. CREDIT: Hunter Noren. Fighting nature with nature While using this probiotic appears to be an effective treatment for SCTLD among the reefs of northern Florida, additional work is needed to see how it could work in other regions. Similar tests on reefs in the Florida Keys have been conducted, with mixed preliminary results, likely due to regional differences in SCTLD. The team believes that probiotics still could become a crucial tool for combatting SCTLD across the Caribbean, especially as scientists fine tune how to administer them. Importantly, these beneficial bacteria support what corals already do naturally.  “Corals are naturally rich with bacteria and it’s not surprising that the bacterial composition is important for their health,” Paul said. “We’re trying to figure out which bacteria can make these vibrant microbiomes even stronger.”

IT Pros ‘Extremely Worried’ About Shadow AI: Report By John P. Mello Jr. June 4, 2025 5:00 AM PT ADVERTISEMENT Enterprise IT Lead Generation Services Fuel Your Pipeline. Close More Deals. Our full-service marketing programs deliver sales-ready leads. 100% Satisfaction Guarantee! Learn more. Shadow AI — the use of AI tools under the radar of IT departments — has information technology directors and executives worried, according to a report released Tuesday. The report, based on a survey of 200 IT directors and executives at U.S. enterprise organizations of 1,000 employees or more, found nearly half the IT pros (46%) were “extremely worried” about shadow AI, and almost all of them (90%) were concerned about it from a privacy and security viewpoint. “As our survey found, shadow AI is resulting in palpable, concerning outcomes, with nearly 80% of IT leaders saying it has resulted in negative incidents such as sensitive data leakage to Gen AI tools, false or inaccurate results, and legal risks of using copyrighted information,” said Krishna Subramanian, co-founder of Campbell, Calif.-based Komprise, the unstructured data management company that produced the report. “Alarmingly, 13% say that shadow AI has caused financial or reputational harm to their organizations,” she told TechNewsWorld. Subramanian added that shadow AI poses a much greater problem than shadow IT, which primarily focuses on departmental power users purchasing cloud instances or SaaS tools without obtaining IT approval. “Now we’ve got an unlimited number of employees using tools like ChatGPT or Claude AI to get work done, but not understanding the potential risk they are putting their organizations at by inadvertently submitting company secrets or customer data into the chat prompt,” she explained. “The data risk is large and growing in still unforeseen ways because of the pace of AI development and adoption and the fact that there is a lot we don’t know about how AI works,” she continued. “It is becoming more humanistic all the time and capable of making decisions independently.” Shadow AI Introduces Security Blind Spots Shadow AI is the next step after shadow IT and is a growing risk, noted James McQuiggan, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla. “Users use AI tools for content, images, or applications and to process sensitive data or company information without proper security checks,” he told TechNewsWorld. “Most organizations will have privacy, compliance, and data protection policies, and shadow AI introduces blind spots in the organization’s data loss prevention.” “The biggest risk with shadow AI is that the AI application has not passed through a security analysis as approved AI tools may have been,” explained Melissa Ruzzi, director of AI at AppOmni, a SaaS security management software company, in San Mateo, Calif. “Some AI applications may be training models using your data, may not adhere to relevant regulations that your company is required to follow, and may not even have the data storage security level you deem necessary to keep your data from being exposed,” she told TechNewsWorld. “Those risks are blind spots of potential security vulnerabilities in shadow AI.” Krishna Vishnubhotla, vice president of product strategy at Zimperium, a mobile security company based in Dallas, noted that shadow AI extends beyond unapproved applications and involves embedded AI components that can process and disseminate sensitive data in unpredictable ways. “Unlike traditional shadow IT, which may be limited to unauthorized software or hardware, shadow AI can run on employee mobile devices outside the organization’s perimeter and control,” he told TechNewsWorld. “This creates new security and compliance risks that are harder to track and mitigate.” Vishnubhotla added that the financial impact of shadow AI varies, but unauthorized AI tools can lead to significant regulatory fines, data breaches, and loss of intellectual property. “Depending on the scale of the agency and the sensitivity of the data exposed, the costs could range from millions to potentially billions in damages due to compliance violations, remediation efforts, and reputational harm,” he said. “Federal agencies handling vast amounts of sensitive or classified information, financial institutions, and health care organizations are particularly vulnerable,” he said. “These sectors collect and analyze vast amounts of high-value data, making AI tools attractive. But without proper vetting, these tools could be easily exploited.” Shadow AI Everywhere and Easy To Use Nicole Carignan, SVP for security and AI strategy at Darktrace, a global cybersecurity AI company, predicts an explosion of tools that utilize AI and generative AI within enterprises and on devices used by employees. “In addition to managing AI tools that are built in-house, security teams will see a surge in the volume of existing tools that have new AI features and capabilities embedded, as well as a rise in shadow AI,” she told TechNewsWorld. “If the surge remains unchecked, this raises serious questions and concerns about data loss prevention, as well as compliance concerns as new regulations start to take effect.” “That will drive an increasing need for AI asset discovery — the ability for companies to identify and track the use of AI systems throughout the enterprise,” she said. “It is imperative that CIOs and CISOs dig deep into new AI security solutions, asking comprehensive questions about data access and visibility.” Shadow AI has become so rampant because it is everywhere and easy to access through free tools, maintained Komprise’s Subramanian. “All you need is a web browser,” she said. “Enterprise users can inadvertently share company code snippets or corporate data when using these Gen AI tools, which could create data leakage.” “These tools are growing and changing exponentially,” she continued. “It’s really hard to keep up. As the IT leader, how do you track this and determine the risk? Managers might be looking the other way because their teams are getting more done. You may need fewer contractors and full-time employees. But I think the risk of the tools is not well understood.” “The low, or in some cases non-existent, learning curve associated with using Gen AI services has led to rapid adoption, regardless of prior experience with these services,” added Satyam Sinha, CEO and co-founder of Acuvity, a provider of runtime Gen AI security and governance solutions, in Sunnyvale, Calif. “Whereas shadow IT focused on addressing a specific challenge for particular employees or departments, shadow AI addresses multiple challenges for multiple employees and departments. Hence, the greater appeal,” he said. “The abundance and rapid development of Gen AI services also means employees can find the right solution [instantly]. Of course, all these traits have direct security implications.” Banning AI Tools Backfires To support innovation while minimizing the threat of shadow AI, enterprises must take a three-pronged approach, asserted Kris Bondi, CEO and co-founder of Mimoto, a threat detection and response company in San Francisco. They must educate employees on the dangers of unsupported, unmonitored AI tools, create company protocols for what is not acceptable use of unauthorized AI tools, and, most importantly, provide AI tools that are sanctioned. “Explaining why one tool is sanctioned and another isn’t greatly increases compliance,” she told TechNewsWorld. “It does not work for a company to have a zero-use mandate. In fact, this results in an increase in stealth use of shadow AI.” In the very near future, more and more applications will be leveraging AI in different forms, so the reality of shadow AI will be present more than ever, added AppOmni’s Ruzzi. “The best strategy here is employee training and AI usage monitoring,” she said. “It will become crucial to have in place a powerful SaaS security tool that can go beyond detecting direct AI usage of chatbots to detect AI usage connected to other applications,” she continued, “allowing for early discovery, proper risk assessment, and containment to minimize possible negative consequences.” “Shadow AI is just the beginning,” KnowBe4’s McQuiggan added. “As more teams use AI, the risks grow.” He recommended that companies start small, identify what’s being used, and build from there. They should also get legal, HR, and compliance involved. “Make AI governance part of your broader security program,” he said. “The sooner you start, the better you can manage what comes next.” John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John. Leave a Comment Click here to cancel reply. Please sign in to post or reply to a comment. New users create a free account. Related Stories More by John P. Mello Jr. view all More in IT Leadership

Over the past few weeks, VMware customers holding onto their perpetual licenses, which are often unsupported and in limbo, have reportedly begun receiving formal cease-and-desist letters from Broadcom. The message is as blunt as it is unsettling: your support contract has expired, and you are to immediately uninstall any updates, patches, or enhancements released since that expiration date. Not only that, but audits could follow, with the possibility of “enhanced damages” for breach of contract. This is a sharp escalation in an effort to push perpetual license holders toward VMware’s new subscription-only model. For many, it signals the end of an era where critical infrastructure software could be owned, maintained, and supported on long-term, stable terms. Now, even those who bought VMware licenses outright are being told that support access is off the table unless they sign on to the new subscription regime. As a result, enterprises are being forced to make tough decisions about how they manage and support one of the most foundational layers of their IT environments. VMware isn’t just another piece of enterprise software. It’s the plumbing. The foundation. The layer everything else runs on top of, which is precisely why many CIOs flinch at the idea of running unsupported. The potential risk is too great. A vulnerability or failure in your virtual infrastructure isn’t the same as a bug in a CRM. It’s a systemic weakness. It touches everything. This technical risk is, without question, the biggest barrier to any organization considering support options outside of VMware’s official offering. And it’s a valid concern.  But technical risk isn’t black and white. It varies widely depending on version, deployment model, network architecture, and operational maturity. A tightly managed and stable VMware environment running a mature release with minimal exposure doesn’t carry the same risk profile as an open, multi-tenant deployment on a newer build. The prevailing assumption is that support equals security—and that operating unsupported equals exposure. But this relationship is more complex than it appears. In most enterprise environments, security is not determined by whether a patch is available. It’s determined by how well the environment is configured, managed, and monitored. Patches are not applied instantly. Risk assessments, integration testing, and change control processes introduce natural delays. And in many cases, security gaps arise not from missing patches but from misconfigurations: exposed management interfaces, weak credentials, overly permissive access. An unpatched environment, properly maintained and reviewed, can be significantly more secure than a patched one with poor hygiene. Support models that focus on proactive security—through vulnerability analysis, environment-specific impact assessments, and mitigation strategies—offer a different but equally valid form of protection. They don’t rely on patch delivery alone. They consider how a vulnerability behaves in the attack chain, whether it’s exploitable, and what compensating controls are available.  Read more about VMware security Hacking contest exposes VMware security: In what has been described as a historical first, hackers in Berlin have been able to demo successful attacks on the ESXi hypervisor. No workaround leads to more pain for VMware users: There are patches for the latest batch of security alerts from Broadcom, but VMware users on perpetual licences may not have access. This kind of tailored risk management is especially important now, as vendor support for older VMware versions diminishes. Many reported vulnerabilities relate to newer product components or bundled services, not the core virtualization stack. The perception of rising security risk needs to be balanced against the stability and maturity of the versions in question. In other words, not all unsupported deployments are created equal. Some VMware environments—particularly older versions like vSphere 5.x or 6.x—are already beyond the range of vendor patching. In these cases, the transition to unsupported status may be more symbolic than substantive. The risk profile has not meaningfully changed.  Others, particularly organisations operating vSphere 7 or 8 without an active support contract, face a more complex challenge. Some critical security patches remain accessible, depending on severity and version, but the margin of certainty is shrinking.   These are the cases where enterprises are increasingly turning to alternative support models to bridge the gap—ensuring continuity, maintaining compliance, and retaining access to skilled technical expertise. Third-party support is sometimes seen as a temporary fix—a way to buy time while organizations figure out their long-term plans. And it can serve that purpose well. But increasingly, it’s also being recognized as a strategic choice in its own right: a long-term solution for enterprises that want to maintain operational stability with a reliable support partner while retaining control over their virtualization roadmap.What distinguishes third-party support in this context isn’t just cost control, it’s methodology.   Risk is assessed holistically, identifying which vulnerabilities truly matter, what can be addressed through configuration, and when escalation is genuinely required. This approach recognises that most enterprises aren’t chasing bleeding-edge features. They want to run stable, well-understood environments that don’t change unpredictably. Third-party support helps them do exactly that, without being forced into a rapid, costly migration or a subscription contract that may not align with their business needs.  Crucially, it enables organisations to move on their own timeline. Much of the conversation around unsupported VMware environments focuses on technical risk. But the longer-term threat may be strategic. The end of perpetual licensing, the sharp rise in subscription pricing, and now the legal enforcement of support boundaries all points to a much bigger problem: a loss of control over infrastructure strategy.  Vendor-imposed timelines, licensing models, and audit policies are increasingly dictating how organizations use the very software they once owned outright. Third-party support doesn’t eliminate risk—nothing can. But it redistributes and controls it. It gives enterprises more agency over when and how they migrate, how they manage updates, and where they invest. In a landscape shaped by vendor agendas, that independence is increasingly critical.  Broadcom’s cease-and-desist letters represent a new phase in the relationship between software vendors and customers—one defined not by collaboration, but by contractual enforcement. And for VMware customers still clinging to the idea of “owning” their infrastructure, it’s a rude awakening: support is no longer optional, and perpetual is no longer forever. Organizations now face three paths: accept the subscription model, attempt a rapid migration to an alternative platform, or find a support model that gives them the stability to decide their future on their own terms.  For many, the third option is the only one that balances operational security with strategic flexibility.  The question now isn’t whether unsupported infrastructure is risky. The question is whether the greater risk is allowing someone else to dictate what happens next. 

Programmatic video advertising is a complex, multi-layered topic. Multiple networks serving different audiences — advertisers on the demand side and publishers on the supply side — work together with third-party mediators to serve video ads to billions of end users in the blink of an eye.It’s also a multi-billion dollar industry under constant, rapid evolution, and understanding it is key to reaching your audience and maximizing ROAS. Wherever you are on the demand or supply-side of the mobile ad stack, you should be aware of how the programmatic ad service process works and where things are headed.Let’s dive into programmatic video advertising and go over what it is, identify several key trends for the future, and break down how to choose a programmatic video platform that’s right for you.In this post, we’ll cover the following:What is programmatic video advertising?A timeline of growth for programmatic video advertisingProgrammatic video trends to watchHow to choose a programmatic video advertising platformMake programmatic video easyWhat is programmatic video advertising?For years, direct media buying — where advertisers made direct deals with publishers to determine exactly where their ads would run — ruled the landscape. And while direct media buying still works for static media, the advent of interactivity through the internet and smartphones allows for users to be directly catered to based on their individual interests. That’s where programmatic video advertising comes in.But what’s a good programmatic video definition? Essentially, as ads are served to users in mobile games, through connected TV experiences like Roku, or social media platforms, they are bid on in real-time by ad networks. The value of the bids is determined by characteristics like user demographics, what game they’re playing or app they’re using, and the bid ceiling set by the advertiser. The winner of the bid has their video served to the user.What makes programmatic video advertising so mind-blowing is that all of these bids are happening automatically in the fractions of a second between the moment an ad is called (like when a user taps on a button to double their reward in a game) and when it’s served. Market forces determine the cost of an ad, and data like user acquisition and ROAS can be monitored in real-time. And while the whole market cycle can seem intimidating and highly-technical, platforms like the ironSource Exchange make it easier than ever to integrate and display ads.To learn more about the benefits of programmatic video advertising and the channels best suited for it, read our guide, What Is Programmatic Video Advertising?A timeline of growth for programmatic video advertisingThe programmatic video ad market has seen an explosion of growth over the last few years, and it shows no signs of slowing down.In 2019, surveys showed that programmatic video ad spending grew to more than $24B. Only two years later, that number shot up to $52B according to a 2021 report by eMarketer, with the potential for ad spend reaching $62.96B in 2022. Mobile ad spend accounts for two-thirds of all programmatic video spending, with connected TV following behind and steadily growing.And that’s just in the United States. Global programmatic video ad spending reached $112.9B in 2019, eventually hitting $155B in 2021 and accounting for 34% of all global programmatic ad spend.As smart device and mobile game adoption grows, so too will programmatic video grow to meet the demand.Read more about programmatic video growth and learn about the top programmatic advertising video players in Your Guide to the 2022 Programmatic Video Advertising Market.Programmatic video trends to watchMobile advertising technology moves fast, and it’s important to have a sense of where things are headed so you can stay a step ahead of the competition.In terms of ad content, the rise of TikTok as a social media platform has caused a shift in the kinds of ads companies are creating for the programmatic video marketplace. Ads themselves are starting to look like TikToks, often being repurposed from TikTok itself to suit the more specific needs of mobile games and other apps. Videos are shorter, filled with dances or direct conversations, and often embrace subtitles or other text alternatives like written signs to present information.Privacy moves made by Google and Apple have made waves throughout the industry, as the removal of third-party cookies and updated app tracking policies are forcing mobile ad companies to get creative with data solutions. Advertisers are looking to first-party data to replace information third-party cookies would normally provide, and are implementing solutions like rewarded ads and the offerwall to paint a better picture of user data. It’s also leading to a wider move toward consolidation, as agencies look across the demand- and supply-side stack for opportunities to shore up weaknesses and strengthen their offerings.How to choose a programmatic video advertising platformProgrammatic video advertising platforms integrate with the demand side and supply side of the mobile advertising stack, and determining which platform is best for you will depend on which side of the stack you’re on.Advertisers looking for the best way to increase their return on ad spend (ROAS) will want to find a platform that offers the following:A large audience of engaged usersFull-screen video offerings that won’t go unnoticedEasy testing for a variety of creative and placement optionsSDK integration that provides access to thousands of connected appsIf you’re an app publisher looking to maximize user engagement and revenue, you’ll want to find a platform that can:Connect your app with a large network of advertisersProvide rewarded videos and offerwallsEasily integrate via industry-standard SDKsProvide support for programmatic mediation so you can ensure impartiality on ad bidsCheck out our guide on How to Choose a Programmatic Video Advertising Platform: 8 Consideration for more details on how to pick a platform that suits your needs.Make programmatic video easyThere are a lot of moving parts within the programmatic video advertisement world, and it can seem like a lot to take in. You don’t have to sweat the hard stuff, though. The ironSource Programmatic Marketplace makes putting your ads in front of billions of engaged users in brand-safe environments with complete transparency easier than ever. Contact us today to learn more.