Technology

The K13 Turbo Pro hands-on. (Image source: Fixed Focus Digital via Weibo) The K13 Turbo and Turbo Pro are slated to launch as the world’s first Oppo smartphones with an active fan. The latter is now said to have a feature not often seen in handsets with its type of active cooling technology. It might

The “S200 Max”. (Image source: GSMArena) Doogee’s next rugged Android smartphone has a design element also thought to feature in a prominent rival to Apple’s next-gen iPhones. It is reportedly found alongside a 120Hz display, a night vision rear camera and an extra-large battery in the S200 Max. It might also have expandable storage to

Is this the EliteBook X G1i 14 or EliteBook Ultra G1i 14? (Image source: HP) Some models are becoming increasingly difficult to visually tell apart even for us testers. To laymen, the names “EliteBook X”, “EliteBook Ultra”, “Envy x360”, or “OmniBook x360” may be more confusing than helpful when distinguishing between lower-end and higher-end configurations.

We were connected across screens and time zones. I was in Nigeria, and she was in the UK. Two designers, two continents, one shared ambition: to thrive in tech, not just as participants, but as forces shaping its future. That connection wasn’t remarkable because it crossed borders. It was remarkable because the border didn’t matter.

When the Lagos State government banned motorcycles in 2020, it didn’t just disrupt movement. Companies like Gokada, ORide, and Max, were forced to either shut down or pivot in real time. Some succeeded in pivoting, others died.  That real-world friction is at the heart of Freedom Way, one of a handful of  Nollywood dramas that

Tosin Ayodele is a UK-based engineering lead who grew up in northern Nigeria, surrounded by family and neighbours who were farmers. Now based in the UK, he’s building an agrotech solution to help smallholder farmers in remote areas farm smarter using real-time weather and pest data without smartphones or internet.  As an engineer, Ayodele has

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now The Model Context Protocol (MCP) has become one of the most talked-about developments in AI integration since its introduction by Anthropic in late 2024. If you’re tuned into the AI space at all, you’ve likely been inundated with developer “hot takes” on the topic. Some think it’s the best thing ever; others are quick to point out its shortcomings. In reality, there’s some truth to both. One pattern I’ve noticed with MCP adoption is that skepticism typically gives way to recognition: This protocol solves genuine architectural problems that other approaches don’t. I’ve gathered a list of questions below that reflect the conversations I’ve had with fellow builders who are considering bringing MCP to production environments.  Of course, most developers considering MCP are already familiar with implementations like OpenAI’s custom GPTs, vanilla function calling, Responses API with function calling, and hardcoded connections to services like Google Drive. The question isn’t really whether MCP fully replaces these approaches — under the hood, you could absolutely use the Responses API with function calling that still connects to MCP. What matters here is the resulting stack. Despite all the hype about MCP, here’s the straight truth: It’s not a massive technical leap. MCP essentially “wraps” existing APIs in a way that’s understandable to large language models (LLMs). Sure, a lot of services already have an OpenAPI spec that models can use. For small or personal projects, the objection that MCP “isn’t that big a deal” is pretty fair. The AI Impact Series Returns to San Francisco – August 5 The next phase of AI is here – are you ready? Join leaders from Block, GSK, and SAP for an exclusive look at how autonomous agents are reshaping enterprise workflows – from real-time decision-making to end-to-end automation. Secure your spot now – space is limited: https://bit.ly/3GuuPLF The practical benefit becomes obvious when you’re building something like an analysis tool that needs to connect to data sources across multiple ecosystems. Without MCP, you’re required to write custom integrations for each data source and each LLM you want to support. With MCP, you implement the data source connections once, and any compatible AI client can use them. 2. Local vs. remote MCP deployment: What are the actual trade-offs in production? This is where you really start to see the gap between reference servers and reality. Local MCP deployment using the stdio programming language is dead simple to get running: Spawn subprocesses for each MCP server and let them talk through stdin/stdout. Great for a technical audience, difficult for everyday users. Remote deployment obviously addresses the scaling but opens up a can of worms around transport complexity. The original HTTP+SSE approach was replaced by a March 2025 streamable HTTP update, which tries to reduce complexity by putting everything through a single /messages endpoint. Even so, this isn’t really needed for most companies that are likely to build MCP servers. But here’s the thing: A few months later, support is spotty at best. Some clients still expect the old HTTP+SSE setup, while others work with the new approach — so, if you’re deploying today, you’re probably going to support both. Protocol detection and dual transport support are a must. Authorization is another variable you’ll need to consider with remote deployments. The OAuth 2.1 integration requires mapping tokens between external identity providers and MCP sessions. While this adds complexity, it’s manageable with proper planning. 3. How can I be sure my MCP server is secure? This is probably the biggest gap between the MCP hype and what you actually need to tackle for production. Most showcases or examples you’ll see use local connections with no authentication at all, or they handwave the security by saying “it uses OAuth.”  The MCP authorization spec does leverage OAuth 2.1, which is a proven open standard. But there’s always going to be some variability in implementation. For production deployments, focus on the fundamentals:  Proper scope-based access control that matches your actual tool boundaries  Direct (local) token validation Audit logs and monitoring for tool use However, the biggest security consideration with MCP is around tool execution itself. Many tools need (or think they need) broad permissions to be useful, which means sweeping scope design (like a blanket “read” or “write”) is inevitable. Even without a heavy-handed approach, your MCP server may access sensitive data or perform privileged operations — so, when in doubt, stick to the best practices recommended in the latest MCP auth draft spec. 4. Is MCP worth investing resources and time into, and will it be around for the long term? This gets to the heart of any adoption decision: Why should I bother with a flavor-of-the-quarter protocol when everything AI is moving so fast? What guarantee do you have that MCP will be a solid choice (or even around) in a year, or even six months?  Well, look at MCP’s adoption by major players: Google supports it with its Agent2Agent protocol, Microsoft has integrated MCP with Copilot Studio and is even adding built-in MCP features for Windows 11, and Cloudflare is more than happy to help you fire up your first MCP server on their platform. Similarly, the ecosystem growth is encouraging, with hundreds of community-built MCP servers and official integrations from well-known platforms.  In short, the learning curve isn’t terrible, and the implementation burden is manageable for most teams or solo devs. It does what it says on the tin. So, why would I be cautious about buying into the hype? MCP is fundamentally designed for current-gen AI systems, meaning it assumes you have a human supervising a single-agent interaction. Multi-agent and autonomous tasking are two areas MCP doesn’t really address; in fairness, it doesn’t really need to. But if you’re looking for an evergreen yet still somehow bleeding-edge approach, MCP isn’t it. It’s standardizing something that desperately needs consistency, not pioneering in

July 18, 2025 5:21 PM Image credit: VentureBeat with Imagen-4 Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Google has officially moved its new, high-performance Gemini Embedding model to general availability, currently ranking number one overall on the highly regarded Massive Text Embedding Benchmark (MTEB). The model (gemini-embedding-001) is now a core part of the Gemini API and Vertex AI, enabling developers to build applications such as semantic search and retrieval-augmented generation (RAG). While a number-one ranking is a strong debut, the landscape of embedding models is very competitive. Google’s proprietary model is being challenged directly by powerful open-source alternatives. This sets up a new strategic choice for enterprises: adopt the top-ranked proprietary model or a nearly-as-good open-source challenger that offers more control. What’s under the hood of Google’s Gemini embedding model At their core, embeddings convert text (or other data types) into numerical lists that capture the key features of the input. Data with similar semantic meaning have embedding values that are closer together in this numerical space. This allows for powerful applications that go far beyond simple keyword matching, such as building intelligent retrieval-augmented generation (RAG) systems that feed relevant information to LLMs.  Embeddings can also be applied to other modalities such as images, video and audio. For instance, an e-commerce company might utilize a multimodal embedding model to generate a unified numerical representation for a product that incorporates both textual descriptions and images. The AI Impact Series Returns to San Francisco – August 5 The next phase of AI is here – are you ready? Join leaders from Block, GSK, and SAP for an exclusive look at how autonomous agents are reshaping enterprise workflows – from real-time decision-making to end-to-end automation. Secure your spot now – space is limited: https://bit.ly/3GuuPLF For enterprises, embedding models can power more accurate internal search engines, sophisticated document clustering, classification tasks, sentiment analysis and anomaly detection. Embeddings are also becoming an important part of agentic applications, where AI agents must retrieve and match different types of documents and prompts. One of the key features of Gemini Embedding is its built-in flexibility. It has been trained through a technique known as Matryoshka Representation Learning (MRL), which allows developers to get a highly detailed 3072-dimension embedding but also truncate it to smaller sizes like 1536 or 768 while preserving its most relevant features. This flexibility enables an enterprise to strike a balance between model accuracy, performance and storage costs, which is crucial for scaling applications efficiently. Google positions Gemini Embedding as a unified model designed to work effectively “out-of-the-box” across diverse domains like finance, legal and engineering without the need for fine-tuning. This simplifies development for teams that need a general-purpose solution. Supporting over 100 languages and priced competitively at $0.15 per million input tokens, it is designed for broad accessibility. A competitive landscape of proprietary and open-source challengers Source: Google Blog The MTEB leaderboard shows that while Gemini leads, the gap is narrow. It faces established models from OpenAI, whose embedding models are widely used, and specialized challengers like Mistral, which offers a model specifically for code retrieval. The emergence of these specialized models suggests that for certain tasks, a targeted tool may outperform a generalist one. Another key player, Cohere, targets the enterprise directly with its Embed 4 model. While other models compete on general benchmarks, Cohere emphasizes its model’s ability to handle the “noisy real-world data” often found in enterprise documents, such as spelling mistakes, formatting issues, and even scanned handwriting. It also offers deployment on virtual private clouds or on-premises, providing a level of data security that directly appeals to regulated industries such as finance and healthcare. The most direct threat to proprietary dominance comes from the open-source community. Alibaba’s Qwen3-Embedding model ranks just behind Gemini on MTEB and is available under a permissive Apache 2.0 license (available for commercial purposes). For enterprises focused on software development, Qodo’s Qodo-Embed-1-1.5B presents another compelling open-source alternative, designed specifically for code and claiming to outperform larger models on domain-specific benchmarks. For companies already building on Google Cloud and the Gemini family of models, adopting the native embedding model can have several benefits, including seamless integration, a simplified MLOps pipeline, and the assurance of using a top-ranked general-purpose model. However, Gemini is a closed, API-only model. Enterprises that prioritize data sovereignty, cost control, or the ability to run models on their own infrastructure now have a credible, top-tier open-source option in Qwen3-Embedding or can use one of the task-specific embedding models. Daily insights on business use cases with VB Daily If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI. Read our Privacy Policy Thanks for subscribing. Check out more VB newsletters here. An error occured. Read More

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Called the “ChatGPT agent,” this new feature is an optional mode that ChatGPT paying subscribers can engage by clicking “Tools” in the prompt entry box and selecting “agent mode,” at which point, they can ask ChatGPT to log into their email and other web accounts; write and respond to emails; download, modify, and create files; and do a host of other tasks on their behalf, autonomously, much like a real person using a computer with their login credentials. Obviously, this also requires the user to trust the ChatGPT agent not to do anything problematic or nefarious, or to leak their data and sensitive information. It also poses greater risks for a user and their employer than the regular ChatGPT, which can’t log into web accounts or modify files directly. Keren Gu, a member of the Safety Research team at OpenAI, commented on X that “we’ve activated our strongest safeguards for ChatGPT Agent. It’s the first model we’ve classified as High capability in biology & chemistry under our Preparedness Framework. Here’s why that matters–and what we’re doing to keep it safe.” The AI Impact Series Returns to San Francisco – August 5 The next phase of AI is here – are you ready? Join leaders from Block, GSK, and SAP for an exclusive look at how autonomous agents are reshaping enterprise workflows – from real-time decision-making to end-to-end automation. Secure your spot now – space is limited: https://bit.ly/3GuuPLF So how did OpenAI handle all these security issues? The red team’s mission Looking at OpenAI’s ChatGPT agent system card, the “read team” employed by the company to test the feature faced a challenging mission: specifically, 16 PhD security researchers who were given 40 hours to test it out. Through systematic testing, the red team discovered seven universal exploits that could compromise the system, revealing critical vulnerabilities in how AI agents handle real-world interactions. What followed next was extensive security testing, much of it predicated on red teaming. The Red Teaming Network submitted 110 attacks, from prompt injections to biological information extraction attempts. Sixteen exceeded internal risk thresholds. Each finding gave OpenAI engineers the insights they needed to get fixes written and deployed before launch. The results speak for themselves in the published results in the system card. ChatGPT Agent emerged with significant security improvements, including 95% performance against visual browser irrelevant instruction attacks and robust biological and chemical safeguards. Red teams exposed seven universal exploits OpenAI’s Red Teaming Network was comprised 16 researchers with biosafety-relevant PhDs who topgether submitted 110 attack attempts during the testing period. Sixteen exceeded internal risk thresholds, revealing fundamental vulnerabilities in how AI agents handle real-world interactions. But the real breakthrough came from UK AISI’s unprecedented access to ChatGPT Agent’s internal reasoning chains and policy text. Admittedly that’s intelligence regular attackers would never possess. Over four testing rounds, UK AISI forced OpenAI to execute seven universal exploits that had the potential to compromise any conversation: Attack vectors that forced OpenAI’s hand Attack Type Success Rate (Pre-Fix) Target Impact Visual Browser Hidden Instructions 33% Web pages Active data exfiltration Google Drive Connector Exploitation Not disclosed Cloud documents Forced document leaks Multi-Step Chain Attacks Variable Cross-site actions Complete session compromise Biological Information Extraction 16 submissions exceeded thresholds Dangerous knowledge Potential weaponization FAR.AI’s assessment was openly critical of OpenAI’s approach. Despite 40 hours of testing revealing only three partial vulnerabilities, they identified that current safety mechanisms relied heavily on monitoring during reasoning and tool-use processes, which the researchers considered a potential single point of failure if compromised. How red teaming helped turn ChatGPT vulnerabilities into a fortress OpenAI’s response to the red team’s results redefined entire segments of the ChatGPT agent architecture. One of the many initiatives undertaken including building a dual-layer inspection architecture that monitors 100% of production traffic in real-time, achieving these measurable improvements: Security improvements after red team discoveries Defense Metric Previous Models ChatGPT Agent Improvement Irrelevant Instructions (Visual Browser) 82% 95% +13% In-Context Data Exfiltration 75% 78% +3% Active Data Exfiltration 58% 67% +9% System Reliability Sampling-based 100% coverage Complete monitoring The architecture works like this: First Tier: A fast classifier with 96% recall flags suspicious content Second Tier: A reasoning model with 84% recall analyzes flagged interactions for actual threats But the technical defenses tell only part of the story. OpenAI made difficult security choices that acknowledge some AI operations require significant restrictions for safe autonomous execution. Based on the vulnerabilities discovered, OpenAI implemented the following countermeasures across their model: Watch Mode Activation: When ChatGPT Agent accesses sensitive contexts like banking or email accounts, the system freezes all activity if users navigate away. This is in direct response to data exfiltration attempts discovered during testing. Memory Features Disabled: Despite being a core functionality, memory is completely disabled at launch to prevent the incremental data leaking attacks red teamers demonstrated. Terminal Restrictions: Network access limited to GET requests only, blocking the command execution vulnerabilities researchers exploited. Rapid Remediation Protocol: A new system that patches vulnerabilities within hours of discovery—developed after red teamers showed how quickly exploits could spread. During pre-launch testing alone, this system identified and resolved 16 critical vulnerabilities that red teamers had discovered. A biological risk wake-up call Red teamers revealed the potential that the ChatGPT Agent could be comprimnised and lead to greater biological risks. Sixteen experienced participants from the Red Teaming Network, each with biosafety-relevant PhDs, attempted to extract dangerous biological information. Their submissions revealed the model could synthesize published literature on modifying and creating biological threats. In response to the red teamers’ findings, OpenAI classified ChatGPT Agent as “High capability” for biological and chemical risks, not because they found definitive evidence of weaponization potential, but as a precautionary measure based on red team findings. This triggered: Always-on safety classifiers scanning 100% of traffic A topical classifier achieving 96% recall for biology-related content A reasoning monitor

July 18, 2025 3:03 PM Credit: VentureBeat made with Midjourney AI Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now AnyCoder, an open-source web app development environment developed by Hugging Face ML Growth Lead Ahsen Khaliq (@_akhaliq on X), has launched on Hugging Face Spaces. The tool, now available for all users of the AI code sharing repository Hugging Face, integrates live previews, multimodal input, and one-click deployment — all within a hosted environment, allowing indie creators without much technical expertise, or those working on behalf of clients or large enterprises, to get started “vibe coding” web apps rapidly using the assistance of Hugging Face-hosted AI models. It also acts therefore as an alternative to services such as Lovable, which also allow users to type in plain English and begin coding apps without having formal programming knowledge. Free vibe coding available to all, powered by Kimi K2 Khaliq built AnyCoder as a personal project within the Hugging Face ecosystem and as “one of the first vibe coding apps” to support Moonshot’s powerful yet small and efficient Kimi K2 model launched last week. AnyCoder’s main functionality allows users to enter plain-text descriptions to generate HTML, CSS, and JavaScript. These are displayed in a live preview pane and can be edited or directly deployed. It also includes example templates for todo apps, dashboards, calculators, and more. Screenshot of AnyCoder on Hugging Face Built entirely using Hugging Face’s open-source Python development environment Gradio, AnyCoder allows users to describe applications in plain English or upload images, and instantly generate working frontend code. Khaliq built AnyCoder as a personal project within the Hugging Face ecosystem. In a direct message conversation with this VentureBeat journalist, he described it as a “free open source vibe coding app.” However, he also noted that multiple open source models are supported and users can switch between them with a dropdown menu on the control sidebar on the left pane, including: Moonshot Kimi-K2 DeepSeek V3 DeepSeek R1 Baidu’s ERNIE-4.5-VL MiniMax M1 Alibaba’s Qwen3-235B-A22B SmolLM3-3B GLM-4.1V-9B-Thinking Code from UI images, web search integration, and OCR support Using the ERNIE-4.5-VL model, AnyCoder supports multimodal generation. Users can upload UI design screenshots or mockups and generate functional frontend code from them—making it useful for designers or teams working visually. AnyCoder includes a website redesign tool that extracts content from any public site and re-renders it with a more modern layout. It uses scraped content like page structure, meta information, and images to build a new version, optionally guided by user instructions like “make it minimalist” or “add dark mode.” To support up-to-date design trends and implementation patterns, AnyCoder offers web search integration via Tavily. When enabled with an API key, the platform searches for current technologies and best practices before generating code. Users can upload images with embedded text—like screenshots or handwritten notes—and AnyCoder extracts that content using Tesseract OCR. The extracted text can then be incorporated into code prompts or app content. One-click deployment to Hugging Face Spaces AnyCoder allows instant deployment of generated apps to Hugging Face Spaces. After authenticating via OAuth and granting the required permissions, users can deploy apps under their own Hugging Face account namespace. Deployments include: Mobile-friendly, responsive designs Branded header/footer and README Live, shareable URL Full ownership and edit access This deployment capability now includes support for full Python apps built with Gradio, expanding the tool’s use cases beyond static sites. Support for Streamlit is also under development. For novice developers or even those with technical expertise who want to spin up a new project fast, AnyCoder seems like a great and compelling place to start. Daily insights on business use cases with VB Daily If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI. Read our Privacy Policy Thanks for subscribing. Check out more VB newsletters here. An error occured. Read More