MIT Technology Review Explains: Let our writers untangle the complex, messy world of technology to help you understand what’s coming next. You can read more from the series here.

In July, a widely cited MIT study claimed that 95% of organizations that invested in generative AI were getting “zero return.” Tech stocks briefly plunged. While the study itself was more nuanced than the headlines, for many it still felt like the first hard data point confirming what skeptics had muttered for months: Hype around AI might be outpacing reality.

Then, in August, OpenAI CEO Sam Altman said what everyone in Silicon Valley had been whispering. “Are we in a phase where investors as a whole are overexcited about AI?” he said during a press dinner I attended. “My opinion is yes.” 

This story is part of MIT Technology Review’s Hype Correction package, a series that resets expectations about what AI is, what it makes possible, and where we go next.

He compared the current moment to the dot-com bubble. “When bubbles happen, smart people get overexcited about a kernel of truth,” he explained. “Tech was really important. The internet was a really big deal. People got overexcited.” 

With those comments, it was off to the races. The next day’s stock market dip was attributed to the sentiment he shared. The question “Are we in an AI bubble?” became inescapable.

Who thinks it is a bubble? 

The short answer: Lots of people. But not everyone agrees on who or what is overinflated. Tech leaders are using this moment of fear to take shots at their rivals and position themselves as clear winners on the other side. How they describe the bubble depends on where their company sits.

When I asked Meta CEO Mark Zuckerberg about the AI bubble in September, he ran through the historical analogies of past bubbles—railroads, fiber for the internet, the dot-com boom—and noted that in each case, “the infrastructure gets built out, people take on too much debt, and then you hit some blip … and then a lot of the companies end up going out of business.”

But Zuckerberg’s prescription wasn’t for Meta to pump the brakes. It was to keep spending: “If we end up misspending a couple of hundred billion dollars, I think that that is going to be very unfortunate, obviously. But I’d say the risk is higher on the other side.”

Bret Taylor, the chairman of OpenAI and CEO of the AI startup Sierra, uses a mental model from the late ’90s to help navigate this AI bubble. “I think the closest analogue to this AI wave is the dot-com boom or bubble, depending on your level of pessimism,” he recently told me. Back then, he explained, everyone knew e-commerce was going to be big, but there was a massive difference between Buy.com and Amazon. Taylor and others have been trying to position themselves as today’s Amazon.

Still others are arguing that the pain will be widespread. Google CEO Sundar Pichai told the BBC this month that there’s “some irrationality” in the current boom. Asked whether Google would be immune to a bubble bursting, he warned, “I think no company is going to be immune, including us.”

What’s inflating the bubble?

Companies are raising enormous sums of money and seeing unprecedented valuations. Much of that money, in turn, is going toward the buildout of massive data centers—on which both private companies like OpenAI and Elon Musk’s xAI and public ones such as Meta and Google are spending heavily. OpenAI has pledged that it will spend $500 billion to build AI data centers, more than 15 times what was spent on the Manhattan Project.

This eye-popping spending on AI data centers isn’t entirely detached from reality. The leaders of the top AI companies all stress that they’re bottlenecked by their limited access to computing power. You hear it constantly when you talk to them. Startups can’t get the GPU allocations they need. Hyperscalers are rationing compute, saving it for their best customers.

If today’s AI market is as brutally supply-constrained as tech leaders claim, perhaps aggressive infrastructure buildouts are warranted. But some of the numbers are too large to comprehend. Sam Altman has told employees that OpenAI’s moonshot goal is to build 250 gigawatts of computing capacity by 2033, roughly equaling India’s total national electricity demand. Such a plan would cost more than $12 trillion by today’s standards.

“I do think there’s real execution risk,” OpenAI president and cofounder Greg Brockman recently told me about the company’s aggressive infrastructure goals. “Everything we say about the future, we see that it’s a possibility. It is not a certainty, but I don’t think the uncertainty comes from scientific questions. It’s a lot of hard work.”

Who is exposed, and who is to blame?

It depends on who you ask. During the August press dinner, where he made his market-moving comments, Altman was blunt about where he sees the excess. He said it’s “insane” that some AI startups with “three people and an idea” are receiving funding at such high valuations. “That’s not rational behavior,” he said. “Someone’s gonna get burned there, I think.” As Safe Superintelligence cofounder (and former OpenAI chief scientist and cofounder) Ilya Sutskever put it on a recent podcast: Silicon Valley has “more companies than ideas.”

Demis Hassabis, the CEO of Google DeepMind, offered a similar diagnosis when I spoke with him in November. “It feels like there’s obviously a bubble in the private market,” he said. “You look at seed rounds with just nothing being tens of billions of dollars. That seems a little unsustainable.”

Anthropic CEO Dario Amodei also struck at his competition during the New York Times DealBook Summit in early December. He said he feels confident about the technology itself but worries about how others are behaving on the business side: “On the economic side, I have my concerns where, even if the technology fulfills all its promises, I think there are players in the ecosystem who, if they just make a timing error, they just get it off by a little bit, bad things could happen.”

He stopped short of naming Sam Altman and OpenAI, but the implication was clear. “There are some players who are YOLOing,” he said. “Let’s say you’re a person who just kind of constitutionally wants to YOLO things or just likes big numbers. Then you may turn the dial too far.”

Amodei also flagged “circular deals,” or the increasingly common arrangements where chip suppliers like Nvidia invest in AI companies that then turn around and spend those funds on their chips. Anthropic has done some of these, he said, though “not at the same scale as some other players.” (OpenAI is at the center of a number of such deals, as are Nvidia, CoreWeave, and a roster of other players.) 

The danger, he explained, comes when the numbers get too big: “If you start stacking these where they get to huge amounts of money, and you’re saying, ’By 2027 or 2028 I need to make $200 billion a year,’ then yeah, you can overextend yourself.”

Zuckerberg shared a similar message at an internal employee Q&A session after Meta’s last earnings call. He noted that unprofitable startups like OpenAI and Anthropic risk bankruptcy if they misjudge the timing of their investments, but Meta has the advantage of strong cash flow, he reassured staff.

How could a bubble burst?

My conversations with tech executives and investors suggest that the bubble will be most likely to pop if overfunded startups can’t turn a profit or grow into their lofty valuations. This bubble could last longer than than past ones, given that private markets aren’t traded on public markets and therefore move more slowly, but the ripple effects will still be profound when the end comes. 

If companies making grand commitments to data center buildouts no longer have the revenue growth to support them, the headline deals that have propped up the stock market come into question. Anthropic’s Amodei illustrated the problem during his DealBook Summit appearance, where he said the multi-year data center commitments he has to make combine with the company’s rapid, unpredictable revenue growth rate to create a “cone of uncertainty” about how much to spend.

The two most prominent private players in AI, OpenAI and Anthropic, have yet to turn a profit. A recent Deutsche Bank chart put the situation in stark historical context. Amazon burned through $3 billion before becoming profitable. Tesla, around $4 billion. Uber, $30 billion. OpenAI is projected to burn through $140 billion by 2029, while Anthropic is expected to burn $20 billion by 2027.

Consultants at Bain estimate that the wave of AI infrastructure spending will require $2 trillion in annual AI revenue by 2030 just to justify the investment. That’s more than the combined 2024 revenue of Amazon, Apple, Alphabet, Microsoft, Meta, and Nvidia. When I talk to leaders of these large tech companies, they all agree that their sprawling businesses can absorb an expensive miscalculation about the returns from their AI infrastructure buildouts. It’s all the other companies that are either highly leveraged with debt or just unprofitable—even OpenAI and Anthropic—that they worry about. 

Still, given the level of spending on AI, it still needs a viable business model beyond subscriptions, which won’t be able to  drive profits from billions of people’s eyeballs like the ad-driven businesses that have defined the last 20 years of the internet. Even the largest tech companies know they need to ship the world-changing agents they keep hyping: AI that can fully replace coworkers and complete tasks in the real world.

For now, investors are mostly buying into the hype of the powerful AI systems that these data center buildouts will supposedly unlock in the future. At some point the biggest spenders, like OpenAI, will need to show investors that the money spent on the infrastructure buildout was worth it.

There’s also still a lot of uncertainty about the technical direction that AI is heading in. LLMs are expected to remain critical to more advanced AI systems, but industry leaders can’t seem to agree on which additional breakthroughs are needed to achieve artificial general intelligence, or AGI. Some are betting on new kinds of AI that can understand the physical world, while others are focused on training AI to learn in a general way, like a human. In other words, what if all this unprecedented spending turns out to have been backing the wrong horse?

The question now

What makes this moment surreal is the honesty. The same people pouring billions into AI will openly tell you it might all come crashing down. 

Taylor framed it as two truths existing at once. “I think it is both true that AI will transform the economy,” he told me, “and I think we’re also in a bubble, and a lot of people will lose a lot of money. I think both are absolutely true at the same time.”

He compared it to the internet. Webvan failed, but Instacart succeeded years later with essentially the same idea. If you were an Amazon shareholder from its IPO to now, you’re looking pretty good. If you were a Webvan shareholder, you probably feel differently. 

“When the dust settles and you see who the winners are, society benefits from those inventions,” Amazon founder Jeff Bezos said in October. “This is real. The benefit to society from AI is going to be gigantic.”

Goldman Sachs says the AI boom now looks the way tech stocks did in 1997, several years before the dot-com bubble actually burst. The bank flagged five warning signs seen in the late 1990s that investors should watch now: peak investment spending, falling corporate profits, rising corporate debt, Fed rate cuts, and widening credit spreads. We’re probably not at 1999 levels yet. But the imbalances are building fast. Michael Burry, who famously called the 2008 housing bubble collapse (as seen in the film The Big Short), recently compared the AI boom to the 1990s dot-com bubble too.

Maybe AI will save us from our own irrational exuberance. But for now, we’re living in an in-between moment when everyone knows what’s coming but keeps blowing more air into the balloon anyway. As Altman put it that night at dinner: “Someone is going to lose a phenomenal amount of money. We don’t know who.”

Alex Heath is the author of Sources, a newsletter about the AI race, and the cohost of ACCESS, a podcast about the tech industry’s inside conversations. Previously, he was deputy editor at The Verge.

Transforming Gaming: The Power of Tokenization Platforms

The gaming industry has experienced a remarkable evolution over the past decade, transitioning from simple console and PC-based games to complex online, multiplayer, and immersive digital experiences. As technology continues to advance, the integration of blockchain and tokenization is redefining how players, developers, and investors interact within the gaming ecosystem. Tokenization platforms are at the heart of this transformation, providing the infrastructure to create, manage, and trade digital assets securely on the blockchain.

Traditionally, gamers invested significant time and money in virtual assets skins, weapons, characters but had no ownership rights. These assets were controlled by centralized game servers, meaning players could lose them at any time. Tokenization changes this dynamic by converting in-game items, characters, currency, and even digital land into blockchain-based tokens, giving players provable ownership and the ability to trade these assets freely.

Understanding Tokenization Platforms in Gaming

A tokenization platform in gaming is a blockchain-based infrastructure that allows in-game assets to be digitized as tokens. Each token represents ownership, utility, or value within a game or across multiple games. Tokenization enables players to truly own their assets, transfer them, trade them on secondary markets, and even leverage them for financial activities such as lending or staking.

Tokenization platforms typically include:

• NFT Minting Capabilities: Converting unique assets like skins, characters, or items into non-fungible tokens (NFTs).
• Marketplace Integration: Providing a platform for buying, selling, or trading tokenized assets.
• Smart Contract Functionality: Automating rules for ownership, transactions, royalties, and scarcity.
• Cross-Game Compatibility: Enabling assets to be used across multiple games or metaverses.

By creating a secure and transparent tokenized ecosystem, gaming platforms enhance both player engagement and economic opportunities within the digital space.

Key Ways Tokenization Platforms Transform Gaming

1. True Ownership of Digital Assets

Traditionally, in-game assets are controlled by game developers and remain locked within the platform. Players often purchase items, currency, or skins without legal ownership. Tokenization platforms shift this model, granting players verifiable ownership of assets via blockchain. Players can hold, transfer, or trade their assets independently, establishing a digital property rights system within gaming ecosystems.

2. Monetization Opportunities for Players

Tokenization enables players to earn tangible value from in-game activities. Through tokenized assets, players can:

• Trade rare items or skins on secondary markets for cryptocurrency or fiat.
• Lease virtual assets to other players or developers.
• Participate in play-to-earn (P2E) models where game performance translates into token rewards.

This economic layer incentivizes active engagement, rewards skill and creativity, and blurs the line between entertainment and investment.

3. Enhanced Developer Revenue Streams

For developers, tokenization platforms offer new ways to monetize games beyond traditional purchases or subscriptions:

• NFT sales or initial asset offerings provide immediate capital.
• Smart contract-enforced royalties ensure developers earn a percentage of secondary market trades.
• Virtual real estate, digital assets, and branded items can generate recurring revenue.

Tokenization aligns incentives between developers and players, creating a mutually beneficial ecosystem.

4. Interoperability Across Games and Metaverses

Tokenization platforms facilitate cross-platform asset usage. Players can move their NFTs or tokens between compatible games, metaverses, or virtual experiences. Interoperable assets increase their utility and value, encouraging broader adoption and creating interconnected digital ecosystems where players retain control of their assets.

5. Transparency and Security

Blockchain-based tokenization provides transparent and immutable records of asset ownership and transaction history. Players and developers can verify authenticity, track transfers, and prevent duplication or fraud. Security features inherent to blockchain reduce risks of hacking, unauthorized modifications, or asset theft.

6. Community-Driven Development and Governance

Tokenization platforms often integrate governance mechanisms through native tokens or NFTs. Players can participate in decision-making, vote on in-game updates, and influence ecosystem development. This decentralized model empowers communities, fosters loyalty, and encourages long-term engagement.

Benefits of Tokenization Platforms in Gaming

Tokenization platforms offer transformative benefits for both players and developers, fundamentally changing the gaming experience.

True Ownership for Players

Tokenization gives players verifiable ownership of their in-game assets. Unlike traditional games, where developers control and can revoke access to assets, blockchain-based tokens allow players to maintain control, trade freely, and even derive real-world value from virtual items. This ownership fosters a stronger sense of investment and engagement, encouraging players to participate more actively in the game.

Monetization Opportunities

Tokenized assets create real economic opportunities for players and developers. Players can sell, trade, or rent their in-game items or digital land, generating income from their gaming activities. Developers benefit from fees on secondary market transactions, asset creation, or token sales, creating sustainable revenue streams beyond traditional game purchases or subscriptions.

Enhanced Engagement and Loyalty

By providing ownership and monetization incentives, tokenization platforms increase player engagement and loyalty. Players are more likely to invest time and resources in games where their contributions have lasting value. This transforms gaming from a purely recreational activity into an immersive, strategic, and economically rewarding experience.

Global Accessibility

Tokenization enables players worldwide to participate in gaming economies without relying on traditional financial systems. Blockchain allows cross-border transactions, making it easier for international players to buy, sell, or trade assets. This global accessibility expands the player base and fosters a diverse, interconnected gaming community.

Scarcity and Value Creation

Tokenization introduces verifiable scarcity, which enhances the perceived value of in-game assets. Rare items, unique avatars, or limited virtual land plots gain tangible value as digital collectibles, similar to physical luxury goods. Scarcity also incentivizes early participation, rewarding players and investors who engage with tokenized ecosystems early.

Transforming the Gaming Industry: Real-World Examples

Tokenization platforms have already begun transforming the gaming industry through innovative models.

Play-to-Earn Models

Games like Axie Infinity leverage tokenization to create play-to-earn ecosystems. Players earn tokens by battling, breeding, or trading NFT characters. Tokenization platforms secure these transactions, verify ownership, and enable marketplace trading, transforming in-game achievements into real-world income opportunities.

Digital Real Estate and Metaverses

Platforms like The Sandbox and Decentraland tokenize virtual land, allowing players to purchase, develop, and monetize plots. Landowners can host events, rent space to other players, or create immersive experiences. Tokenization ensures secure ownership and trade, transforming digital land into a valuable, scarce, and tradable asset class within gaming ecosystems.

Cross-Platform Assets

Emerging platforms support cross-game asset usage. NFTs minted in one game can appear in other compatible games or ecosystems, expanding utility and value. For example, a sword or character NFT could function as both a weapon in one game and a collectible in another, increasing the asset’s liquidity and desirability.

Challenges and Considerations

Despite the benefits, tokenization platforms in gaming face certain challenges:

• Regulatory Uncertainty: Digital assets may fall under securities, taxation, or gambling regulations in different jurisdictions.
• Market Volatility: The value of tokenized assets can fluctuate significantly, affecting player investment and ecosystem stability.
• Technical Complexity: Implementing tokenization requires blockchain expertise, secure smart contracts, and robust infrastructure.
• User Adoption: Players unfamiliar with blockchain may face learning curves, requiring intuitive design and onboarding.
• Environmental Concerns: Certain blockchain protocols consume significant energy, necessitating eco-friendly alternatives.

Careful planning, legal compliance, and secure technological implementation are essential for sustainable adoption.

The Future of Gaming Tokenization Platforms

The potential of tokenization platforms in gaming continues to expand:

• Integration with DeFi: Players may use tokenized assets as collateral for loans, staking, or decentralized financial services.
• AI-Enhanced Gameplay: AI can dynamically adjust gameplay or asset rarity based on token data.
• Cross-Metaverse Economies: Tokenized assets may flow between multiple virtual worlds, creating unified digital economies.
• Corporate and Brand Participation: Brands may issue virtual assets or sponsor events on tokenized platforms, enhancing marketing and engagement.
• Sustainability Innovations: Layer-2 solutions and energy-efficient blockchains will reduce the environmental impact of tokenization.

The convergence of gaming, blockchain, and tokenization points toward immersive, player-driven economies where digital assets carry real-world value.

Conclusion

Tokenization platforms are redefining the gaming industry by providing true asset ownership, decentralized economies, and new monetization opportunities. Players become stakeholders, creators, and entrepreneurs, while developers benefit from robust engagement and sustainable revenue streams.

By bridging blockchain technology with gaming, tokenization platforms transform virtual worlds into immersive, player-driven economies. While challenges remain, the potential for innovation, inclusion, and economic growth positions tokenization platforms as a cornerstone of the future gaming landscape.

How a Tokenization Platform Can Transform the Gaming Industry was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tokenization is transforming how assets are bought and sold

Real-world asset tokenization has rapidly emerged as one of the most transformative innovations in digital finance. By converting physical and traditional financial assets into blockchain-based tokens, this model is reshaping how assets are bought, sold, traded, and owned. From real estate and commodities to private credit, fine art, intellectual property, and even carbon credits, tokenization introduces a level of liquidity, transparency, and accessibility previously unattainable in conventional markets. As global institutions, enterprises, and investors continue to explore tokenized asset ecosystems, the shift is redefining fundamental market structures and creating entirely new opportunities for capital formation and economic participation.

Understanding Real-World Asset Tokenization

Real-world asset tokenization is the process of creating digital representations of physical or financial assets on a blockchain. These tokens are programmable and can be traded, split, or bundled to reflect ownership, usage rights, or revenue entitlements. For example, a tokenized piece of real estate could provide holders with rental income and appreciation proportional to their ownership share, while a tokenized commodity like gold could represent fractional ownership of the physical asset stored in a vault.

Tokenization can be applied to a wide range of assets, including:

• Real estate: Residential, commercial, and vacation properties.
• Commodities: Precious metals, oil, or agricultural products.
• Financial instruments: Bonds, equities, and alternative investment funds.
• Art and collectibles: High-value paintings, sculptures, and rare items.

Why Traditional Ownership and Trade Models Limit Market Efficiency

Most real-world assets — such as real estate, private equity, luxury goods, or commodities — are inherently illiquid. Traditional frameworks for buying or selling these assets include:

• lengthy due diligence and documentation processes
• high minimum investment thresholds
• multiple intermediaries, each adding cost and delay
• limited access to global buyers and sellers
• regulatory barriers associated with cross-border transactions

These frictions restrict market participation and result in inefficient capital flow. Investors struggle to access attractive alternative asset classes, while asset owners find it difficult to unlock liquidity without selling the entire property or security.

How Tokenization Changes the Buying and Selling of Assets

1. Transactions Become Faster and More Efficient

Traditional asset transfers depend on clearinghouses, brokers, custodians, and legal verifications. These layers create delays that extend settlement times from days to weeks. Tokenization collapses these steps into a single blockchain transaction validated within seconds.

• Real estate transfers no longer require lengthy title searches
• Bond settlements move from T+2 to near-instant
• Commodity ownership can shift without physical documentation
• Private equity shares can be transferred digitally without complex approval processes

The use of smart contracts further automates compliance, payments, and settlement, removing human error and minimizing administrative workloads. The resulting efficiency reshapes how markets function, enabling higher transaction volumes and greater capital mobility.

2. Fractional Ownership Expands Investor Participation

One of the most impactful changes in asset markets is the introduction of fractional ownership through tokenization. By dividing assets into smaller units, tokenization lowers entry barriers and democratizes access.

Fractionalization enables:

• A retail investor to buy $100 worth of a commercial building instead of the full $10 million property
• Ownership of rare art pieces or luxury goods by multiple investors
• Participation in corporate equity or private funds with small minimum investments
• Commodity investments without requiring entire lots or warehouses

This transformation increases market depth and unlocks demand from investors previously priced out of the market. It also enables diversified portfolios, as individuals can allocate capital across multiple high-value assets without needing significant funds.

3. Enhanced Liquidity Through 24/7 Token Markets

Traditionally, many real-world assets suffer from low liquidity. Real estate, private equity, fine art, and collectibles are difficult to sell quickly without heavy price discounts. Tokenization counters this limitation by enabling continuous, global trading of asset-backed tokens.

Token marketplaces and regulated digital exchanges allow tokens to be bought and sold around the clock, similar to cryptocurrencies. This liquidity reduces the inefficiencies associated with long holding periods and creates new liquidity pathways for asset owners.

4. Global Accessibility and Cross-Border Transactions

Tokenization removes geographic barriers by making assets accessible to global investors through decentralized blockchain networks. Investors from any region can participate in tokenized markets, provided regulatory frameworks allow it.

This global reach:

• Expands investor pools
• Reduces dependency on local capital markets
• Allows assets to be priced more efficiently
• Enhances market competition

For asset owners, tokenization provides access to capital far beyond local markets, enabling more favorable price discovery and investment opportunities.

5. Transparent Ownership and Reduced Fraud

Blockchain’s immutable ledger records every transaction, providing a transparent and tamper-proof record of ownership. This visibility reduces prevalence of fraud, title disputes, or double-selling of assets.

In sectors such as supply chain, luxury goods, and commodities, tokenization ensures authenticity and verification at each stage of the asset’s lifecycle. Transparent records reduce operational risks and improve trust among investors, regulators, and asset handlers.

6. Programmable Assets and Smart Contract Automation

Tokenized assets become programmable, meaning their behavior, conditions, and rights can be embedded directly into the code through smart contracts. These programmable functions include:

• Automatic distribution of rental income or dividends
• Enforcement of compliance rules
• Real-time valuation updates
• Automated vesting schedules
• Collateral liquidation procedures

Programmability replaces manual processes and enhances the functionality of assets beyond traditional models.

Benefits of Tokenizing Real-World Assets

1. Democratization of Investment

By enabling fractional ownership and global accessibility, tokenization democratizes investment opportunities. Small investors can now gain exposure to high-value assets, diversifying their portfolios without the need for large capital commitments. Democratization also promotes inclusivity and allows participation from regions previously excluded from certain markets.

2. Enhanced Market Liquidity

Tokenized assets are tradable on secondary markets, enabling faster and more flexible buying and selling. This liquidity attracts a larger investor base and facilitates better price discovery, creating more efficient markets for previously illiquid assets.

3. Transparency and Trust

Blockchain’s transparent ledger ensures investors have access to real-time ownership and transaction data. Automated compliance and smart contracts reduce operational risk and build trust among participants, encouraging greater investment activity.

4. Lower Barriers to Entry

High-value assets that were traditionally restricted to institutional investors are now accessible to smaller participants. This opens up opportunities for diversified investment strategies and allows more people to participate in wealth creation.

5. Efficient Capital Raising for Asset Owners

Asset owners can raise capital more efficiently by tokenizing their assets and selling tokens directly to investors. This reduces dependence on traditional financing methods, cuts costs, and accelerates the fundraising process.

Real-World Examples of Tokenized Assets

1. Real Estate: Platforms like RealT and Slice RE tokenize residential and commercial properties, allowing investors to purchase fractional ownership and earn rental income or appreciation.
2. Commodities: Gold and other precious metals have been tokenized, enabling investors to own fractions of physical commodities without storing or transporting them.
3. Art and Collectibles: Tokenization platforms allow fractional ownership of artworks and rare collectibles, giving investors exposure to valuable assets with lower capital requirements.
4. Bonds and Securities: Tokenized bonds and equity shares are traded on blockchain networks, offering improved liquidity, faster settlement, and lower operational costs.

Challenges and Considerations

Despite its benefits, real-world asset tokenization faces several challenges:

1. Regulatory Uncertainty

The regulatory environment for tokenized assets is still evolving. Different jurisdictions have varying rules regarding securities, property ownership, and digital assets. Compliance with KYC/AML regulations and securities laws is critical, and uncertainty can slow adoption.

2. Market Adoption

Tokenization is still relatively new, and investors may be hesitant to adopt it without understanding the technology or market dynamics. Education and awareness are crucial to wider adoption.

3. Technology Risks

While blockchain is secure, smart contracts and token platforms must be thoroughly audited to prevent coding errors, security breaches, or vulnerabilities that could compromise investor funds.

4. Valuation and Pricing

Determining the accurate value of tokenized assets can be challenging, especially for illiquid or non-standard assets. Transparent and reliable valuation mechanisms are essential for investor confidence and market efficiency.

Future Outlook

The potential of real-world asset tokenization is vast. Some trends shaping the future include:

• Integration with DeFi Platforms: Tokenized assets may be used as collateral in decentralized finance ecosystems, enabling lending, borrowing, and liquidity pooling.
• Expansion Across Asset Classes: Beyond real estate and commodities, tokenization will likely include infrastructure, intellectual property, and private equity.
• Globalized Investment Platforms: Cross-border tokenized asset trading will become more seamless, enhancing market liquidity and access.
• Institutional Participation: Institutional investors are expected to adopt tokenization for portfolio diversification, capital efficiency, and improved liquidity management.
• Smart Contract Innovations: More sophisticated contracts will automate governance, compliance, and profit distribution, reducing operational complexity and risk.

As technology matures and regulatory frameworks stabilize, tokenization has the potential to become a mainstream approach for buying, selling, and managing assets.

Conclusion

Real-world asset tokenization is transforming how physical and financial assets are bought, sold, and managed by converting them into digital tokens. This process enables fractional ownership, enhances liquidity, lowers entry barriers, and increases transparency and efficiency, giving investors greater flexibility, global access, and faster transactions while allowing asset owners to raise capital more efficiently and reach broader markets. Although challenges such as regulatory uncertainty, technological risks, and adoption hurdles remain, the advantages are clear, and as blockchain adoption grows, tokenization is poised to make previously illiquid assets accessible, tradable, and inclusive for investors worldwide.

How Real-World Asset Tokenization Is Changing the Way Assets Are Bought and Sold was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.

In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vulnerabilities and exploits, the most common security issues impacting Windows and Linux, and the vulnerabilities being leveraged in APT attacks that lead to the launch of widespread C2 frameworks. The report utilizes anonymized Kaspersky Security Network data, which was consensually provided by our users, as well as information from open sources.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. The data is taken from cve.org.

Let us consider the number of registered CVEs by month for the last five years up to and including the third quarter of 2025.

Total published vulnerabilities by month from 2021 through 2025 (download)

As can be seen from the chart, the monthly number of vulnerabilities published in the third quarter of 2025 remains above the figures recorded in previous years. The three-month total saw over 1000 more published vulnerabilities year over year. The end of the quarter sets a rising trend in the number of registered CVEs, and we anticipate this growth to continue into the fourth quarter. Still, the overall number of published vulnerabilities is likely to drop slightly relative to the September figure by year-end

A look at the monthly distribution of vulnerabilities rated as critical upon registration (CVSS > 8.9) suggests that this metric was marginally lower in the third quarter than the 2024 figure.

Total number of critical vulnerabilities published each month from 2021 to 2025 (download)

Exploitation statistics

This section contains exploitation statistics for Q3 2025. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

In Q3 2025, as before, the most common exploits targeted vulnerable Microsoft Office products.

Most Windows exploits detected by Kaspersky solutions targeted the following vulnerabilities:

• CVE-2018-0802: a remote code execution vulnerability in the Equation Editor component
• CVE-2017-11882: another remote code execution vulnerability, also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to assume control of the system

These vulnerabilities historically have been exploited by threat actors more frequently than others, as discussed in previous reports. In the third quarter, we also observed threat actors actively exploiting Directory Traversal vulnerabilities that arise during archive unpacking in WinRAR. While the originally published exploits for these vulnerabilities are not applicable in the wild, attackers have adapted them for their needs.

• CVE-2023-38831: a vulnerability in WinRAR that involves improper handling of objects within archive contents We discussed this vulnerability in detail in a 2024 report.
• CVE-2025-6218 (ZDI-CAN-27198): a vulnerability that enables an attacker to specify a relative path and extract files into an arbitrary directory. A malicious actor can extract the archive into a system application or startup directory to execute malicious code. For a more detailed analysis of the vulnerability, see our Q2 2025 report.
• CVE-2025-8088: a zero-day vulnerability similar to CVE-2025-6128, discovered during an analysis of APT attacks The attackers used NTFS Streams to circumvent controls on the directory into which files were unpacked. We will take a closer look at this vulnerability below.

It should be pointed out that vulnerabilities discovered in 2025 are rapidly catching up in popularity to those found in 2023.

All the CVEs mentioned can be exploited to gain initial access to vulnerable systems. We recommend promptly installing updates for the relevant software.

Dynamics of the number of Windows users encountering exploits, Q1 2023 — Q3 2025. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

According to our telemetry, the number of Windows users who encountered exploits increased in the third quarter compared to the previous reporting period. However, this figure is lower than that of Q3 2024.

For Linux devices, exploits for the following OS kernel vulnerabilities were detected most frequently:

• CVE-2022-0847, also known as Dirty Pipe: a vulnerability that allows privilege escalation and enables attackers to take control of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-22555: a heap overflow vulnerability in the Netfilter kernel subsystem. The widespread exploitation of this vulnerability is due to its use of popular memory modification techniques: manipulating “msg_msg” primitives, which leads to a Use-After-Free security flaw.

Dynamics of the number of Linux users encountering exploits, Q1 2023 — Q3 2025. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

A look at the number of users who encountered exploits suggests that it continues to grow, and in Q3 2025, it already exceeds the Q1 2023 figure by more than six times.

It is critically important to install security patches for the Linux operating system, as it is attracting more and more attention from threat actors each year – primarily due to the growing number of user devices running Linux.

Most common published exploits

In Q3 2025, exploits targeting operating system vulnerabilities continue to predominate over those targeting other software types that we track as part of our monitoring of public research, news, and PoCs. That said, the share of browser exploits significantly increased in the third quarter, matching the share of exploits in other software not part of the operating system.

Distribution of published exploits by platform, Q1 2025 (download)

Distribution of published exploits by platform, Q2 2025 (download)

Distribution of published exploits by platform, Q3 2025 (download)

It is noteworthy that no new public exploits for Microsoft Office products appeared in Q3 2025, just as none did in Q2. However, PoCs for vulnerabilities in Microsoft SharePoint were disclosed. Since these same vulnerabilities also affect OS components, we categorized them under operating system vulnerabilities.

Vulnerability exploitation in APT attacks

We analyzed data on vulnerabilities that were exploited in APT attacks during Q3 2025. The following rankings draw on our telemetry, research, and open-source data.

TOP 10 vulnerabilities exploited in APT attacks, Q3 2025 (download)

APT attacks in Q3 2025 were dominated by zero-day vulnerabilities, which were uncovered during investigations of isolated incidents. A large wave of exploitation followed their public disclosure. Judging by the list of software containing these vulnerabilities, we are witnessing the emergence of a new go-to toolkit for gaining initial access into infrastructure and executing code both on edge devices and within operating systems. It bears mentioning that long-standing vulnerabilities, such as CVE-2017-11882, allow for the use of various data formats and exploit obfuscation to bypass detection. By contrast, most new vulnerabilities require a specific input data format, which facilitates exploit detection and enables more precise tracking of their use in protected infrastructures. Nevertheless, the risk of exploitation remains quite high, so we strongly recommend applying updates already released by vendors.

C2 frameworks

In this section, we will look at the most popular C2 frameworks used by threat actors and analyze the vulnerabilities whose exploits interacted with C2 agents in APT attacks.

The chart below shows the frequency of known C2 framework usage in attacks on users during the third quarter of 2025, according to open sources.

Top 10 C2 frameworks used by APT groups to compromise user systems in Q3 2025 (download)

Metasploit, whose share increased compared to Q2, tops the list of the most prevalent C2 frameworks from the past quarter. It is followed by Sliver and Mythic. The Empire framework also reappeared on the list after being inactive in the previous reporting period. What stands out is that Adaptix C2, although fairly new, was almost immediately embraced by attackers in real-world scenarios. Analyzed sources and samples of malicious C2 agents revealed that the following vulnerabilities were used to launch them and subsequently move within the victim’s network:

• CVE-2020-1472, also known as ZeroLogon, allows for compromising a vulnerable operating system and executing commands as a privileged user.
• CVE-2021-34527, also known as PrintNightmare, exploits flaws in the Windows print spooler subsystem, also enabling remote access to a vulnerable OS and high-privilege command execution.
• CVE-2025-6218 or CVE-2025-8088 are similar Directory Traversal vulnerabilities that allow extracting files from an archive to a predefined path without the archiving utility notifying the user. The first was discovered by researchers but subsequently weaponized by attackers. The second is a zero-day vulnerability.

Interesting vulnerabilities

This section highlights the most noteworthy vulnerabilities that were publicly disclosed in Q3 2025 and have a publicly available description.

ToolShell (CVE-2025-49704 and CVE-2025-49706, CVE-2025-53770 and CVE-2025-53771): insecure deserialization and an authentication bypass

ToolShell refers to a set of vulnerabilities in Microsoft SharePoint that allow attackers to bypass authentication and gain full control over the server.

• CVE-2025-49704 involves insecure deserialization of untrusted data, enabling attackers to execute malicious code on a vulnerable server.
• CVE-2025-49706 allows access to the server by bypassing authentication.
• CVE-2025-53770 is a patch bypass for CVE-2025-49704.
• CVE-2025-53771 is a patch bypass for CVE-2025-49706.

These vulnerabilities form one of threat actors’ combinations of choice, as they allow for compromising accessible SharePoint servers with just a few requests. Importantly, they were all patched back in July, which further underscores the importance of promptly installing critical patches. A detailed description of the ToolShell vulnerabilities can be found in our blog.

CVE-2025-8088: a directory traversal vulnerability in WinRAR

CVE-2025-8088 is very similar to CVE-2025-6218, which we discussed in our previous report. In both cases, attackers use relative paths to trick WinRAR into extracting archive contents into system directories. This version of the vulnerability differs only in that the attacker exploits Alternate Data Streams (ADS) and can use environment variables in the extraction path.

CVE-2025-41244: a privilege escalation vulnerability in VMware Aria Operations and VMware Tools

Details about this vulnerability were presented by researchers who claim it was used in real-world attacks in 2024.

At the core of the vulnerability lies the fact that an attacker can substitute the command used to launch the Service Discovery component of the VMware Aria tooling or the VMware Tools utility suite. This leads to the unprivileged attacker gaining unlimited privileges on the virtual machine. The vulnerability stems from an incorrect regular expression within the get-versions.sh script in the Service Discovery component, which is responsible for identifying the service version and runs every time a new command is passed.

Conclusion and advice

The number of recorded vulnerabilities continued to rise in Q3 2025, with some being almost immediately weaponized by attackers. The trend is likely to continue in the future.

The most common exploits for Windows are primarily used for initial system access. Furthermore, it is at this stage that APT groups are actively exploiting new vulnerabilities. To hinder attackers’ access to infrastructure, organizations should regularly audit systems for vulnerabilities and apply patches in a timely manner. These measures can be simplified and automated with Kaspersky Systems Management. Kaspersky Symphony can provide comprehensive and flexible protection against cyberattacks of any complexity.