Back in March, a small aircraft in the UK lost engine power while coming in for a landing and crashed. The aircraft was a total loss, but thankfully, the pilot suffered only minor injuries. According to the recently released report by the Air Accidents Investigation Branch, we now know a failed 3D printed part is to blame.
The part in question is a plastic air induction elbow — a curved duct that forms part of the engine’s air intake system. The collapsed part you see in the image above had an air filter attached to its front (towards the left in the image), which had detached and fallen off. Heat from the engine caused the part to soften and collapse, which in turn greatly reduced intake airflow, and therefore available power.
Serious injury was avoided, but the aircraft was destroyed.
While the cause of the incident is evident enough, there are still some unknowns regarding the part itself. The fact that it was 3D printed isn’t an issue. Additive manufacturing is used effectively in the aviation industry all the time, and it seems the owner of the aircraft purchased the part at an airshow in the USA with no reason to believe anything was awry. So what happened?
The part in question is normally made from laminated fiberglass and epoxy, with a glass transition of 84° C. Glass transition is the temperature at which a material begins to soften, and is usually far below the material’s actual melting point.
When a part is heated at or beyond its glass transition, it doesn’t melt but is no longer “solid” in the normal sense, and may not even be able to support its own weight. It’s the reason some folks pack parts in powdered salt to support them before annealing.
The printed part the owner purchased and installed was understood to be made from CF-ABS, or ABS with carbon fiber. ABS has a glass transition of around 100° C, which should have been plenty for this application. However, the investigation tested two samples taken from the failed part and measured the glass temperature at 52.8°C and 54.0°C, respectively. That’s a far cry from what was expected, and led to part failure from the heat of the engine.
The actual composition of the part in question has not been confirmed, but it sure seems likely that whatever it was made from, it wasn’t ABS. The Light Aircraft Association (LAA) plans to circulate an alert to inspectors regarding 3D printed parts, and the possibility they aren’t made from what they claim to be.
Swapper Finance has launched Direct Deposits in collaboration with Chainlink and Mastercard, aiming to bring global payments directly into the on-chain economy to more than 3.5 billion users worldwide.
Swapper Finance Launches Direct Deposits With Chainlink, Mastercard
On Tuesday, Swapper Finance, a next-generation payments infrastructure layer that connects global users to on-chain applications, announced the launch of Direct Deposits in collaboration with Chainlink, Mastercard, and multiple key partners.
Direct Deposits, which are live now, are set to bring “the global payments world directly into the on-chain economy through a unified, secure, and compliant flow,” powered by Chainlink Runtime Environment (CRE) and Mastercard’s recognized global network.
According to the announcement, users will be able to deposit into Decentralized Finance (DeFi) protocols using payment cards, crypto transfers, or Web3 wallets inside a single, end-to-end on-chain workflow for the first time.
Swapper’s Direct Deposits aim to unlock instant access to DeFi for billions of people worldwide by eliminating traditional bottlenecks, exchanges, and multi-step onboarding. This has historically required stitching together isolated systems, including Know Your Client (KYC) requirements, compliance, card payments, fiat conversion, settlement, and liquidity routing, which has created friction, high drop-off rates, and inconsistent security across the process.
Direct Deposits are set to replace this old-fashioned flow through one “unified, verifiable, on-chain orchestration layer,” with every component of the process executed inside a secure on-chain environment.
Roman Tirone, Senior Manager, Chainlink Build at Chainlink Labs, affirmed that “by unifying identity, compliance, token swaps, settlement, and more in a single orchestration layer, CRE is enabling the onboarding of billions of cardholders into the onchain economy.”
This creates a simple and familiar checkout experience that quickly moves a user from traditional finance to on-chain, supported by institutional-grade security and global reach. Meanwhile, the launch represents another step in Mastercard’s efforts to integrate traditional payment infrastructure with blockchain-based applications, helping it expand its digital asset strategy.
‘The Onboarding Layer For Web3’
Swapper’s launch will see multiple leading Web3 platforms integrate the Direct Deposits technology directly into their user flows, including Pi Squared, Stake.link, KyberSwap, AITECH, NPC, Teneo, BigWater, Rhuna, TrebleSwap, MyStandard, Landwolf, Dolomite, HyperSwap, Turbo, APU, and Radiant Capital, among others.
This signals strong demand for a unified card-to-on-chain standard, the announcement added, which suggests that Direct Deposits “are quickly becoming a foundational component for user acquisition across Web3.”
The launch also represents “deep technical collaboration across Mastercard, Chainlink, Swapper Finance, and key partners” to bring together payment authorization, compliance, execution, and liquidity routing in a single verifiable workflow powered by CRE and Swapper Finance.
Arthur, CTO of Swapper Finance, affirmed that “this is the onboarding layer we always believed the industry needed,” adding that Direct Deposits represent a “turning point” for how people enter the space as “the first truly unified onboarding layer for Web3.”
“Our goal has always been to remove the barriers that keep billions of people from accessing DeFi, and with this launch, that future becomes real,” Arthur stated, concluding that “Direct Deposits represent a turning point for how people enter Web3. For the first time, the process feels intuitive rather than intimidating. We expect this launch to dramatically expand the number of users who can participate in onchain markets.”
As we close out 2025 and look ahead to 2026, nothing is as we might have expected even a year ago. AI has disrupted, and will continue to disrupt, every corner of modern life. In threat intelligence, SentinelLABS has not only recognized this shift but actively pivoted to meet it. At the same time, geopolitical alignments have grown increasingly unstable, with long-standing relationships now less certain than ever.
How will these new realities shape enterprises’ ability to anticipate and counter the cyber threats forming on the horizon? Predictions always carry the caveat that the future remains intractably unknowable, but even the unexpected emerges from trajectories already in motion.
In this post, SentinelLABS researchers and leaders share their perspectives on how the cyber threat landscape is evolving and what may lie ahead. Read on to explore how developments in global strategy, organized cybercrime, and of course, AI could impact us all in the coming year.
The Forgiving Internet is Over
The cybersecurity industry has been living on borrowed time, and AI is about to call in the debt.
The effects of cyberattacks are not always immediately visible: sometimes they go by entirely unnoticed. That encourages a fundamental cybernetics problem, as there isn’t an obvious causal link between the levers available to defenders and the constraining effects imposed on attackers.
That broken loop can create a corrosive perception that what we do doesn’t have meaningful effects, which has allowed our industry to backslide into lowest-investment, compliance-checkbox territory.
Meanwhile, the feedback delay entails that just as exploitation can go unnoticed for years, technical debt sits dormant, unnoticed for prolonged stretches.
We are moving to a future where being vulnerable and being hacked are not two separate steps. Today, organizations run edge appliances riddled with a bottomless supply of weaponizable vulnerabilities and n-days, and yet they often come away uncompromised simply because no one has gotten around to them yet.
Consider Cl0p’s MOVEit campaign: nearly 2,800 organizations compromised, 96 million individuals’ data exposed and the group was still processing victims more than a year after the initial breach. Cl0p explicitly stated they leaked names slowly to avoid overwhelming their own negotiation capacity. The attack itself was automated, executed over a holiday weekend, largely complete before the patch dropped, but extortion is human work. That capacity bottleneck —the gap between what automation can compromise and what humans can monetize— is about to disappear.
The internet’s forgiveness is a function of attacker capacity, and AI is a capacity multiplier. When autonomous agents can probe, validate, and exploit at machine speed, the gap between vulnerable and compromised collapses. Without a countervailing investment in AI-native defense, that asymmetry becomes the defining feature of the landscape.
Attackers will harness AI as a force multiplier long before defenders do. Scrappy resourcefulness, clear financial incentives, and freedom from procurement cycles guarantee it.
The alignment discourse is a distraction. Local models on consumer hardware, unconstrained foreign providers, and enterprise no-retention deployments attest to this. The moment capable computer-use models run locally, guardrails become irrelevant. Anthropic’s recent disclosure of Chinese operators using Claude Code for autonomous intrusions is instructive: one operator hitting thirty targets with minimal human intervention. By their own account, model hallucinations did more to slow the attackers down than any guardrails.
If defenders can thank AI for anything, it will be a fundamental reassignment of value, a revamping of capacity, and a necessary reimagining of what’s possible.
Feeble attempts to conjure tens of thousands of competent practitioners out of thin air have clearly floundered. Thankfully, getting more bodies isn’t the only way to increase capacity anymore. AI offers exactly that. It invites us to revisit implicit ROI calculations we abandoned long ago. We can now reconsider activities that required human intervention but were deemed too incremental and repetitive to be consequential: processing every document in a breach disclosure, pre-processing logs at scale, reverse engineering tangential codebases to better understand malicious code. These were not impossible tasks; they were tasks we decided not to attempt. That calculus has changed.
However, we must be clear-eyed about what we are adopting. These systems are non-deterministic. We are integrating a new form of evaluative power that is commoditized and cheap but also largely outside our control. Their outputs need to be wrangled into predictably acceptable parameters. The organizations that operationalize AI effectively will be those that learn to harness uncertainty within acceptable bounds rather than pretend it doesn’t exist.
What the market is missing (and desperately requires) are organizations that function as step-down transformers: converting raw frontier capability into security outcomes. Frontier labs are racing toward general capability while treating security as one of several potential markets. The result is a gap between what models can theoretically accomplish and what defenders can reliably deploy. Someone must bridge that gap with products and services that translate commoditized evaluative power into deployable autonomy.
This means investment in experimentation to redefine security problems in terms of what AI can make tractable, improve, or solve without waiting for archaic vendors to catch up. The threat actor(s) using Claude Code to maximize their operational capability didn’t stumble into competence. They iterated, tested, and created a harness for ready deployment with the human as far out of the loop as possible. Defenders will need equivalent rigor.
The opportunity is real and sizable. Seizing it requires that security as a practice becomes AI-native. Organizations that treat AI as another line item will find themselves overwhelmed by an operational tempo they cannot match. Those who internalize it as a fundamental shift, on both sides of the adversarial line, have a chance to redefine the dynamics of the security space. The value generated in 2026 and beyond is entirely concentrated in filling that gap between frontier capability and operational deployment. Juan Andres Guerrero-Saade (JAGS), Senior Technical Fellow and VP of Intelligence and Security Research, SentinelLABS
Hemispheric Crossfire | US–Venezuela Cyber Operations Drag in the Big Three
As of late 2025, Venezuela has already shifted from a chronic crisis to a genuine flashpoint. U.S. carrier groups and expanded maritime operations in the Caribbean, public talk of “closing” Venezuelan airspace, and speculation about regime‑change scenarios have raised the temperature dramatically. Caracas, for its part, is signaling a willingness to fight a long guerrilla struggle and “anarchize” the environment if the U.S. moves militarily. At the same time, Venezuela has deepened its alignment with Russia, Iran, and China, explicitly seeking security guarantees, capital, and military assistance from all three.
In such an environment, a realistic 2026 development is the partial exposure of U.S. offensive cyber and information operations targeting Venezuela. This doesn’t mean Hollywood‑style leaks of every covert program; it looks more like a mosaic of glimpses: A social media platform announces a takedown of coordinated inauthentic networks seeding narratives aimed at Venezuelan military factions and diaspora communities; A contractor leak reveals tooling used to profile Venezuelan officers, union leaders, and local elites; A regional report connects seemingly independent media outlets and meme sources back to U.S.-linked funding and infrastructure, blurring the line between strategic communications and covert influence.
None of this is unprecedented. Great powers all play in this space, but the political salience of Venezuela today means the blowback will be sharper and more public than usual.
That exposure offers raw material for counter‑narratives and operations by Caracas’ backers. Russia is already running well‑funded Spanish‑language disinformation and propaganda campaigns across Latin America, often in coordination with partner state media, with a long‑standing focus on undermining U.S. standing in the region. Iran has used Venezuela as a beachhead for sanctions evasion, proxy networks, and anti‑U.S. activity, including leveraging IRGC and Hezbollah-linked structures to expand its reach in the hemisphere. China, meanwhile, is quietly consolidating intelligence collection capabilities via regional ground stations, telecom infrastructure, and proximity to key undersea cables, assets Western analysts already flag as potential platforms for surveillance of U.S. communications.
In 2026, we should expect to see cyber and information operations explicitly framed as “defending Venezuela from U.S. aggression”, but operationally aimed at the United States and its closest partners.
Russian and Venezuela‑aligned influence networks will likely amplify any evidence of U.S. IO/espionage, real, exaggerated, or fabricated, into Spanish and English‑language campaigns targeting U.S. domestic audiences, Latin American publics, and the Venezuelan diaspora.
Iranian‑linked actors can be expected to piggyback on the crisis to probe U.S. critical infrastructure and financial networks under an “Axis of Authoritarianism” narrative, using the Venezuela storyline to justify escalation in cyber operations they were running for other reasons anyway.
Chinese‑linked capabilities are more likely to manifest as intensified collection and mapping, SIGINT on U.S. deployments, diplomatic traffic, and commercial flows, rather than loud influence campaigns, but that data will feed the same broader alignment.
For CTI teams, the prediction isn’t some “ big Venezuela cyber war,” it’s a convergence problem. A Venezuelan crisis becomes the pretext that ties together Russian, Iranian, Chinese, and local pro‑regime operators into loosely synchronized campaigns: hack‑and‑leak operations targeting U.S. policy debates; cross‑platform disinformation linking Venezuela to border, drugs, and migration narratives; the probing of U.S. energy, maritime, and telecom infrastructure under the cover of regional tension.
Expect to see Spanish‑language infrastructure and personas show up in incidents that ultimately impact U.S. and European networks and more clusters where attribution threads run through Caracas and Moscow/Tehran/Beijing at the same time. The organizations most likely to feel this first are those at the seam lines: energy, logistics, telecom, diaspora media, and NGOs with one foot in the U.S. and one in the region. Tom Hegel, Distinguished Threat Researcher, SentinelLABS
China’s Fifteenth Five Year Plan
A new Five-Year Plan from the Chinese Communist Party means a new hit-list for China’s hackers.
After Xi came into power in 2013, he set about issuing development goals for science and technology in China not seen since the leadership of Mao Zedong. The most notable, Made in China 2025 was released two years later in 2015. After American opprobrium reached its peak in the first Trump administration, China slowly withdrew MIC2025 from the limelight. American attention to the strategy led to significant collection difficulties for the PRC as the US FBI and other government agencies prioritized defense of targeted technologies in the private sector and at US research institutions, like universities.
In 2021, the PRC released publicly only a vague outline of the Party’s Medium- to Long-Term Development Plan for Scientific and Technological Innovation, which set innovation goals for 2025, 2030, and 2035. Foreign attention to MIC2025 led the Party to mark the full content of the plan as “internal circulation only.”
The 15th Five-Year Plan promises to push some of those privately-held development goals into the spotlight. The PRC central government will release the official 15th FYP in 2025, and will delegate much of the details about achieving its objectives to government ministries. Ministries will release their more-detailed version of the 15th FYP in late 2025 or early 2026. Those documents create a political demand signal for provincial governments and bureaucracies to work towards realizing.
Contracted hackers looking to pilfer western technology and sell it to the highest bidder in China will consult those documents to identify the technologies their customers are likely to pay good money for. If your industry is on the list of targeted technologies, buckle up. Dakota Cary, Senior Security Advisory Consultant
Organized Cybercrime | More Integrated, Streamlined & Aggressive
Commodities and Cartels
Ransomware and infostealers are now commodity features. We’ve blown past this milestone in the last couple of years. Consider ransomware and data exfiltration as givens in the event of any opportunistic breach. While the days of the ‘big brand’ extortion operations are waning, we are seeing more smaller, organized groups offering à la carte services, including ransomware, but ultimately, this is just another feature available in ‘run of the mill malware’.
The blending of infostealer and ransomware-style features into more swiss-army knife tools and services will attract a broader set of criminals, a natural evolution already underway, given the heavy reliance of modern attacks on the infostealer logs ecosystem.
This also overlaps with the trend towards more ‘Cartel-style’ operations or ‘alliances’ which consolidate disparate malicious services into more all-encompassing “MaaS” offerings.
Ransomware & Initial Access Brokers
As these cartels and service ecosystems solidify, the relationships that underpin initial access are tightening as well. Ransomware groups continue to work closely with IABs (Initial Access Brokers), with an increasing number of threat actors publicly and aggressively attempting to recruit ‘trusted’ IABs. Groups like Sicarii advertise special advantages to others willing to partner with them.
Sicarii Ransom’s ‘recruitment’ of IABs
Additionally, we can expect to see IABs starting to offer more targeted bundles consisting of curated credential sets. For example, IABs will start offering ‘chains’ based on cumulative sets of related credentials (chain of VPN->O365->Cloud Console access for a target). There are some specializing in this now, but we expect this to become more mainstream as the infostealer log ecosystem, which feeds many IABs, continues to explode.
Increasing Attacks Will Offer Defenders Fewer IOCs and Artifacts
There are some interesting micro trends within these smaller, more obscure, operations. One such trend is the omission of ransom notes and other noisy filesystem artifacts, and threat actors moving towards more direct follow-ups via emails and phone calls to initiate communications.
We have seen groups like “Penguin Cartel’ operate in this way, and we expect adversaries to increasingly embrace these alternate methods of first notification in extortive attacks.
Businesses Will Keep Losing Data, Encryption Not Required
This operational “quieting” aligns with another growing trend: attackers no longer need to encrypt data to profit from it. This is far from new, but it is increasing. More crimeware actors eschew encryption entirely, opting to extort victims to prevent release of the exfiltrated data. Groups like Kairos and WorldLeaks are current examples of this model.
Kairos DLS banner (exfiltration only)
More Automation, More Upscaling
While the “AI-revolution” has yet to fully transform the downstream atomic artifacts of crimeware, cybercriminals are taking advantage of various automation options, using AI to augment and scale-up their output.
An increasing number of actors are leveraging AI agents, Telegram Bots and similar features both to automate discovery and sales of their product and C2 activities. This has long since been a practice in the traditional infostealer community, but we are seeing an uptick of this across the crimeware landscape.
Pressure Escalates Tactics
Threat actors are continuing to apply real-world violence (VaaS) to ensure their profitability. Naming-and-shaming via data leak sites will remain a permanent feature of the landscape, but we will see further pressure being applied to business clients, customers, family members and entities that are peripheral to the victim. One common manifestation of this is swatting groups being called upon to apply pressure to financial crime victims.
Additionally, threat actors will continue to leverage regulatory and compliance laws to apply pressure and time leak announcements around critical events such as earnings calls or M&A negotiations. Jim Walter, Senior Threat Researcher, SentinelLABS
Living Off Apple’s Land | Latent Powers and Stolen Trust
Last year, we noted how threat actors were making hay abusing AppleScript’s spoof-friendly ability to create password dialog boxes to gain elevated privileges, but as many unfortunate victims have been finding out this year, that’s far from all AppleScript is good for.
ClickFix is the new social-engineering kid-on-the-block for every stripe of threat actor from nation state APTs to opportunistic cryptowallet-stealing cybercriminals. Dropping a simple two-line AppleScript that opens an innocuous webpage, perhaps a support portal for some legit technology, with up to 10000 blank lines ending with a few malicious lines of code is a ridiculously simple but effective method of social engineering.
A macOS ClickFix-style social engineering script
2026 will see the continuation of both techniques. However, as old as Python and as powerful as PowerShell, AppleScript has a lot more juice left in it from a threat actor point of view.
We are just beginning to see the first signs of adversaries making use of AppleScript’s Objective-C (AS-ObjC) bridge — a wonderful technology that brings the power of Apple’s Foundation and AppKit frameworks, including NSWorkspace, to simple AppleScripts. In the past, we’ve seen AS-ObjC’s newer cousin JXA (JavaScript for Automation) gain traction in red-teaming tools like Apfell; it’s a small conceptual leap from there to the (arguably) easier world of AppleScript Objective-C.
That opens up a whole new world of in-memory scripting power that otherwise usually requires a compiled binary and readily-detectable file writes. Will we see threat actors lean into this old, built-in, not-widely known, yet incredibly powerful way of programming Mac computers? If you’re a threat actor, it’s a Living-off-the-Land technology dream come true. If you’re a defender, it’d be smart to start thinking about what that looks like from a telemetry point-of-view in 2026. And while we’re on the topic of powerful, Apple Framework-enhanced scripting languages, Swift scripting is a thing worth keeping in mind, too.
On macOS, ClickFix was a necessity-is-the-mother-of-invention response to Apple’s plugging of the Gatekeeper workaround. However, you don’t need a bypass to Apple’s increasingly strict code signing and notarization rules if your malware is signed with a valid developer ID.
Illicit trade in verified Apple Developer accounts is something we’ve seen increase in the latter half of 2025, and it’s only a matter of time before we see these abused by more malware authors. Temporary they may be, as Apple is quick to nix such accounts once identified, but even a short-lived campaign can do a lot of damage against the right targets.
The lesson for defenders is not to treat validly code signed executables as some kind of exception to detection rules. Signed code tells a defender little more than that it passed Apple’s automated checks and that the code has a name attached to it. In the case of malware, that’s almost certainly not the name of a threat actor. Phil Stokes, macOS Research Engineer, SentinelLABS
The AI Reckoning | Consolidation, Censorship, and Economic Fallout
Specialized Models Will Belong to Those Who Can Make Them
Over the next few years, we’ll watch a huge number of AI companies simply disappear.
The generic “copilot for X” and “AI workspace” products that dominated pitch decks in 2023–2024 will be reborn as bloodless, checkbox features inside Microsoft 365, Google Workspace, and other large platforms. The quality will be worse than the specialized startups they replace, but that won’t matter because they’ll be easy to buy on an enterprise contract, come bundled with existing tools, and be turned on with a toggle in an admin console.
The result will look like a mass extinction. Valuations will implode and the easy money will evaporate. The tech influencer class on X will still push the “996 grindset mentality” even as the few humbled survivors of the crash pivot from “owning the category” to cutting costs and delivering durable value to a smaller, demanding set of customers.
But this is also exactly the environment in which truly specialized organizations start to matter. These smaller entrants will sit in narrow, high-stakes domains: cybersecurity, law, finance, industrial control, biotech…
In those areas, the winners will be teams that have quietly built a repeatable data and training pipeline, have access to proprietary datasets, and can deploy smaller models that are integrated into specific workflows, regulations, and hardware.
Advances in training efficiency, data curation, and model compression will be among the most valuable pieces of this puzzle, and they will increasingly move out of public view. Labs will publish less, national-security programs will classify more, and a handful of specialized shops will jealously guard their pipelines.
The Bubble Pops in a Poisoned Reality
AI is unpopular as an idea. For most consumers it means glitchy chatbots, over-eager automation at work, auto-generated spam, and marketing departments screaming about “AI-powered” everything. The underlying capabilities are real, but the experience is mostly annoyance, precarity, and a strong sense that someone else is getting rich off a thing that is happening to you, not for you.
On top of that resentment, we’ve layered a classic asset bubble. Capital has flooded into anything AI: driving valuations, headcount, and infrastructure spending far beyond what current use-cases justify. In the last year, large tech companies have fired workers while bragging about “AI efficiencies,” even when they’re mostly just undoing years of over-hiring.
The important prediction isn’t “a bubble exists”; it’s how people will react when it finally hits the wall. Within the next year we should expect a dot-com–scale drawdown in AI equity and private valuations: a broad repricing of pure-play “AI companies,” at least one of today’s marquee AI darlings valued at less than a third of its peak, and a long tail of late-stage startups ruthlessly zeroed-out. The hyperscalers will survive because AI is one line item inside a much larger machine; most everyone else will discover that they built a feature, not a business.
The crash will happen in a reality already saturated with synthetic content. In the scramble to justify their spend, organizations are using models to flood every channel with low-cost output: SEO sludge, autogenerated news, endless pitches, synthetic “user reviews,” fake engagement. Previously trusted sites and platforms are already quietly tilting from human-written to machine-written material because the unit economics are irresistible. The problem is they are using last decade’s metrics: what is the actual economic value of Daily Active Users when the content they are consuming is slop that nobody can monopolize?
As the synthetic layer of our online experience deepens, models are trained and retrained on their own exhaust and on rival models’ curated “knowledge bases”, wiki-like sites and reference corpora that are themselves partially or wholly machine-written. Systems start to treat these partisan or synthetic compilations as “ground truth” simply because they look like structured authority.
“Model poisoning” as a subset of a larger, more pernicious “reality poisoning”
The targeted threat of “model poisoning” becomes the inescapable threat of “reality poisoning” and the line between what actually happened and what the machine inferred as plausible will vanish.
This increasingly synthetic environment directly undermines the business case that justified the bubble in the first place. Search gets worse, watered down, and commoditized. Feeds become vacuum sealed bubbles where nothing breaks containment. Analytics get noisier and less reliable. Conversion rates slip as users learn to distrust what they see on screens. Enterprises that bought AI to “supercharge knowledge work” find that their internal knowledge bases are now clogged with plausible nonsense that’s harder and harder to audit. The marginal ROI on yet another AI integration rapidly decays.
So when the capital tide goes out, the public story will be simple and hostile. “AI took my job and ruined the internet.” The actual big picture may be composed of macro economics, overcapacity, and misallocated capital, but the emotional truth will be that AI made jobs less secure, the information environment less trustworthy, and the daily experience of technology spammy and brittle.
In the aftermath, the models will remain, the infrastructure will remain, and the incumbents will survive by using them where they produce actual value. What won’t survive will be broad-based cultural, political, and financial enthusiasm.
In the next year, we will end up with powerful systems embedded deep in a few dominant platforms, operating in a permanently contaminated data environment, surrounded by a public that no longer believes the marketing and cannot trust the outputs.
Dual-Use Will Eat Alignment and Turn Into Regional Censorship
AI and LLM development are on track to become core pillars of national defense. Questions about “U.S. vs. China vs. everyone else” will move out of policy think-tanks and into mainstream geopolitics. Behind closed doors, frontier systems will be evaluated less as “products” and more as strategic infrastructure: tools that can rewrite the balance of cyber offense, intelligence gathering, and information operations both at home and abroad.
In this world, statements of “public model alignment” will become less important. The loud, visible debates about fairness, bias, and “responsible AI” will continue, but the most consequential work on offensive AI capabilities will move into secure facilities, export-controlled supply chains, and gray markets. The question will shift from “Is this system aligned with human values?” to “Is this system aligned with our national interests?”
Because AI systems are inherently dual-use, offensive capabilities and control affordances will be developed in parallel. The same model that politely refuses to discuss certain topics in a consumer chat interface will have close cousins tuned for intrusion discovery, vulnerability triage, targeted influence, and automated exploitation. Many of those capabilities will originate in state-backed programs, but they won’t stay there. They’ll diffuse into law enforcement, domestic security services, and private contractors, where they will be applied to civilian populations as instruments of soft control and, when desired, hard power.
That logic will leak out into the consumer layer as regionalized safety controls. As these technologies scale, they will increasingly mirror existing patterns of information control. Providers will ship different rule-sets and behaviors by jurisdiction, the way streaming platforms already fragment their catalogs country by country. Providers will claim that this represents “localization” efforts — where differences in language and cultural references are updated for the target population. What they are really localizing is the range of thinkable thoughts within a language model.
Whatever their marketing stance on “neutrality” or aversion to particular ideological labels, major providers will have very strong incentives to align their models with local statutes, regulatory guidance, and informal political red lines. If a given government can threaten licenses, data-center permits, key executives, or revenue streams, the “alignment layer” becomes one more lever for the powerful. Governments will jump at the opportunity to tweak refusal patterns, soften the model’s treatment of this history, or remove guidance that might make protests more effective.
Over time, legislators, regulators, authoritarian regimes, and litigators will get a much sharper sense of where these levers sit inside these systems: how content filters work, what knobs exist for toxicity, radicalization, and persuasion, or how model-delivered advice translates into real-world actions. The volume and specificity of legal and policy demands on these knobs will expand accordingly.
Engineering teams at these companies will spend less time debating abstract philosophical framings and more time implementing tightly scoped, jurisdiction-specific constraints designed by lawyers and national security officials.
The result will be a stratified ecosystem:
Public, region-locked models that are heavily constrained will become the systems most people will interact with day to day.
Institutional and security-grade models, derived from the same or larger bases but deployed inside governments, defense contractors, and domestic security agencies, will be used to profile, predict and shape human behavior at scale.
Informal and illicit models will be leaked, stolen, or quietly licensed and recirculate similar capabilities into criminal markets and non-state actors.
In all three layers, “alignment” will be eaten by dual-use. The systems will be “aligned” to institutional goals, not to a shared, global notion of human flourishing. The public will experience this as an explosion of region-specific censorship and weirdly divergent realities between models that reflect different value systems.
In short, the coming wave of LLM censorship by major U.S. and allied companies is the civilian-facing expression of a deeper shift. Once AI is framed first as a strategic asset and only secondarily as a consumer product, dual-use incentives dominate. Alignment becomes a branch of national security and regulatory compliance, and the map of model behavior starts to trace the borders of political power rather than the contours of an egalitarian reality. Gabriel Bernadett-Shapiro, Distinguished AI Research Scientist, SentinelLABS
Zero or No Trust | Interconnected Services Lead to Increasingly Devastating Intrusions
Zero Trust Architecture networks have been increasingly ubiquitous over the last five years, with the pandemic driving many organizations to rapidly adopt and implement related technologies to support the sudden uptick in remote work. Threat actors were slower to adapt through 2020-2022, as there were plenty of targets who had not jumped on the ZTA bandwagon. Early adopters targeting these environments made headlines by compromising often tech-forward organizations, a far cry from the companies typically in the news for huge ransomware attacks against legacy networks.
In 2025, there were several campaigns where actors targeted highly interconnected environments by focusing on identity providers. The ShinyHunters campaign abusing OAuth relationships in certain Salesforce user environments is a notable example: granting OAuth access to the Data Loader app enabled the attackers to access the victim environment and exfiltrate data using a Salesforce tool intended to do exactly that. Similarly, in August 2025 attackers abused the Salesloft Drift application to hijack OAuth rights to harvest cloud service and SaaS credentials from the targeted environment.
There is huge potential for actors who identify improperly configured or abandoned OAuth-enabled applications. This was demonstrated in 2024 when Midnight Blizzard struck gold by discovering a legacy application in Microsoft’s test environment that enabled high-privileged access to corporate environments. For several years, skilled cloud attackers have been working on tools that map both resources and OAuth relationships in target environments.
While gaining access to such a high value environment as a major cloud service and operating system provider may not be feasible for most actors, increases in automated scanning and data evaluation will only make finding new, well-connected targets easier.
Based on the increased prevalence of Zero Trust environments, an increased attacker focus and understanding of SaaS identity providers, and the rise in sophistication of tools used to identify relationships between identities and assets in organizations’ environments, we believe there is a significant risk for attacks that misuse the new forms of “trust” used to authenticate applications within environments.
A potential evolution we may see in 2026 is tooling that not only targets one SaaS application and its downstream connections, but likely has some degree of automation or evaluation through agentic AI analysis to continue performing more phases of intrusion based on findings from the previous phase. Alex Delamotte, Senior Threat Researcher, SentinelLABS
AI-Driven Threats | Blurred Attribution and the DPRK Wildcard
The use of AI by adversaries will likely manifest in two ways outside of the ongoing discourse. The vast majority of attackers’ use of AI to date has been around driving greater efficiency and automating existing parts of their intrusion lifecycle. The intelligence assessments to date tend to skew towards technical improvements and capabilities.
If we look back on past assessments of emerging technologies — and let’s be honest, AI is without a doubt an emerging technology — two unexpected things tend to happen.
First, threat actors’ use of new technologies almost inevitably blurs existing assessment lines, typically around tradecraft and attribution. If we apply this to AI, the most likely upcoming shift will be lower-level/smaller groups gaining access to capabilities that were previously used to define government-affiliated programs. In particular, AI’s ability to provide language capabilities will bring low-level cybercriminals into the realm of government programs with full linguistic capabilities. This was an incredibly important capability distinction that is likely to end in the coming year solely because of AI.
The second likely outcome will be an almost inevitable surprise from DPRK’s AI use. DPRK cyber activities have previously caught intelligence organizations off-guard multiple times. Examples range from destructive attacks geared towards stopping a movie release through the current IT workers situation.
Additionally, AI has proven highly useful and effective to DPRK efforts, again the IT workers are a great example. When we pair these realities with the vast amount of illicit revenue generated by DPRK’s efforts at stealing cryptocurrency, we see an interesting situation emerging.
We have a cyber effort known to produce surprises, actively leveraging AI in a large and also previously unforeseen manner, and producing large amounts of revenue for the regime through cyber actions, both cryptocurrency theft and IT workers payments.
There is a high likelihood some level of these illicit gains will be reinvested into the DPRK cyber programs to increase their scope, scale, and impact–programs that are already actively pushing the bounds of AI use. While we do not have an expected outcome specifically, the likelihood of an unexpected, large, AI-driven surprise from DPRK is something we should be mindful of and prepared to tackle on the defensive side.
Steve Stone, SVP, Threat Discovery & Response
Looking Ahead & Protection Now
Moving ahead demands strong, decisive leadership based on confident security choices and the courage to evolve. For all those committed to a safer and more resilient future, SentinelOne is ready to help secure every aspect of your business. Contact us to learn more about cybersecurity built for what’s next.
Protect Your Endpoint
See how AI-powered endpoint security from SentinelOne can help you prevent, detect, and respond to cyber threats in real time.
From left: Casera co-founder Neeraj Singh Bhavani, Pioneer Square Labs Managing Director T.A. McCann, and Casera co-founder Alex Levin. (Casera Photo)
Casera, a new healthcare technology startup in Seattle, is spinning out of Pioneer Square Labs with a unique approach to hospital operations: using “agentic AI” to automate the work of case managers and speed up patient flow.
The company is tackling a thorny problem in healthcare: unnecessary length of stay driven by operational friction. Delays in communication, payer authorization and discharge planning can add time to a patient’s stay — and thousands of dollars in expenses for hospitals each day, according to Casera.
The company’s software is built for case managers, who coordinate the operational steps required to move patients safely through the system.
Casera describes its product as a “Case Manager Digital Agent” that operates inside communication channels, watching for context and then triggering next steps — for example, following up on a pending prior authorization or making sure all tasks for a complex discharge have owners and due dates.
Casera’s system plugs into existing collaboration and communication tools, and helps identify “what needs to happen, who needs to be involved, and helps ensure it gets done,” according to CEO Neeraj Singh Bhavani, who previously started patient-flow startup Tagnos (acquired by Sonitor).
Bhavani sees the company’s main competition in vendors that have traditionally focused on patient flow and hospital capacity management, including Qventus, LeanTaaS and TeleTracking. But he said Casera is attacking a different layer of the problem by focusing on “getting things done versus telling what to do.”
“Not trying to be another legacy dashboard and analytics player,” he told GeekWire.
Casera is working with a design partners across major health systems in three states. It has not generated revenue.
Casera’s other co-founder is CTO Alex Levin, who previously started revenue intelligence company MD Clarity (acquired by private equity). A third early leader, Jhayne Pana, was previously an assistant nurse manager with MultiCare Health.
The company has raised $1 million from PSL and has less than ten employees. PSL previously spun out Kevala, a healthcare staffing software company that was acquired earlier this year.
“Tackling patient flow with automation is a massive opportunity, and a very good use case for multiple agentic applications,” T.A. McCann, managing director at Pioneer Square Labs, said in a statement. “It’s an area we know well and in addition to the clear market need, the opportunity to work with two, recently-exited founders was a huge bonus.”
US District Judge Paul Engelmayer has asked prosecutors and defense lawyers for detailed clarification on a series of unresolved issues ahead of Terraform Labs co-founder Do Kwon’s sentencing.
This includes the possibility of the crypto entrepreneur facing an additional 40-year prison term in South Korea after serving time in the United States.
The judge issued the order on December 8, laying out multiple questions that he wants answered before the December 11 hearing.
The filing shows that the court is weighing how Kwon’s foreign legal exposure, previous detention, and the mechanics of international prisoner transfer programs may affect the punishment imposed in New York.
Court Seeks Clarity on Kwon’s Potential 40-Year Korean Prison Term
The judge’s first set of questions focuses on South Korea’s ongoing criminal case against Kwon.
He asked both parties whether they have any reliable information about the likely outcome of the charges he faces there, whether any agreements have been made with Korean authorities, and what sentencing ranges apply if he is convicted.
South Korean prosecutors previously said they would seek up to 40 years in prison for the same conduct that forms the basis of the US case.
The court also asked whether a Korean sentence could run concurrently or consecutively with a US sentence, a detail that could influence the final terms.
The judge wants to know whether the Bureau of Prisons will credit any portion of that 21-month period toward his US term and whether the government’s recommendation of a 12-year sentence was based on the assumption that none of that time will count.
US prosecutors demand 12-year sentence for Do Kwon after Terra's $40B collapse that destabilized crypto markets and aided FTX implosion.#FTX#DoKwon#TerraFormhttps://t.co/LfzwEWH4XG
Defense Pushes Back as Prosecutors Call TerraUSD Collapse “Colossal”
They described the TerraUSD collapse as “colossal in scope,” citing the broader market chain reaction that contributed to the downfall of major firms, including Sam Bankman-Fried’s FTX.
Kwon pleaded guilty in August to conspiracy and wire fraud, admitting that he made false statements about TerraUSD’s stability mechanisms and concealed Jump Trading’s role in supporting the stablecoin during a 2021 depeg event.
US agrees to recommend a 12-year prison sentence and a $19m fine for Do Kwon after he has pleaded guilty to wire fraud and conspiracy#DoKwon#TerraUSDhttps://t.co/ktCCrKzob4
Kwon’s lawyers have asked for a five-year term instead, arguing that the time he spent in Montenegro was served in “brutal conditions” and should weigh heavily in the court’s decision.
They also point to the likelihood that he will be extradited to South Korea after completing his US sentence, where he faces a much longer potential punishment.
The defense says that imposing the full recommended term would result in an excessively long combined period of imprisonment.
Judge Seeks DOJ Clarification on Victim Compensation and Asset Forfeiture
The judge’s order shows he is taking that possibility seriously. He asked both sides to explain whether supervised release would even matter if Kwon is likely to be removed from the United States.
He also questioned what guarantees the U.S. would have that another country would enforce the rest of Kwon’s sentence if he is transferred overseas.
Prosecutors have already said they will support a transfer request once Kwon serves half of his sentence.
But the judge noted that these transfers usually require detailed recommendations to the Bureau of Prisons before they can move forward.
The filing also points to several administrative problems tied to forfeiture and victim payments.
The judge asked the Justice Department to clarify how its remission process would decide which victims qualify for compensation from the seized assets.
This question is especially important because the losses span multiple countries, and no restitution order was requested in the case.
’Tis the season again! If you’re scrambling for last-minute presents or totally blanking on what to get your cannabis-loving crew, don’t stress — we’ve got you. The Cannabis Now team rounded up our favorite finds across the full spectrum of cannabis goodies. Think stylish smoking gear, elevated fashion pieces, tasty edibles, must-have seeds and grower essentials. There’s truly something for everyone on this list. Plus, we’ve sprinkled in exclusive holiday discount codes just for you. Time to spark some joy with the coolest cannabis gifts of 2025.
Give the gift of good vibes this holiday season. Mellow Fellow’s Live Resin Blends combine cannabinoids and terpenes for elevated, experience-based effects—crafted for every mood. Euphoria keeps spirits bright with an uplifting, creative boost, while Dream helps you unwind and find calm after the chaos. Each gummy is made with live resin for authentic strain flavor and consistent potency, wrapped in a sweet, shareable treat. $29.99
Clean Torch is a revolutionary breath-activated, flameless electric lighter that doubles as a vaporizer. This electric lighter is a no-brainer for cannabis enthusiasts and travel—windproof, rechargeable and totally flame-free, it works wherever you go. No butane either, just a quick inhale and you’re good to go. Plus, it’s compact, stylish and built to handle the elements, making it as smart as it is sleek. Whether you’re lighting up at a campsite or traveling across the country, Clean Torch is a must-have, long-life gadget perfect for every trip or keeping at home. It’s that surprisingly perfect little gadget you never knew you needed—until you realize it makes every smoke easier, cleaner, and way more fun. $125(Use the code “Canna” for 15% off sitewide.)
The All-Paper Smokebuddy—the first in a new generation of sustainably sourced, eco-friendly smoke filters! Crafted entirely from paper, including the packaging, this Smokebuddy is a greener alternative to traditional filters. It effectively reduces odor and filters smoke while keeping secondhand smoke away from friends, family, and neighbors. Compact, convenient, and responsibly made, it’s designed with both performance and the planet in mind. $19.95(UseHoliday Promo code: HOLIDAYBUDDY25for 25% off).
Meet Tempest, the designer magnetic pipe from Artifact, engineered to elevate your ritual. It delivers ultra-smooth hits and feels like art in your hand, with two symmetrical halves that snap together with powerful magnets and pull apart in a second for easy cleaning. Inside, a cooling Labyrinth stretches the smoke, strips out heat, and collects resin so every bowl lands smooth and cool. Drop in the optional titanium filter for effortless sessions with hash and other extracts. It looks like a sculpture, hits like a bong, and cleans back to brand new whenever you want. It is the upgrade every weed lover secretly wants in their stocking. $78 (Use Holiday Promo Code CANNABISNOW10 for extra savings).
The new Storz & Bickel VEAZY Vaporizer delivers consistent, flavorful vapor in just 40 seconds using the company’s patented hybrid heating technology. It’s also the brand’s smallest and most affordable device, priced at just $249 and weighing 0.3 lbs. Users can fine-tune settings and easily personalize sessions from their phone or laptop via Bluetooth to the S&B web app. Plus, the quick USB-C charging system means you can easily recharge the device when you’re on the move. The VEAZY dry herb vape is the perfect blend of style and substance: It fits nicely in the palm of your hand but still packs a punch with S&B’s patented mini hybrid heater blending conduction and convection. $249
With over ten years of experience breeding exceptional cultivars and delivering world-class customer service, Royal Queen Seeds (RQS) is a leader in the cannabis genetics space. They have a huge selection of premium cannabis seeds for your homegrowing friend. Whether you’re an experienced cultivator, or simply curious about trying to grow cannabis at home for the first, Royal Queen Seeds has seed varietals for every person, and every situation. Check out their Grow Guide and Strain Finder Tool to determine the best seeds to give this holiday season. These truly make for the perfect stocking stuffers! Starting at $12.50
If you choose to send cannabis seeds to a first-time grower, then consider bundling it with Royal Queen Seeds’ homegrow kit, which makes growing weed easier and stealthier than ever before. You don’t even need to go to the stores to buy soil or pots. With this convenient kit, you can grow fast autoflowering strains that reach a maximum height of 23.4 inches, and harvest after just 10 weeks. Each can contain 2 seeds, a germination plug, and all of the growing media and nutrients you’ll need. Just follow the instruction manual! $36
Back in stock and better than ever! Our new formula is 3X BIGGER than before and easier to chew for older dogs and easier to break for smaller doses. At Vlasic Labs, dogs are part of the family. This Broad Spectrum chew contains ZERO THC and 5mg of CBD per chew, so you can easily find the right dose for your pup. $34.99
Introducing the first waterproof hemp Chelsea boots. The classic design, now more stylish than ever, this time with a premium hemp upper. 8000 Kicks’ new boot is totally vegan, and it uses the same waterproofing technology as their backpacks and shoes. The Chelsea Boots include a rugged sole for the most demanding terrains while keeping a minimalist design for daily wear. $199 (Use 20% Promo Code: CANNABISNOW20 for extra savings.)
Tired of sleep supplements or teas that don’t actually work? Find that prescription meds do work, but you don’t want the negative side effects that come with them? Then Sunday Scaries THC Sleep Gummies are for you! The brand custom-formulated these gummies so that they actually work to help induce sleep, but without compromising your health. If you have any loved ones struggling with restless nights, consider these all-natural, full-spectrum gummies from Sunday Scaries. They are designed to prevent next-day grogginess, and the brand promises to refund you if you can’t fall asleep within 20-30 minutes. $31 (Use Promo Code: CNM20 for extra savings).
Each of these chocolate truffles from Mama Dose is a gentle guide on your journey towards presence and inner harmony, infused with 250mg of the potent Penis Envy strain. Mama’s Mindful Truffles offer a luxurious ritual of self-connection, designed to sharpen your senses and awaken your spirit. Handcrafted with premium vegan ingredients, these truffles combine rich, velvety cocoa with organic sweeteners to create a decadent, ethically sourced experience. $60 (Use Promo Code: CannabisNow2025 for extra savings).
Do Kwon, the troubled co-founder of Terraform Labs based in Singapore, is facing a possible 12-year prison sentence in the United States due to his role in the collapse of the TerraUSD stablecoin, which resulted in significant losses within the cryptocurrency market.
Do Kwon Seeks Reduced Sentence Of Five Years
Bloomberg reported that in a court filing late Thursday, US prosecutors described the Terraform Labs co-founder’s fraudulent actions as “colossal in scope.”
They emphasized that his “misleading statements to customers” triggered a domino effect of crises across the crypto landscape, culminating in the downfall of notable entities such as Sam Bankman-Fried’s FTX.
This comes amid a regulatory environment that has grown increasingly lenient under the Trump administration. In late October, President Trump pardoned Binance founder Changpeng Zhao (CZ), who had been convicted for failing to uphold proper anti-money laundering measures.
In a recent court filing, Terraform Labs co-founder expressed a desire for a reduced sentence of five years. His legal team asserted that he has already “suffered substantially” for his actions, noting that he has spent nearly three years in detention conditions described as “brutal” in Montenegro.
Kwon’s lawyers argued that a five-year prison term would be sufficient and that the prosecutors’ recommendation of 12 years is “far greater than necessary” for justice to be served.
Potential For Sentence Transfer For Terraform Labs Co-Founder
Initially, Kwon pleaded not guilty in January to a nine-count indictment that charged him with securities fraud, wire fraud, commodities fraud, and conspiracy to commit money laundering. However, he changed his plea in August to guilty for conspiracy to defraud and wire fraud.
During this change, Terraform Labs’ leader acknowledged that his actions included making “false and misleading statements” regarding the restoration of TerraUSD’s peg in 2021, admitting, “What I did was wrong.”
As part of his plea agreement, Kwon has consented to forfeit $19.3 million and some properties. Prosecutors have chosen not to demand restitution for the millions of investors who collectively lost $40 billion, citing that calculating individual losses would be too complicated.
Kwon faces charges in both the US and his native South Korea, where prosecutors are also pursuing a lengthy prison sentence potentially reaching up to 40 years.
He was arrested in Montenegro in 2023 while using a fake passport, and following a protracted legal battle, he was extradited to the United States in January after spending nearly two years in a Balkan jail.
US prosecutors have indicated they would support Kwon’s opportunity to serve the second half of his sentence in South Korea, provided he adheres to the terms of his plea deal and qualifies for a transfer program. Kwon is scheduled for sentencing by US District Judge Paul Engelmayer on December 11.
When writing, Terraform Labs’ native token Luna Classic (LUNC) saw a 75% increase in response to Do Kwon’s probable sentence, trading at $0.000050 and placing it at the helm of the market’s top performers on Friday.
Featured image from DALL-E, chart from TradingView.com
In the volatile theatre of the cryptocurrency market, Bitcoin, Ethereum, and Solana are showing signs of a potential high-time-frame reversal. After weeks of stress and price compression, each of the top assets is now stabilizing at key structural support levels. The multiple leading cryptocurrencies are flashing similar recovery setups at the same time.
The current crypto landscape may be setting up one of the most powerful high-time-frame reversals across Bitcoin, Ethereum, and Solana. An investor and trader known as MacroCRG on X highlighted that yesterday, all three assets printed a bullish engulfing candle, a strong signal that buyers are stepping back in with intent.
Market Leaders Hint At A Shift Before Smaller Assets Follow
On the weekly chart, each asset is showing the early stages of an inside-week breakout paired with a false breakdown. MacroCRG pointed out that a similar structure on the ES (S&P 500 futures) chart from April, where the breakdown of inside-week structure led to a breakout that never looked back when the bull secured the weekly close.
For this setup to take hold, these prices need to close the week above the key highlighted highs on the chart. However, there’s still a long way to go before the weekly close will confirm the breakout, and the bulls need to follow through with conviction and remove any doubt.
The founder of the ProMintClub investment community, ProMint, has spotted a high-conviction whale trader aggressively building long positions across the crypto market. Currently, the trader is leading the Lighter leaderboard with over $64 million in profit and loss, while maintaining an 83% long bias. His Lighter account has the highest profit and loss with over $8 million. These are insane numbers compared to everyone else on the leaderboard.
Data shows that the trader has made five deposits into his Lighter account, which total around $6 million in capital. His positions are spread across BTC, ETH, SOL, AAVE, along with smaller plays such as PAXG and PUMP, consistently entering at strong timing points and riding momentum higher.
Even though funding costs have flipped heavily negative, he is not backing down. Presently, this is the top-performing account on Lighter, and this is serious capital deployed with conviction.
How Increased Partners Drive Sustained Volume Demand
According to Chainflip Labs, November marked one of the strongest performance months in the protocol’s history, clearing over $583 million in swap volume, which is the second-best month ever for the network.
Demand remained sustained across BTC, ETH, and SOL routes, and more partners are routing flow through the network than ever before. The trend clearly shows that Chainflip will continue to scale.
The round was co-led by Salesforce Ventures and Anjney Midha (AMP), and saw participation from a16z, NVIDIA, Northzone, Creandum, Earlybird VC, BroadLight Capital, General Catalyst, Temasek, Bain Capital Ventures, Air Street Capital, Visionaries Club, Canva and Figma Ventures.
Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets.
There’s one thing that thousands of folks look forward to every Autumn season. It’s not the changing trees or brisk breeze. It’s pumpkin. Pumpkin coffee, pumpkin pie, pumpkin cookies, pumpkin scents and decorations and now, one more way to celebrate everyone’s favorite gourd before the winter rolls in.
Making your own hash oil rig out of a pumpkin is easy, and you likely have most of the pieces at home already. Danksgiving is the perfect day to get started.
The Pumpkin Rig
MATERIALS NEEDED
1 medium-sized pumpkin
1 metal spoon
1 paring knife
1 glass downstem with flat bottom
1 dab nail that fits into the downstem
1 glass piece to act as mouthpiece (extra glass bowl, adapter, etc.)
paper towels
bowl for collection of pumpkin guts (optional)
DIRECTIONS
1. First step is choosing the pumpkin. Choose a pumpkin that is not a challenge to hold, but is big enough to accommodate the length of the downstem when it is inserted.
2. Next, hollow out your pumpkin by cutting a hole around the stem at the top, effectively creating a lid for the rest of the pumpkin. Clean out the inside of the gourd by scraping out the seeds and squishy pumpkin insides with the metal spoon. If you want to make delicious treats with the seeds later, put the pumpkin guts in a bowl and place it to the side.
3. After the pumpkin is hollowed out, make a hole for the downstem an inch or two away from the pumpkin lid. Make the hole by using the paring knife and gently twisting it while cutting into the pumpkin so you create a hole for the downstem to be inserted through. Once the hole is large enough, gently twist the downstem into the hole. If you encounter too much resistance, try hollowing it out more with the knife — glass is fragile! It also helps to have a downstem with a flat bottom over a curved or closed off bottom, as those are harder to insert into the pumpkin. Once inserted, put the nail into the downstem.
4. Repeat the hole process on the opposite side of the pumpkin as well, for the mouthpiece. You can use anything, like a spare glass bowl for a pipe or an adapter piece from a rig. Make sure both downstem and the mouthpiece are fully flush with the surface of the pumpkin, inserted as far as possible.
5. Check for extra stray bits of pumpkin, as those can come through the mouthpiece on the very first pull. Put the lid back on and take an inhale to check for air-tightness. If you can feel the pull on the nail go ahead and heat it up — you’re ready to go!
6. It can be helpful to have a friend to assist with the dabbing, as balancing the pumpkin and seeing to the other side can make aiming your concentrates a bit more difficult. Also, it’s fun to lift the lid and finish off the hit by submerging your face into the vapor. Perfect for any holiday occasion!
Got the munchies after hitting a few globs out of the pumpkin rig? The pumpkin is the stoner tool that keeps on giving — you can make some dank munchies from the pumpkin seeds you removed during the hollowing process described above with the easy steps below.
Oven-Roasted PumpkinSeeds with BHO-Infused Olive Oil
INGREDIENTS
2-3 tablespoons olive oil
pumpkin guts from freshly-carved pumpkin
salt
decarboxylated hash oil
DIRECTIONS
1. To decarboxylate hash oil, put the concentrate in a heat-resistant container and then into the oven at 200°F for approximately 20 minutes. This activates the THC-A into THC, which makes for a potent edible experience. It can be beneficial to store decarbed oil in the freezer, which makes it brittle and easier to work with when using it.
2. While constructing the pumpkin rig, preheat an oven to 350°F.
3. Save the pumpkin guts from the carving of the pumpkin, placing them to the side in a bowl.
4. Melt the decarbed concentrate into 2-3 tablespoons of olive oil, using a small saucepan on the stove on low temperature. Amount of hash will vary depending on user tolerance, for a small dose try 0.20 grams, for a stronger effect try a half-gram. Gently whisk the oil until the hash is dissolved in the liquid, taking care not to overheat the mixture.
5. Separate the pumpkin seeds from the rest of the pumpkin material as much as possible and place them into a strainer. Rinse the seeds under cold water and then pour on to a paper towel. Pat dry.
6. Pour seeds onto a cookie sheet and pour the medicated oil on the seeds, adding a pinch of salt and stirring the seeds until they are well coated.
7. Pop the seeds into the oven, and take a few dabs out the pumpkin rig while you wait.
8. After 10 minutes, take the seeds out of the oven and stir.
9. After another 10 minutes (20 minutes total) remove from oven and let cool. Enjoy the crunchy hash-infused treats at your leisure. Sprinkle on ice cream, top a salad, or just eat by the handful.
Super Labs co-founders Jared Kofron (left) and Stefan Kalb. (Super Labs Photo)
Stefan Kalb, a Seattle entrepreneur who previously founded grocery tech startup Shelf Engine, is back with a new venture — and a mission to bring artificial intelligence to mid-market companies that don’t have technical expertise.
Kalb is co-founder and CEO of Super Labs, which launched in September and just raised $8 million in a seed funding round led by Seattle-area venture firm FUSE. Other backers include Y Combinator CEO Garry Tan, Liquid 2 Ventures, Soma Capital, and others.
Kalb said the idea for Super Labs emerged after he kept getting calls from people who run “non-tech businesses” and wanted to figure out how to implement AI.
“If you’re non-technical, and you’re trying to move into the AI space — it’s really hard,” Kalb said.
Super Labs operates as both a marketplace and an implementation partner. The platform allows business owners to describe their problems — “I need to stop manually tracking project hours across three spreadsheets,” for example — then visualizes their workflows and identifies where AI can be integrated.
The company doesn’t typically build the AI solutions itself. Instead, it connects businesses with existing AI vendors — such as a voice AI tool — and handles the complex integration work that would normally require technical expertise.
Kalb sees massive opportunity in the mid-market segment, which he said is larger than the S&P 500 in economic terms. His concern is that without platforms like Super Labs, these companies will fall behind as enterprise customers gain access to AI tools.
“The mid-market companies are going to get screwed,” he said.
On the supply side, Super Labs provides a marketplace for developers to distribute their AI products through usage-based models, offering exposure to non-tech customers they otherwise couldn’t reach.
For now, Super Labs is focused on proving its model with early customers in manufacturing, e-commerce, distribution, and retail — businesses that have “all these different workflows that can be automated,” Kalb noted.
Super Labs enters a crowded field of AI consultants and implementation firms. It competes against agent directory platforms such as Gumloop and Langflow, and enterprise software marketplaces such as Vendr and Tropic. Kalb said his company differentiates with its marketplace approach and focus on security and reliability.
Kalb co-founded Super Labs with Jared Kofron, who was a principal software engineer at Pioneer Square Labs and previously worked at Flux, Rover, and Glowforge.
Kalb’s first entrepreneurial experience was founding Molly’s, a healthy food company that supplied salads and sandwiches to Seattle-area cafes and hospitals. That brick-and-mortar experience exposed him to the operational challenges of traditional businesses. “I would have dreamed of having Super Labs,” he said.
Shelf Engine, his next venture, applied AI to reduce food waste in grocery stores by predicting optimal ordering quantities for perishable goods. The company worked with major retailers like Kroger, Target, and Dollar General before its acquisition by retail data company Crisp earlier this year.
Shelf Engine raised more than $60 million from investors and landed celebrity endorsements — but later went through layoffs. Kalb called it a “disappointing acquisition.”
Kalb said he plans to be more deliberate about scaling Super Labs than he was with Shelf Engine, where rapid hiring led to challenges.
Other backers in Super Labs include Massive Tech Ventures (Kalb’s own venture fund), Mercury CEO Immad Akhund, Pioneer Fund, and longtime tech leader Gokul Rajarm.
At the United Nations General Assembly in September, President Trump highlighted his concerns about risky biological research. Significant questions remain, however, about how oversight of high-consequence research will be put into practice. Policymakers and researchers need a consistent and transparent way to weigh the risks and benefits of such research to facilitate review processes and oversight.
Drew Garner at Smartsheet’s Engage conference in Seattle this week. (Photo courtesy of Garner)
— Drew Garner is now senior vice president of engineering for Smartsheet.
Garner joins the Bellevue, Wash., work productivity software giant as Rajeev “Raj” Singh recently took the helm as CEO. The two have significant overlaps in their resumes, with Garner rising to the role of chief technology officer at Accolade during Singh’s tenure as leader of the healthcare platform. And Garner was a senior director at Concur, the Bellevue-based travel expense giant that Singh co-founded.
Garner shared his excitement about the new role on LinkedIn.
“From my first conversation, I could feel the drive — the hunger to innovate, the pride in craft, and the focus on building things that genuinely make a difference,” he said. “Smartsheet is redefining how AI and automation power real work, helping teams move faster, think smarter, and stay more connected than ever.”
Baskar Sridharan. (Trase Photo)
— Baskar Sridharan, a former Amazon Web Services’ vice president of AI/machine learning services and infrastructure, is now president of Trase, an agentic AI startup that publicly launched this week.
“AI adoption is faltering within sectors that need it most: complex, highly regulated enterprises overburdened with administrative tasks that are ripe for automation,” Sridharan said on LinkedIn. “The issue isn’t innovation, it’s implementation.”
Trase has $10.5 million in pre-seed funding, and states that its “initial focus is on complex, highly regulated industries, enabling enterprises in healthcare, national security, and energy to create and deploy autonomous turn-key agents into existing infrastructure…”
Sridharan began his tech career with a nearly 16-year run at Microsoft. He was a principal engineer and architect for an Azure data storage repository that served large analytic workloads. He then moved to Google’s Kirkland, Wash., office where he was vice president of engineering for the Google Cloud platform.
Trase is based in Virginia, but Sridharan will remain in Seattle.
— Qualtrics named two new leaders. The company, co-located in Seattle and Provo, Utah, offers technology that helps businesses gather data and improve the interactions that customers, employees and others have with their products and services.
Provo-based Mark Hammond joined the company as SVP of core AI, previously working for Microsoft in autonomous systems and technology bridging physical and virtual assets.
Seattle-based Jeff Gelfuso was promoted to SVP and chief product experience officer. Gelfuso joined Qualtrics in January. He previously worked at Workday, Amazon, Facebook and Microsoft.
Qualtrics last month announced a $6.75 billion deal to buy Press Ganey Forsta, a company focused on managing experiences for healthcare companies.
Joe Smolarski. (WatchGuard Photo)
— Seattle cybersecurity company WatchGuard Technologies named Joe Smolarski as CEO. Smolarski joined the company from security management company Kaseya, where he held the roles of president and chief operating officer. He is credited with helping lead a 10-fold revenue increase and multi-billion-dollar valuation growth for the Florida company.
Vats Srivatsan had been serving as WatchGuard’s interim CEO since May 2025, following the departure of Prakash Panjwani. Srivatsan will remain on the board of directors.
— Hubble Network, a Seattle-based space-tech startup, named two leadership hires. The news follows its September announcement of $70 million in new funding to accelerate the growth of its satellite-powered Bluetooth network.
Damien Michau, an engineer with two decades of experience, is Hubble’s VP of engineering, joining from the software company Endor Labs.
John Marbach, a past marketing manager, is head of growth. Marbach previously led growth marketing at the cloud company Grafana Labs.
— Mike McGee is CEO of For Effect, a new company that he’s helping launch that provides tech support for nonprofits and small businesses. “Our goal is to help organizations get the most out of their technology, implement automation, and utilize AI agents where appropriate,” McGee said on LinkedIn.
McGee was previously at Vacasa, Accolade, Concur and other Seattle-area tech companies.
— Caleb John is now a principal engineer at Pioneer Square Labs, a Seattle venture firm and startup studio. John was co-founder and CEO of Pongo, a search startup that was acquired last year by Moondream, and previously founded Cedar Robotics, a startup that built indoor delivery robots for restaurants.
— Seattle-based coaching firm Close Cohen Career Consulting announced that former Zillow VP Nancy Poznoff has joined as an executive coach. The firm, which advises senior professionals nationwide who are navigating career transitions, also shared that it has expanded into the Raleigh-Durham area.
Poznoff will remain as CEO and co-founder of Mother Bear Agency, an independent marketing and communications firm. Her past roles include marketing leadership at Starbucks and T-Mobile.
— Angelina DiPreta is a principal at Maveron, a venture capital firm started in 1998 by Starbucks CEO Howard Schultz and Seattle-based tech investor Dan Levitan. San Francisco-based DiPreta was formerly the consumer practice lead at the firm Premji Invest for nearly six years.
— Aaron Ward is co-founder and CEO of Huckleberry, a startup co-located in Portland, Ore., and New Zealand that’s developing a voice-enabled platform that allows managers, HR and teammates to share workplace performance feedback. Ward is a serial entrepreneur, previously launching AskNicely, a customer experience tech company.
— Longtime Seattle-area investor Brianna McDonald has joined the board of the Angel Capital Association Board. Earlier this year, McDonald became CEO of Ecosystem Venture Group, a new organization that blends startup investment funds with services for entrepreneurs and investors.
Minnesota’s new cannabis testing requirements are so onerous that intoxicating hemp edibles and beverage maker Steven Brown is moving his business to Wisconsin.
Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new 'Dante' spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm.
Vivek Ladsariya plating bread pudding with cardamom ice cream at a pop-up restaurant he ran with a friend when he lived in San Francisco. (Photo courtesy of Vivek Ladsariya)
Out of Office is a new GeekWire series spotlighting the passions and hobbies that members of the Seattle-area tech community pursue outside of work.
Day job: General partner and managing director at Seattle’s Pioneer Square Labs, where he helps create and invest in startups as a venture capital investor.
Out-of-office passion: Cooking.
Growing up in India, food was a big part of the culture and something that Vivek Ladsariya was immersed in at home.
His family had a flour mill and would buy wheat grain to grind it into flour. He watched his mother and grandmother cook, and he ate and enjoyed their food.
“When I moved to the U.S., I missed it tremendously, and there was no real way to get some of that home food except to learn how to cook it,” Ladsariya said. “That’s when I started to really learn how to cook all of those things, because I needed that food to consume. So, it was very much born out of necessity.”
His taste and skill goes beyond making the dishes he loved as a boy. He makes pastas and Taiwanese food. He likes to slow cook meat or use his fancy pizza oven. During a recent potluck lunch he made scallion pancakes.
Ladsariya and his wife cook every meal at home, and with a 7-week-old daughter, he finds himself “wearing” her around the kitchen while he’s cooking, encouraging her to taste what he’s making.
During the pandemic while living in San Francisco, Ladsariya got the chance to work in two restaurants — Merchant Roots and Sushi Hakko — to stay busy while his wife was working her healthcare job.
“I think that’s when my cooking game really elevated,” he said. “Up until then I enjoyed cooking, but I’d create a mess. Then I got really organized in the kitchen. I became really efficient.”
With a friend, Ladsariya also put together a pop-up restaurant in which they spent two months researching and prepping a menu and cooking for guests over three days. The proceeds went to charity, and Ladsariya called it one of the favorite times of his life. It’s a process he plans to repeat in Seattle.
But Ladsariya, who enjoys hosting smaller dinners for startup founders, has no plans to leave his day job for a life in the kitchen.
“You’re standing on your feet the entire day and you are unbelievably exhausted,” he said. “I think it’d get old really quickly, and I’d lose the love for this.”
Vivek Ladsariya over a pan of seafood paella. “The joy of cooking is feeding other people,” he says. (Photo courtesy of Vivek Ladsariya)
Most rewarding aspect of this pursuit: Ladsariya said that his day job is so high level and “in the brain” that it can sometimes can be abstract and lacking in the real-time feedback that he gets from working with his hands.
“I just fell in love with that aspect of cooking,” he said. “Everything you do is right there, you get the evidence of whether you did it well or not right away. The effort, the reward — that loop is just so instant and real and gratifying to work with your hands.”
And it’s not about feeding himself. For Ladsariya, the joy of cooking comes from feeding others.
“It’s the bringing people together, the community and all of that that food enables,” he said. “I’m able to provide a great meal and bring together people with something that scratches my creative desires.”
The lessons he brings back to work: Ladsariya finds a connection between how he thinks about cooking and how he thinks about startups.
“Cooking is really about high quality ingredients and not messing it up,” he said. “More often than not, bad food comes from bad ingredients. And I think the same is true for startups. As long as you have a good group of people, they can do something good. People are the ingredients of startup building.”
Furthermore, whether it’s a dish he’s never made or a startup idea that’s especially daunting, it’s best not to overthink things and just do it.
“It’s easy to be intimidated and say, ‘Oh, I have no idea how to do that or where to even start,'” Ladsariya said. “But with a little bit of research and work and just committing to it, you can do pretty incredible things.”
Do you have an out-of-office hobby or interesting side hustle that you’re passionate about that would make for a fun profile on GeekWire? Drop us a line: tips@geekwire.com.
Login
