IT/기술 · "LIBRARY" · 총 17건
필터 보기현재 지수
50.3
0 = 부정 우세
50 = 중립
100 = 긍정 우세
최근 7일 기준 87,736건을 분석한 결과, 뉴스 심리지수는 50.3(균형)입니다. 긍정 4,406건(5.0%)·중립 81,278건(92.6%)·부정 2,052건(2.3%)이며, 중립 비중이 뚜렷하게 높습니다. 성향 지수는 종합 14.9(중도 균형)입니다.
Meanwhile, Defense Secretary Pete Hegseth warned European allies of being stormed by ‘different, dangerous ideologies’
Amazon's gaming strategy has never really been clear. It's been very active in the space: acquiring Twitch, launching its Luna cloud gaming service nearly six years ago, investing heavily in MMOs during the peak of live-service wave, and having access to a huge slate of franchises through Prime Video and the MGM Studios library. Late […]
Comments
Axiom Math, a $1.6B AI unicorn, is building a formally verified library of economic theorems — and already found gaps in the foundations of antitrust law.
If you asked me what I'd change about the Xbox Ally X handheld - aside from fixing Windows, I mean - I'd tell you two key things. First, give me a bigger, better screen. Even a little bit bigger, so games feel less claustrophobic and with less ugly bezel. Second, get rid of the "Library" […]
The province's national library and archives institution, has launched the experimental phase of its proposed government and cultural databank in French and Indigenous language.
Comments
China has unveiled an artificial intelligence platform for drug discovery that can screen a vast library of chemical compounds, cutting the initial drug screening phase from months or years down to tens of seconds. Developers said they expected the system to provide a novel method for identifying lead molecules to treat tumours, neurodegenerative conditions, rare diseases and emerging infectious diseases, as well as possibly speeding up drug research during public health crises. Called GalaxyVS,...
Floppy disks are several decades old—many of the disks are degrading and the data stored on them is at risk of being lost. In response, Leontien Talboom, a technical analyst at Cambridge University Libraries and Archives, led a roughly year-long project preserving floppy disks called “Future Nostalgia,” which concluded in January. Leontien Talboom Leontien Talboom is a technical analyst at Cambridge University Libraries and Archives, where she transfers material from a wide range of storage media to make them accessible to archivists. IEEE Spectrum spoke to Talboom about her work preserving data from Cambridge’s collection of floppy disks and collecting knowledge about the disks themselves. Why is it important to preserve floppy disks now? Leontien Talboom: Two reasons. First, the physical media is starting to degrade. Floppy disks are made from plastic, but they’ve got a magnetic layer of iron oxide, and that’s deteriorating. A lot of floppy disks are found in attics or garages, which means they also suffer from mold. Second, a lot of people who developed floppy disks and systems that use floppy disks are starting to retire or pass away, which means that a lot of tacit knowledge is disappearing. Whom did you go to for that tacit knowledge? Talboom: I went to the retro computing community. Their work is more around preserving these machines to keep them running [than] the data that lives on the floppy disk. But they know their stuff about floppy disks. For example, they know that in a lot of the older disks, the inside of the disk—the doughnut—gets stuck to the top. So if you flex the casing, the doughnut falls down again. If I hadn’t known that, I would have assumed that those disks in our collection were broken or corrupt. What is the most difficult part of working with floppy disks? Talboom: Accessing the files can be quite challenging if we don’t understand the file system. Within libraries and archives, we get a lot of material from machines that are not as well loved. Many of the personal computers that you had at home, such as the Amstrad or ZX Spectrum or BBC Micro, are very well documented. But a bunch of our material comes from business or research systems. They’re not as nostalgic for people, so there’s not as big a community preserving this type of material. Do you have a favorite type of floppy disk? Talboom: Five and a quarter. The weirder the system, the more frustrating and fun it is. I quite like doing that detective work. The Amstrad disk has also really stolen my heart. The popularity of floppy disks is very geographically dependent. Our library, for example, has these Amstrad 3-inch disks. But if you go to the U.S., they’re really uncommon. They weren’t able to manufacture enough of these drives, and [3.5-inch disks] took over at a certain point. But they’re really cute. What’s the best method for sustainably storing data? Talboom: The main thing is actively looking after it. A lot of the floppy disks we get in the library haven’t been accessed for 20 or 30 years, which means that you need certain special hardware to actually read them, and then work with emulators or other tools to make these file formats accessible. Now that we’ve done that work and transferred it, we can monitor it and make sure it’s not suffering from anything like bit rot. We can also make decisions around migrating it to other file formats or working on specific file systems or unknown file formats in more detail.
This webinar presents a workflow offering end-to-end solutions for designing, training, validating and verifying, compressing, and deploying AI-based virtual sensor models to embedded processors within a single environment. Highlights Integrate AI models into Simulink for system-level simulation, verification, and simulation-based testing Apply formal verification techniques to assert neural network behavior Compress the AI model for memory footprint reduction and execution speedup Generate library-free C code from AI models and performing PIL tests Profile code performance and evaluate design and model selection tradeoffs Design and train AI-based virtual sensors using MATLAB Register now for this free webinar!
Comments
Comments
Comments
Cybersecurity consultants have never been more in demand. Information security analyst roles are projected to grow nearly 30 percent between now and 2034, according to the U.S. Bureau of Labor Statistics. More than 15 million cybercrime incidents occurred worldwide in 2024, Statista reported. Data breaches are costly and pose direct safety risks. Statista reported that more than US $10 trillion is spent annually repairing the damage caused by cybercrime, most commonly phishing, spoofing, extortion, and data breaches. In one example in the United States, breathalyzer devices installed in vehicles became disabled, leaving hundreds of drivers stranded, as detailed in an IEEE Spectrum article. To help you acquire the skills you need to distinguish yourself from other cybersecurity job candidates, the IEEE Computer Society offers a “What Makes a Great Cybersecurity Consultant” guide. The 23-page PDF includes hard and soft skills you need, a list of certifications to pursue, and key IEEE cybersecurity conferences for staying updated on developments in the field. The guide includes advice from two cybersecurity experts. John D. Johnson, an IEEE senior member, is the founder and CEO of Aligned Security in Bettendorf, Iowa. Ricardo J. Rodriguez is an associate professor of computer science and systems engineering at the Universidad de Zaragoza, in Spain, who researches digital forensics and other cybersecurity topics. “Technology, remote work, and a shortage of skilled workers make this the ideal time to consider becoming a cybersecurity consultant,” Johnson says in the guide. “Consulting can give you the flexibility, variety, and control over where you want your career to go.” Hard and soft skills At a minimum, cybersecurity professionals should have a general understanding of IT including operating systems, communication protocols, network architecture, and programming languages such as C++, Java, and Python. They also should be well-versed in security auditing, firewall management, penetration testing, and encryption technologies. The principles of ethical hacking and coding would be handy as well. “To be able to defend a system well, you first have to know how to attack it,” Rodriguez says. The guide explains that there are now more technologies available to help cybersecurity consultants monitor threats and protect systems. They include security orchestration, automation, and response (SOAR) platforms, which automate workflows to collect security data, streamline incident response, and automate repetitive tasks. Rodriguez points to advances in domain name system security extensions (DNSSEC), which uses digital signatures based on public-key cryptography to strengthen the authentication of the domain name system. By validating data authenticity, DNSSEC safeguards against attacks such as DNS spoofing and guarantees that users connect to the correct IP address. Technologies such as artificial intelligence, blockchain, and quantum computing will increasingly be used to help thwart cyberattacks, the guide suggests. AI is expected to enhance the quality of data analysis, Rodriguez says. Although hard skills are important, soft skills are just as crucial, according to the guide. Critical thinking, project management, flexibility, teamwork, and organizational and presentation skills are essential. It’s not enough to be good at analyzing security vulnerabilities; you also need to clearly describe the situation and explain possible solutions. “Soft skills are important to achieve good team cohesion,” Rodriguez says, “because consultants often lead diverse teams from within their client’s organization.” “It’s essential,” Johnson adds, “that you demonstrate to clients you’re a team player and a capable communicator, and that you meet your commitments.” Security certifications Possessing security-specific credentials is a valuable way to demonstrate your expertise to potential clients, according to the guide. Because hundreds of certifications are available, Johnson says, pinpointing the most relevant ones can be challenging. Some people focus on theoretical knowledge, while others want to cover practical applications of technology. “Survey the industry and compare it to your skills,” Johnson recommends. “Decide what you want to do, and identify where you have gaps in your skills and experience.” Here are four of the nine certifications listed in the guide that are frequently cited as being important. All the providers are cybersecurity organizations. Certified information security manager. This globally recognized certification from the ISACA is for professionals managing enterprise information security. Certified cloud security professional. Offered by ISC2, this credential validates advanced technical skills in designing, managing, and securing cloud infrastructure. Certified ethical hacker. This certification from the International Council of E-Commerce Consultants (C-Council) confirms proficiency in using methods commonly employed by malicious hackers to detect vulnerabilities. Offensive security certified professional. A hands-on, 24-hour certification exam offered by OffSec covers practical testing skills. Additional industry-specific certifications might be required for organizations in finance, government, health care, or manufacturing. Sound general knowledge—backed by experience, training, and certification—is an essential foundation for being a specialist, Johnson says. Conferences and networking opportunities Events sponsored by the IEEE Computer Society can help you learn about the latest research and advancements in cybersecurity: IEEE Symposium on Security and Privacy, from 18 to 21 May in San Francisco. IEEE European Symposium on Security and Privacy, from 6 to 10 July in Lisbon. IEEE International Conference on Cyber Security and Resilience, from 3 to 5 August in Lisbon. IEEE Secure Development Conference, from 14 to 16 October in Indianapolis. Conferences can give you insight into the field and let you do some networking, but it’s important to network elsewhere as well, experts say. Consider joining the IEEE Technical Community on Security and Privacy, which connects experts and professionals advancing research in areas such as encryption, operating system security, and data privacy. Learning and meeting people keeps your knowledge sharp and can lead to mentorship opportunities with established cybersecurity consultants, Johnson says. Other IEEE resources The IEEE Computer Society’s cybersecurity resources page offers a wealth of information including fundamentals, possible career paths, and standards development. To keep you updated on trends, the society publishes IEEE Transactions on Privacy and the IEEE Security and Privacy magazine. In addition to the guide, the IEEE Learning Network offers nearly 30 courses on cybersecurity. And you can find research papers in the IEEE Xplore Digital Library.
More than 30 years ago, in the mountain village of Mbem in northwest Cameroon, the moon and stars in the night sky were the only light young Jude Numfor knew after the sunset. Electricity had not yet reached his rural community. “There was one person in the village with a petrol generator and a small television,” Numfor says. “When he turned it on, all the children would run to his house and peep through the window.” That memory became the spark for Numfor’s mission: to bring electricity to rural communities like his hometown. To accomplish his goal, in 2006 he cofounded Wireless Light and Power, since renamed Renewable Energy Innovators Cameroon, and he serves as its CEO. REI Cameroon designs, installs, and maintains solar minigrids for rural electrification. The minigrids use photovoltaic technology and battery-energy storage systems to generate electricity at 50 hertz. The electricity is distributed through smart meters. In 2017 the company received a grant from IEEE Smart Village to fund the expansion of REI’s minigrid operations and refine its business model. Smart Village supports projects and organizations bringing electricity and educational and employment opportunities to remote communities worldwide. The program is supported by IEEE societies and donations to the IEEE Foundation. The partnership has led to a collaboration developing open source metering, a free, community-driven way of tracking energy usage. Unlike proprietary utility meters, the system allows users, researchers, and utilities to view, customize, and verify how data is collected, ensuring transparency in billing, consumption tracking, and grid management. Smart Village’s support has been pivotal, Numfor says: “It’s not just about money. We share ideas, we get advice, and we have made friends. Entrepreneurship is lonely, but with the [Smart Village] community, it is different.” From teenage tinkerer to entrepreneur Numfor’s first experience of life with electricity was in 2001, after moving in with a missionary family in the small village of Allat. They used solar panels to power their whole home—an unimaginable luxury in Mbem. “I could watch TV, eat ice cream, and turn on lights,” he says. “It made me wish my brothers in Mbem had the same opportunity.” Numfor’s curiosity about electricity was ignited when a motion-sensor solar light in the family’s home stopped working. He tinkered with the device to find out why. “My missionary family told me to play with it like a toy,” he says, laughingly. “I replaced the dead battery with a motorcycle battery and was able to bring the power back for the night.” Jude Numfor [right] testing a rechargeable solar lantern, which aimed to replace hazardous kerosene lamps—known locally as “bush lamps.”REI Cameroon His missionary parents encouraged Numfor to study technology and engineering on his own, as none of the country’s universities offered solar energy educational programs at the time. They built him a library and stocked it with books on engineering, management, and entrepreneurship. In 2006, armed with his new knowledge, Numfor launched Wireless Light and Power with a friend, Ludwig Teichgraber. The nonprofit aimed to replace hazardous kerosene lamps—known locally as “bush lamps”—with rechargeable solar lanterns. These solar lanterns—called “light packs”—were built locally by Numfor and a team of 11 young Cameroonians using PVC pipes, nickel-metal hydride batteries, and LED bulbs. Families rented the lamps for a small fee, swapping discharged lamps for fully charged ones at solar-powered charging kiosks when they ran out of power. The kiosks then recharged the depleted lamps, making them available for the next swap. “The solar lantern was safer and cleaner, plus it gave children a chance to read at night,” Numfor explains. “People loved them.” Between 2006 and 2010, his team replicated the model across several villages. But when the global financial crisis hit in 2008, donor support dwindled, forcing the organization to evolve. “We pivoted from being an NGO to a commercial venture,” he says. “That’s how REI was born.” Building solar minigrids to serve community needs The new company’s goal was to move away from the lanterns and toward full electrification of communities. Villagers’ aspirations changed, Numfor says, as they now wanted to power their TVs, music systems, and mobile phones. In response, in 2010, REI developed one of the first solar minigrids in West Africa. Using locally procured components, the prototype supplied steady power to six households. The minigrid system used 12 123-watt solar photovoltaic panels manufactured by Sharp, 16 12-volt 100 ampere-hour automatic gain control lead acid batteries, and a Xantrex charge controller and inverter. Locally sourced wooden light poles were erected to distribute electricity throughout the village. REI charged each household a fee for the electricity. “It was a product-market-fit moment,” Numfor says. “People immediately asked, ‘When can we get this, too?’” The word-of-mouth, grassroots growth caught the attention of global partners. Numfor connected with Smart Village and in 2017, REI Cameroon received its first seed grant from the program. With that funding, Numfor was able to grow organically and attract additional grants, including one from the U.S. Trade Development Agency (USTDA), in partnership with the U.S. Department of Energy’s National Renewable Energy Laboratory. REI has since expanded to six villages, providing power to more than 1,000 households and businesses. With a dedicated team of 16 people, the company operates in multiple regions of the country, each with unique terrain, languages, and cultural dynamics. “It wasn’t easy,” he acknowledges. “I’m not an academic person—I had to learn everything by doing. [Smart Village] helped me structure the project and grow as an entrepreneur.” Today, Numfor pays it forward by sharing his Smart Village experience and mentoring new entrepreneurs. Launching a coalition for smart metering Minigrids can’t operate efficiently without clarifying operating rules to ensure quality service requirements and consumer protection, while also enabling reliable and effective monitoring of the system, Numfor says. “We need to know how power is being used, detect problems early, and manage the minigrid from a distance,” he explains. Existing commercial smart-meter providers offer limited and proprietary solutions. One major provider left the market, making their technology infrastructure obsolete. “It’s risky for an entire sector to depend on a few companies for such a critical technology,” Numfor says. In 2025, with the help of the Smart Village technical community, Numfor convened a consortium of open-source power advocates, including the Africa Mini-Grid Developers Association, EnAccess, Energy IOT, and NESL. The goal was to develop an open smart metering system that is accessible, transparent, and sustainable for all energy providers. “These organizations are collaborating as Open Advanced Metering Infrastructure [OpenAMI], which is about giving control back to the people who deliver the energy,” he says. Scaling for impact Numfor’s passion has grown from bringing light to local rural communities to bringing light to his entire country. Just 54 percent of Cameroon’s citizens have access to electricity, according to the International Energy Agency. For Numfor, the challenge is not just technological—it’s social and economic as well. “Electricity is the most important enabler of education and economic growth today,” he says. “When you have power, you unlock everything else.” “Electricity changed my life. Now I want to make sure every child can grow up with that same light.” —Jude Numfor Across the villages where REI has installed sustainable electricity solutions, small businesses are flourishing. Barbershops hum with community chatter, food vendors can preserve perishables, and entrepreneurs run companies such as phone-charging stations and small mills. “Some villages even have laundromats now,” Numfor says proudly. “Electricity creates jobs and changes mindsets.” Still, it has been a bumpy journey. It wasn’t until 2025 that REI obtained its official authorization (license) from Cameroon’s government to produce and distribute electricity in off-grid areas using solar minigrids. This was a major milestone because REI is one of the first private enterprises in the country to receive such authorization. “We were stuck between pilot projects and growth,” he explains. “Our projects were successful, and there was community demand for more, but to grow, we needed investors who require legal guarantees before committing funds. Now we can scale up and attract investors.” REI plans to expand its reach dramatically, beginning with 134 new villages identified through a feasibility study supported by the USTDA. Their long-term goal is to electrify 760 villages across Cameroon by 2031. While authorization opens doors, financing remains one of REI’s biggest challenges. “The minigrid space doesn’t attract venture capitalists easily,” Numfor notes. “Our return on investment is under 15 percent, so it’s not a typical tech startup model. The real return here is the impact” on the community. He hopes to attract investors who understand that access to electricity drives education, health care, and entrepreneurship. “There are people out there who want to make meaningful change,” he says. “We just need to connect with them. When you electrify a village, you never know who the next innovator will be. Maybe it’s another kid like me, looking through a window, dreaming.” Finding skilled staff is another challenge, Numfor says. To address this, REI developed an intensive recruitment and training process. “It used to take years to find the right people,” he says. “Now, we can identify who fits our company culture within six months.” Numfor’s wife, Angela Taliklong, who joined the venture in 2010, now oversees administration and human resources. A brighter Cameroon and beyond Numfor offers simple words of advice to other impact-driven entrepreneurs: Keep moving. “One of my mistakes early on was trying to be perfect,” he says. “I was spending time improving prototypes instead of increasing the number of our project installations and scaling how many communities we could electrify. You must keep momentum. Don’t wait until everything is perfect before you move forward.” That mindset, rooted in resilience and experimentation, has defined his journey. Rajan Kapur, president of Smart Village, says Numfor is a “shining example” of the program’s vision: “scalable and enduring impact through local entrepreneurs, local procurement, and community engagement based on the use of IEEE technology in underserved communities.” With the ongoing Smart Village partnership, Numfor is determined to bring light and opportunity to every corner of Cameroon, and beyond. He already has launched REI Nigeria. “Electricity changed my life,” he says. “Now I want to make sure every child can grow up with that same light.”
Transforming a newly discovered software vulnerability into a cyberattack used to take months. Today—as the recent headlines over Anthropic’s Project Glasswing have shown—generative AI can do the job in minutes, often for less than a dollar of cloud-computing time. But while large language models present a real cyberthreat, they also provide an opportunity to reinforce cyberdefenses. Anthropic reports its Claude Mythos preview model has already helped defenders preemptively discover over a thousand zero-day vulnerabilities, including flaws in every major operating system and web browser, with Anthropic coordinating disclosure and its efforts to patch the revealed flaws. It is not yet clear whether AI-driven bug finding will ultimately favor attackers or defenders. But to understand how defenders can increase their odds, and perhaps hold the advantage, it helps to look at an earlier wave of automated vulnerability discovery. In the early 2010s, a new category of software appeared that could attack programs with millions of random, malformed inputs—a proverbial monkey at a typewriter, tapping on the keys until it finds a vulnerability. When such “fuzzers” like American Fuzzy Lop (AFL) hit the scene, they found critical flaws in every major browser and operating system. The security community’s response was instructive. Rather than panic, organizations industrialized the defense. For instance, Google built a system called OSS-Fuzz that runs fuzzers continuously, around the clock, on thousands of software projects. So software providers could catch bugs before they shipped, not after attackers found them. The expectation is that AI-driven vulnerability discovery will follow the same arc. Organizations will integrate the tools into standard development practice, run them continuously, and establish a new baseline for security. But the analogy has a limit. Fuzzing requires significant technical expertise to set up and operate. It was a tool for specialists. An LLM, meanwhile, finds vulnerabilities with just a prompt—resulting in a troubling asymmetry. Attackers no longer need to be technically sophisticated to exploit code, while robust defenses still require engineers to read, evaluate, and act on what the AI models surface. The human cost of finding and exploiting bugs may approach zero, but fixing them won’t. Is AI Better at Finding Bugs Than Fixing Them? In the opening to his book Engineering Security (2014), Peter Gutmann observed that “a great many of today’s security technologies are ‘secure’ only because no one has ever bothered to look at them.” That observation was made before AI made looking for bugs dramatically cheaper. Most present-day code—including the open source infrastructure that commercial software depends on—is maintained by small teams, part-time contributors, or individual volunteers with no dedicated security resources. A bug in any open source project can have significant downstream impact, too. In 2021, a critical vulnerability in Log4j—a logging library maintained by a handful of volunteers—exposed hundreds of millions of devices. Log4j’s widespread use meant that a vulnerability in a single volunteer-maintained library became one of the most widespread software vulnerabilities ever recorded. The popular code library is just one example of the broader problem of critical software dependencies that have never been seriously audited. For better or worse, AI-driven vulnerability discovery will likely perform a lot of auditing, at low cost and at scale. An attacker targeting an under-resourced project requires little manual effort. AI tools can scan an unaudited codebase, identify critical vulnerabilities, and assist in building a working exploit with minimal human expertise. Research on LLM-assisted exploit generation has shown that capable models can autonomously and rapidly exploit cyber weaknesses, compressing the time between disclosure of the bug and working exploit of that bug from weeks down to mere hours. Generative AI-based attacks launched from cloud servers operate staggeringly cheaply as well. In August 2025, researchers at NYU’s Tandon School of Engineering demonstrated that an LLM-based system could autonomously complete the major phases of a ransomware campaign for some $0.70 per run, with no human intervention. And the attacker’s job ends there. The defender’s job, on the other hand, is only getting underway. While an AI tool can find vulnerabilities and potentially assist with bug triaging, a dedicated security engineer still has to review any potential patches, evaluate the AI’s analysis of the root cause, and understand the bug well enough to approve and deploy a fully functional fix without breaking anything. For a small team maintaining a widely-depended-upon library in their spare time, that remediation burden may be difficult to manage even if the discovery cost drops to zero. Why AI Guardrails and Automated Patching Aren’t the Answer The natural policy response to the problem is to go after AI at the source: holding AI companies responsible for spotting misuse, putting guardrails in their products, and pulling the plug on anyone using LLMs to mount cyberattacks. There is evidence that pre-emptive defenses like this have some effect. Anthropic has published data showing that automated misuse detection can derail some cyberattacks. However, blocking a few bad actors does not make for a satisfying and comprehensive solution. At a root level, there are two reasons why policy does not solve the whole problem. The first is technical. LLMs judge whether a request is malicious by reading the request itself. But a sufficiently creative prompt can frame any harmful action as a legitimate one. Security researchers know this as the problem of the persuasive prompt injection. Consider, for example, the difference between “Attack website A to steal users’ credit card info” and “I am a security researcher and would like secure website A. Run a simulation there to see if it’s possible to steal users’ credit card info.” No one’s yet discovered how to root out the source of subtle cyberattacks, like in the latter example, with 100 percent accuracy. The second reason is jurisdictional. Any regulation confined to U.S.-based providers (or that of any other single country or region) still leaves the problem largely unsolved worldwide. Strong, open-source LLMs are already available anywhere the internet reaches. A policy aimed at handful of American technology companies is not a comprehensive defense. Another tempting fix is to automate the defensive side entirely—let AI autonomously identify, patch, and deploy fixes without waiting for an overworked volunteer maintainer to review them. Tools like GitHub Copilot Autofix generate patches for flagged vulnerabilities directly with proposed code changes. Several open-source security initiatives are also experimenting with autonomous AI maintainers for under-resourced projects. It is becoming much easier to have the same AI system find bugs, generate a patch, and update the code with no human intervention. But LLM-generated patches can be unreliable in ways that are difficult to detect. For example, even if they pass muster with popular code-testing software suites, they may still introduce subtle logic errors. LLM-generated code, even from the most powerful generative AI models out there, is still subject to a range of cyber-vulnerabilities. A coding agent with write access to a repository and no human in the loop is, in so many words, an easy target. Misleading bug reports, malicious instructions hidden in project files, or untrusted code pulled in from outside the project can turn an automated AI codebase maintainer into a cyber-vulnerability generator. Guardrails and automated patching are useful tools, but they share a common limitation. Both are ad hoc and incomplete. Neither addresses the deeper question of whether the software was built securely from the start. The more lasting solution is to prevent vulnerabilities from being introduced at all. No matter how deeply an AI system can inspect a project, it cannot find flaws that don’t exist. Memory-Safe Code Creates More Robust Defenses The most accessible starting point is the adoption of memory-safe languages. Simply by changing the programming language their coders use, organizations can have a large positive impact on their security. Both Google and Microsoft have found that roughly 70 percent of serious security flaws come down to the ways in which software manages memory. Languages like C and C++ leave every memory decision to the developer. And when something slips, even briefly, attackers can exploit that gap to run their own code, siphon data, or bring systems down. Languages like Rust go further; they make the most dangerous class of memory errors structurally impossible, not just harder to make. Memory-safe languages address the problem at the source, but legacy codebases written in C and C++ will remain a reality for decades. Software sandboxing techniques complement memory-safe languages by addressing what they cannot—containing the blast radius of vulnerabilities that do exist. Tools like WebAssembly and RLBox already demonstrate this in practice in web browsers and cloud service providers like Fastly and Cloudflare. However, while sandboxes dramatically raise the bar for attackers, they are only as strong as their implementation. Moreover, Anthropic reports that Claude Mythos has demonstrated that it can breach software sandboxes. For the most security-critical components, where implementation complexity is highest and the cost of failure greatest, a stronger guarantee still is available. Formal verification proves, mathematically, that certain bugs cannot exist. It treats code like a mathematical theorem. Instead of testing whether bugs appear, it proves that specific categories of flaw cannot exist under any conditions. AWS, Cloudflare, and Google already use formal verification to protect their most sensitive infrastructure—cryptographic code, network protocols, and storage systems where failure isn’t an option. Tools like Flux now bring that same rigor to everyday production Rust code, without requiring a dedicated team of specialists. That matters when your attacker is a powerful generative-AI system that can rapidly scan millions of lines of code for weaknesses. Formally verified code doesn’t just put up some fences and firewalls—it provably has no weaknesses to find. The defenses described above are asymmetric. Code written in memory-safe languages—separated by strong sandboxing boundaries and selectively formally verified—presents a smaller and much more constrained target. When applied correctly, these techniques can prevent LLM-powered exploitation, regardless of how capable an attacker’s bug-scanning tools become. Generative AI can support this more foundational shift by accelerating the translation of legacy code into safer languages like Rust, and making formal verification more practical at every stage. Which helps engineers write specifications, generate proofs, and keep those proofs current as code evolves. For organizations, the lasting solution is not just better scanning but stronger foundations: memory-safe languages where possible, sandboxing where not, and formal verification where the cost of being wrong is highest. For researchers, the bottleneck is making those foundations practical—and using generative AI to accelerate the migration. But instead of automated, ad hoc vulnerability patching, generative AI in this mode of defense can help translate legacy code to memory-safe alternatives. It also assists in verification proofs and lowers the expertise barrier to a safer and less vulnerable codebase. The latest wave of smarter AI bug scanners can still be useful for cyberdefense—not just as another overhyped AI threat. But AI bug scanners treat the symptom, not the cause. The lasting solution is software that doesn’t produce vulnerabilities in the first place.
When it comes to AI models, size matters. Even though some artificial-intelligence experts warn that scaling up large language models (LLMs) is hitting diminishing performance returns, companies are still coming out with ever larger AI tools. Meta’s latest Llama release had a staggering 2 trillion parameters that define the model. As models grow in size, their capabilities increase. But so do the energy demands and the time it takes to run the models, which increases their carbon footprint. To mitigate these issues, people have turned to smaller, less capable models and using lower-precision numbers whenever possible for the model parameters. But there is another path that may retain a staggeringly large model’s high performance while reducing the time it takes to run an energy footprint. This approach involves befriending the zeros inside large AI models. For many models, most of the parameters—the weights and activations—are actually zero, or so close to zero that they could be treated as such without losing accuracy. This quality is known as sparsity. Sparsity offers a significant opportunity for computational savings: Instead of wasting time and energy adding or multiplying zeros, these calculations could simply be skipped; rather than storing lots of zeros in memory, one need only store the nonzero parameters. Unfortunately, today’s popular hardware, like multicore CPUs and GPUs, do not naturally take full advantage of sparsity. To fully leverage sparsity, researchers and engineers need to rethink and re-architect each piece of the design stack, including the hardware, low-level firmware, and application software. In our research group at Stanford University, we have developed the first (to our knowledge) piece of hardware that’s capable of calculating all kinds of sparse and traditional workloads efficiently. The energy savings varied widely over the workloads, but on average our chip consumed one-seventieth the energy of a CPU, and performed the computation on average eight times as fast. To do this, we had to engineer the hardware, low-level firmware, and software from the ground up to take advantage of sparsity. We hope this is just the beginning of hardware and model development that will allow for more energy-efficient AI. What is sparsity? Neural networks, and the data that feeds into them, are represented as arrays of numbers. These arrays can be one-dimensional (vectors), two-dimensional (matrices), or more (tensors). A sparse vector, matrix, or tensor has mostly zero elements. The level of sparsity varies, but when zeroes make up more than 50 percent of any type of array, it can stand to benefit from sparsity-specific computational methods. In contrast, an object that is not sparse—that is, it has few zeros compared with the total number of elements—is called dense. Sparsity can be naturally present, or it can be induced. For example, a social-network graph will be naturally sparse. Imagine a graph where each node (point) represents a person, and each edge (a line segment connecting the points) represents a friendship. Since most people are not friends with one another, a matrix representing all possible edges will be mostly zeros. Other popular applications of AI, such as other forms of graph learning and recommendation models, contain naturally occurring sparsity as well. Beyond naturally occurring sparsity, sparsity can also be induced within an AI model in several ways. Two years ago, a team at Cerebras showed that one can set up to 70 to 80 percent of parameters in an LLM to zero without losing any accuracy. Cerebras demonstrated these results specifically on Meta’s open-source Llama 7B model, but the ideas extend to other LLM models like ChatGPT and Claude. The case for sparsity Sparse computation’s efficiency stems from two fundamental properties: the ability to compress away zeros and the convenient mathematical properties of zeros. Both the algorithms used in sparse computation and the hardware dedicated to them leverage these two basic ideas. First, sparse data can be compressed, making it more memory efficient to store “sparsely”—that is, in something called a sparse data type. Compression also makes it more energy efficient to move data when dealing with large amounts of it. This is best understood by an example. Take a four-by-four matrix with three nonzero elements. Traditionally, this matrix would be stored in memory as is, taking up 16 spaces. This matrix can also be compressed into a sparse data type, getting rid of the zeros and saving only the nonzero elements. In our example, this results in 13 memory spaces as opposed to 16 for the dense, uncompressed version. These savings in memory increase with increased sparsity and matrix size. In addition to the actual data values, compressed data also requires metadata. The row and column locations of the nonzero elements also must be stored. This is usually thought of as a “fibertree”: The row labels containing nonzero elements are listed and linked to the column labels of the nonzero elements, which are then linked to the values stored in those elements. In memory, things get a bit more complicated still: The row and column labels for each nonzero value must be stored as well as the “segments” that indicate how many such labels to expect, so the metadata and data can be clearly delineated from one another. In a dense, noncompressed matrix data type, values can be accessed either one at a time or in parallel, and their locations can be calculated directly with a simple equation. However, accessing values in sparse, compressed data requires looking up the coordinates of the row index and using that information to “indirectly” look up the coordinates of the column index before finally reaching the value. Depending on the actual locations of the sparse data values, these indirect lookups can be extremely random, making the computation data-dependent and requiring the allocation of memory lookups on the fly. Second, two mathematical properties of zero let software and hardware skip a lot of computation. Multiplying any number by zero will result in a zero, so there’s no need to actually do the multiplication. Adding zero to any number will always return that number, so there’s no need to do the addition either. In matrix-vector multiplication, one of the most common operations in AI workloads, all computations except those involving two nonzero elements can simply be skipped. Take, for example, the four-by-four matrix from the previous example and a vector of four numbers. In dense computation, each element of the vector must be multiplied by the corresponding element in each row and then added together to compute the final vector. In this case, that would take 16 multiplication operations and 16 additions (or four accumulations). In sparse computation, only the nonzero elements of the vector need be considered. For each nonzero vector element, indirect lookup can be used to find any corresponding nonzero matrix element, and only those need to be multiplied and added. In the example shown here, only two multiplication steps will be performed, instead of 16. The trouble with GPUs and CPUs Unfortunately, modern hardware is not well suited to accelerating sparse computation. For example, say we want to perform a matrix-vector multiplication. In the simplest case, in a single CPU core, each element in the vector would be multiplied sequentially and then written to memory. This is slow, because we can do only one multiplication at a time. So instead people use CPUs with vector support or GPUs. With this hardware, all elements would be multiplied in parallel, greatly speeding up the application. Now, imagine that both the matrix and vector contain extremely sparse data. The vectorized CPU and GPU would spend most of their efforts multiplying by zero, performing completely ineffectual computations. Newer generations of GPUs are capable of taking some advantage of sparsity in their hardware, but only a particular kind, called structured sparsity. Structured sparsity assumes that two out of every four adjacent parameters are zero. However, some models benefit more from unstructured sparsity—the ability for any parameter (weight or activation) to be zero and compressed away, regardless of where it is and what it is adjacent to. GPUs can run unstructured sparse computation in software, for example, through the use of the cuSparse GPU library. However, the support for sparse computations is often limited, and the GPU hardware gets underutilized, wasting energy-intensive computations on overhead. Petra Péterffy When doing sparse computations in software, modern CPUs may be a better alternative to GPU computation, because they are designed to be more flexible. Yet, sparse computations on the CPU are often bottlenecked by the indirect lookups used to find nonzero data. CPUs are designed to “prefetch” data based on what they expect they’ll need from memory, but for randomly sparse data, that process often fails to pull in the right stuff from memory. When that happens, the CPU must waste cycles calling for the right data. Apple was the first to speed up these indirect lookups by supporting a method called an array-of-pointers access pattern in the prefetcher of their A14 and M1 chips. Although innovations in prefetching make Apple CPUs more competitive for sparse computation, CPU architectures still have fundamental overheads that a dedicated sparse computing architecture would not, because they need to handle general-purpose computation. Other companies have been developing hardware that accelerates sparse machine learning as well. These include Cerebras’s Wafer Scale Engine and Meta’s Training and Inference Accelerator (MTIA). The Wafer Scale Engine, and its corresponding sparse programming framework, have shown incredibly sparse results of up to 70 percent sparsity on LLMs. However, the company’s hardware and software solutions support only weight sparsity, not activation sparsity, which is important for many applications. The second version of the MTIA claims a sevenfold sparse compute performance boost over the MTIA v1. However, the only publicly available information regarding sparsity support in the MTIA v2 is for matrix multiplication, not for vectors or tensors. Although matrix multiplications take up the majority of computation time in most modern ML models, it’s important to have sparsity support for other parts of the process. To avoid switching back and forth between sparse and dense data types, all of the operations should be sparse. Onyx Instead of these halfway solutions, our team at Stanford has developed a hardware accelerator, Onyx, that can take advantage of sparsity from the ground up, whether it’s structured or unstructured. Onyx is the first programmable accelerator to support both sparse and dense computation; it’s capable of accelerating key operations in both domains. To understand Onyx, it is useful to know what a coarse-grained reconfigurable array (CGRA) is and how it compares with more familiar hardware, like CPUs and field-programmable gate arrays (FPGAs). CPUs, CGRAs, and FPGAs represent a trade-off between efficiency and flexibility. Each individual logic unit of a CPU is designed for a specific function that it performs efficiently. On the other hand, since each individual bit of an FPGA is configurable, these arrays are extremely flexible, but very inefficient. The goal of CGRAs is to achieve the flexibility of FPGAs with the efficiency of CPUs. CGRAs are composed of efficient and configurable units, typically memory and compute, that are specialized for a particular application domain. This is the key benefit of this type of array: Programmers can reconfigure the internals of a CGRA at a high level, making it more efficient than an FPGA but more flexible than a CPU. The Onyx chip, built on a coarse-grained reconfigurable array (CGRA), is the first (to our knowledge) to support both sparse and dense computations. Olivia Hsu Onyx is composed of flexible, programmable processing element (PE) tiles and memory (MEM) tiles. The memory tiles store compressed matrices and other data formats. The processing element tiles operate on compressed matrices, eliminating all unnecessary and ineffectual computation. The Onyx compiler handles conversion from software instructions to CGRA configuration. First, the input expression—for instance, a sparse vector multiplication—is translated into a graph of abstract memory and compute nodes. In this example, there are memories for the input vectors and output vectors, a compute node for finding the intersection between nonzero elements, and a compute node for the multiplication. The compiler figures out how to map the abstract memory and compute nodes onto MEMs and PEs on the CGRA, and then how to route them together so that they can transfer data between them. Finally, the compiler produces the instruction set needed to configure the CGRA for the desired purpose. Since Onyx is programmable, engineers can map many different operations, such as vector-vector element multiplication, or the key tasks in AI, like matrix-vector or matrix-matrix multiplication, onto the accelerator. We evaluated the efficiency gains of our hardware by looking at the product of energy used and the time it took to compute, called the energy-delay product (EDP). This metric captures the trade-off of speed and energy. Minimizing just energy would lead to very slow devices, and minimizing speed would lead to high-area, high-power devices. Onyx achieves up to 565 times as much energy-delay product over CPUs (we used a 12-core Intel Xeon CPU) that utilize dedicated sparse libraries. Onyx can also be configured to accelerate regular, dense applications, similar to the way a GPU or TPU would. If the computation is sparse, Onyx is configured to use sparse primitives, and if the computation is dense, Onyx is reconfigured to take advantage of parallelism, similar to how GPUs function. This architecture is a step toward a single system that can accelerate both sparse and dense computations on the same silicon. Just as important, Onyx enables new algorithmic thinking. Sparse acceleration hardware will not only make AI more performance- and energy efficient but also enable researchers and engineers to explore new algorithms that have the potential to dramatically improve AI. The future with sparsity Our team is already working on next-generation chips built off of Onyx. Beyond matrix multiplication operations, machine learning models perform other types of math, like nonlinear layers, normalization, the softmax function, and more. We are adding support for the full range of computations on our next-gen accelerator and within the compiler. Since sparse machine learning models may have both sparse and dense layers, we are also working on integrating the dense and sparse accelerator architecture more efficiently on the chip, allowing for fast transformation between the different data types. We’re also looking at ways to manage memory constraints by breaking up the sparse data more effectively so we can run computations on several sparse accelerator chips. We are also working on systems that can predict the performance of accelerators such as ours, which will help in designing better hardware for sparse AI. Longer term, we’re interested in seeing whether high degrees of sparsity throughout AI computation will catch on with more model types, and whether sparse accelerators become adopted at a larger scale. Building the hardware to unstructured sparsity and optimally take advantage of zeros is just the beginning. With this hardware in hand, AI researchers and engineers will have the opportunity to explore new models and algorithms that leverage sparsity in novel and creative ways. We see this as a crucial research area for managing the ever-increasing runtime, costs, and environmental impact of AI.