Google says “attackers are intensifying their phishing and credential theft methods” with an “exponential rise in cookie and authentication token theft as a preferred method.” To counter, Google recommends passkey adoption, which is now “generally available to more than 11 million Google Workspace customers.” Admins can passkey audit enrollment and restrict to physical security keys. Compared to passwords, they cannot be “guessed, stolen, or forgotten.” Phishing resistance: Passkeys are inherently more phishing-resistant because users cannot be tricked into handing over passkeys to a malicious actor. Ease of use: Signing in with passkeys is as simple as unlocking your device, such as using a PIN or biometrics such as a fingerprint or facial recognition. Strong security: Unlike passwords that are often re-used, each passkey is unique and generated for each specific website or service. Google says “signing in with passkeys is 40% faster than passwords for Workspace users.” To date, we have millions of users across enterprises, nonprofits, and educational institutions benefiting from using passkeys. Meanwhile, Google also wants to combat cookie theft with Device Bound Session Credentials. DBSC “helps bind a session cookie — small files used by websites to remember user information — to the device a user authenticated from.” This is available in Chrome for Windows, with only the originating device able to access the active session. Some Workspace customers are already using it to protect their end users. Google’s other effort to reduce cookie theft is the Shared Signals Framework (SSF). This framework acts as a robust system for “transmitters” to promptly inform “receivers” about significant events, facilitating a coordinated response to security threats.
Starbucks pilots ‘coffee house of the future,’ to phase out mobile pickup-only store as it is “overly transactional and lacking warmth and human connection”
Starbucks Corp. is investing in improving its brick-and-mortar experience as part of its turnaround strategy under CEO Brian Niccol. The coffee giant plans to sunset its mobile order and pickup only concept in fiscal 2026. “We found this format to be overly transactional and lacking the warmth and human connection that defines our brand,” Niccol said. “We have a strong digital offering and believe we can deliver the same level of convenience through our community coffee houses with a superior mobile order and pay experience. “ Starbucks has been working on the “coffee house of the future,” Niccol told analysts, and has a new standalone prototype that will open next year. It boasts 32 seats, a drive thru and costs roughly 30% less to build. A small format version of the prototype with approximately 10 seats will open in New York City in the next few months. “We believe this new prototype will deliver an exceptional customer experience, improve unit economics and unlock growth opportunities in more markets,” Niccol said. Starbucks slowed new builds and major renovations to prioritize a new coffee house “uplift” program, with a target investment of approximately $150,000 per store and minimal to no downtime. The uplifts are intended to quickly replace thousands of seats the chain removed and introduce greater texture, warmth and layered design, Niccol said. The program, accelerating now in New York City, will be expanded to Southern California later in the fourth quarter. By the end of calendar year 2026, Starbucks will have completed at least 1,000 uplifts across North America, according to Niccol.
PCI DSS new rules for ecommerce sector requires employing targeted risk analysis to address client-side attacks and implement API and payment script security, rapid detection and response to compromised credentials, and regular vulnerability scans
The Payment Card Industry Data Security Standard (PCI DSS) has expanded its guidance to include numerous security controls for retailers and e-commerce providers. These controls include payment script security, API protection, rapid detection and response to compromised credentials, and regular vulnerability scans. Client-side attacks, such as infostealers and malware, can harvest user credentials and be used for account takeovers and fraud. Web application firewalls (WAFs) are still a strategic security control, but the speed of modern application development requires additional capabilities to dynamically detect and automatically protect endpoints. Attackers constantly retool to bypass defenses, pivoting from web apps to mobile apps or escalating their tactics. The updated PCI DSS includes recommendations for employing targeted risk analysis versus traditional enterprise-wide risk assessments. It addresses the growing threat of client-side attacks with two client-side requirements effective March 31, 2025. Content security policies (CSPs) and subresource integrity (SRI) web methods are difficult to implement and maintain, especially in the e-commerce sector where competition for customer mindshare is driving continuous enhancements to digital experiences. Customers expect seamless and secure transactions, and widely used security controls may not adequately extend protections to client browsers or backend APIs. Bot management solutions that inject user challenges via Captcha are ineffective at deterring sophisticated bots but are effective at frustrating users. To meet PCI DSS compliance mandates, e-commerce providers should consider unified security platforms designed to protect web apps, APIs, and customers throughout the digital life cycle from actual threats targeting their industry.
PlayerZero’s AI agents can find and fix the AI-generated bugs before they are put into production by deeply understanding large code bases and studying the history of an enterprise’s bugs, issues, and solutions
As Silicon Valley races toward a future where AI agents do most of the software programming, a new problem is created: finding the AI-generated bugs before they are put into production. Startup PlayerZero has created a solution: use AI agents trained to find and fix problems before the code is put into production, the startup’s CEO and sole founder, Animesh Koratana said. Koratana created PlayerZero while he was at the Stanford DAWN lab for machine learning under his adviser and lab founder, Matei Zaharia. Zaharia is, a famed developer and the co-founder of Databricks. PlayerZero trains models “that really deeply understand code bases, and we understand the way they’re built, the way they’re architected,” Koratana says. His tech studies the history of an enterprise’s bugs, issues, and solutions. When something breaks, his product can then “figure out why and fix it, and then learn from those mistakes to prevent them from ever happening again,” Koratana says. He likens his product to an immune system for large code bases. PlayerZero is already gaining traction for its emphasis on large codebases. While it was conceived for a world where agents are the coders, it is currently being used by several large enterprises that use coding co-pilots. For instance, subscription billing company Zuora is one of the startup’s marquee customers. Zuora is using the tech across its engineering teams, including to watchdog its most precious code, its billing systems, it said.
FluidCloud’s AI agents can reverse engineer customer’s cloud environment into a “standard infrastructure code” and transform it into strategic and portable assets for it to be cloned and remapped in entirety to another platform in seconds
A startup called FluidCloud has created a simple, one-click platform that employs AI-based agents to help companies quickly clone their cloud infrastructure environment, so it can be ported in its entirety to another cloud platform. FluidCloud co-founder and Chief Executive Sharad Kumar told that the FluidCloud Platform reverse engineers the customer’s environment into a “standard infrastructure definition,” so it can be rapidly remapped across any cloud architecture in seconds. The platform is rooted in AI and “infrastructure as code” principles and helps transform cloud infrastructure designs into strategic and portable assets that can be deployed anywhere. To automate this process, FluidCloud has built an intelligent system of cloud AI agents that are trained to understand and replicate a customer’s entire cloud infrastructure environment. “These agents leverage a programmatic Cloud API mapping engine that we’ve painstakingly developed, covering every layer of compute, networking, storage, IAM, and security policies across multiple providers,” Kumar explained. FluidCloud’s AI agents are prepared to tackle even the biggest workloads running in the cloud, including global-scale applications such as Uber or Trello, Kumar said. Such applications typically have hundreds of microservices deployed across compute, network and storage services on a cloud such as AWS, he said. Using its AI agents, FluidCloud can identify each service and its configuration, copy it and then clone it on the target cloud platform. Once that’s done, FluidCloud provides DevOps teams with a new CI/CD pipeline tailored to the new cloud provider. With a small number of application code tweaks, an app built on AWS can seamlessly run on Google Cloud Platform or Microsoft Azure. Afterwards, the customer will be able to decide if they want to become multicloud or decommission the old application infrastructure.
Debit cards are emerging as credit-like alternative for enabling purchases driven by targeted offers and deals embedded into the apps of alt lenders combined with BNPL, cashback tiers and rewards being baked into them
Although the credit card value proposition still works for many, it no longer works in every situation. The most important credential that has emerged for enabling payment and purchase flexibility is not a new type of credit card—it’s the debit card. And it’s not rewards that drive consumer use and adoption of those alternatives. It’s targeted offers and deals that put real money in the pockets of consumers every time they buy, embedded into the apps that those alternative credit providers provide.Then came BNPL. Users say the main appeal of this new pay-later category is predictability. A purchase divided into four or six or twelve or twenty-four equal payments becomes a known quantity. Klarna is piloting a Visa debit card in the U.S. that bakes in BNPL, cashback tiers and rewards. Sezzle now offers Pay-in-Five. Chase and US Bank are testing Pay-in-4 on debit cards. Debit BNPL is inclusive, serving those who can’t or won’t get a credit card. Smart credentials like Visa’s Flex and Mastercard’s One let consumers set rules for how they want to pay using a single PAN riding debit rails. For smaller banks, this makes them more competitive. For large issuers, it’s a challenge: meet demand or risk losing transactions. Debit, reimagined as a credit-lite alternative, could redefine what “paying with plastic” means. A card that acts like credit without credit checks or interest fees—and lets consumers set rules—starts to look like the future of credit.
Mark Zuckerberg thinks that glasses will be the primary way users interact with AI in the years ahead and those without AI glasses will be at a significant cognitive disadvantage
Echoing sentiments shared in his “superintelligence”-focused blog post, Meta CEO Mark Zuckerberg expanded on his bullish ideas that glasses will be the primary way users interact with AI in the years ahead. During Meta’s second-quarter earnings call, the social networking exec told investors he believes people without AI glasses will be at a disadvantage in the future. “I continue to think that glasses are basically going to be the ideal form factor for AI, because you can let an AI see what you see throughout the day, hear what you hear, [and] talk to you,” Zuckerberg said. Adding a display to those glasses will then unlock more value, he said, whether that’s a wider, holographic field of view, as with Meta’s next-gen Orion AR glasses, or a smaller display that might ship in everyday AI eyewear. “I think in the future, if you don’t have glasses that have AI — or some way to interact with AI — I think you’re … probably [going to] be at a pretty significant cognitive disadvantage compared to other people,” Zuckerberg added. “The other thing that’s awesome about glasses is they are going to be the ideal way to blend the physical and digital worlds together,” he said. “So the whole Metaverse vision, I think, is going to … end up being extremely important, too, and AI is going to accelerate that.”
SEC’s Atkins says most crypto assets are not securities; plans purpose-fit disclosures for crypto securities including for so-called ‘initial coin offerings,’ ‘airdrops’ and network rewards.”; could allow innovation with ‘super-apps’
SEC Chairman Paul Atkins said his agency is launching “Project Crypto” with an aim to make a quick start on the new crypto policies urged by President Donald Trump. Atkins said the effort will be rooted in the recommendations of the President’s Working Group report issued Wednesday by the White House. He described it as “a commission-wide initiative to modernize the securities rules and regulations to enable America’s financial markets to move on-chain.” “I have directed the commission staff to draft clear and simple rules of the road for crypto asset distributions, custody, and trading for public notice and comment,” Atkins said. “While the commission staff works to finalize these regulations, the commission and its staff will in the coming months consider using interpretative, exemptive and other authorities to make sure that archaic rules and regulations do not smother innovation and entrepreneurship in America. Despite what the SEC has said in the past, most crypto assets are not securities,” Atkins said. Atkins suggested his agency will move to begin answering those questions now, working on “clear guidelines that market participants can use to determine whether a crypto asset is a security or subject to an investment contract.” For crypto securities, he said he’s “asked staff to propose purpose-fit disclosures, exemptions, and safe harbors, including for so-called ‘initial coin offerings,’ ‘airdrops’ and network rewards.” Atkins said he means to “allow market participants to innovate with ‘super-apps'” that offer a “broad range of products and services under one roof with a single license.”
Digital marketing platform for financial advisors Wealthtender can automatically structure FAQ content to be more easily surfaced in Google AI Overviews and as direct answers in AI tools by embedding FAQ schema on advisor websites and profiles
Wealthtender, a digital marketing platform for financial advisors and wealth management firms, announced the launch of AI-Optimized FAQs, extending its range of features that play a valuable role in Search Engine Optimization (SEO) and Answer Engine Optimization (AEO). By embedding FAQ schema, a specialized code recognized by search engines and answer engines, Wealthtender automatically structures FAQ content to be more easily surfaced in Google AI Overviews and as direct answers in AI tools. Brian Thorp, Wealthtender founder and CEO. “With traditional search engines evolving to include AI Overviews and the rapid adoption of AI-powered tools like ChatGPT and Gemini, FAQs published on advisor websites and Wealthtender profiles, especially when enhanced with FAQ schema, are more powerful than ever for building trust, visibility, credibility, and increasing the likelihood of an advisor landing on a prospect’s shortlist.” Upon activation of the AI-Optimized FAQs feature, advisors can publish up to 10 questions and answers on their Wealthtender profiles that showcase their expertise and areas of specialization, address common questions, and appear more prominently when prospective clients use Google, ChatGPT, Gemini, and other AI search tools to find and evaluate financial advisors.
Google is indexing conversations with ChatGPT that users have sent to friends, families, or colleagues after clicking “Share” button, turning private exchanges with deeply personal details, into publicly accessible search results
Google is indexing conversations with ChatGPT that users have sent to friends, families, or colleagues—turning private exchanges intended for small groups into search results visible to millions. A basic Google site search using part of the link created when someone proactively clicks “Share” on ChatGPT can uncover conversations where people reveal deeply personal details, including struggles with addiction, experiences of physical abuse, or serious mental health issues—sometimes even fears that AI models are spying on them. While the users’ identities aren’t shown by ChatGPT, some potentially identify themselves by sharing highly specific personal information during the chats. A user might click “Share” to send their conversation to a close friend over WhatsApp or to save the URL for future reference. It’s unclear whether those affected realize their conversations with the bot are now publicly accessible after they click the Share button, presumably thinking they’re doing so to a small audience. Nearly 4,500 conversations come up in results for the Google site search, though many don’t include personal details or identifying information. This is likely not the full count, as Google may not index all conversations.