Radar Traits to Watch: September 2025 – O’Reilly

For higher or for worse, AI has colonized this listing so completely that AI itself is little greater than an inventory of bulletins about new or upgraded fashions. However there are different factors of curiosity. Is it only a coincidence (presumably to do with BlackHat) that a lot occurred in safety up to now month? We’re nonetheless seeing programming languages—even some new programming languages for writing AI prompts! If you happen to’re into retrocomputing, the much-beloved Commodore 64 is again—with an upgraded audio chip, a brand new processor, far more RAM, and all of your previous ports. Heirloom peripherals ought to nonetheless work.

AI

• OpenAI has launched their Realtime APIs. The mannequin helps MCP servers, telephone calls utilizing the SIP protocol, and picture inputs. The discharge contains gpt-realtime, a complicated speech-to-speech mannequin.
• ChatGPT now helps project-only reminiscence. Undertaking reminiscence, which may use earlier conversations for extra context, might be restricted to a selected undertaking. Undertaking-only reminiscence provides extra management over context and prevents one undertaking’s context from contaminating one other.
• FairSense is a framework for investigating whether or not AI programs are truthful early on. FairSense runs long-term simulations to detect whether or not a system will change into unfair because it evolves over time.
• Agents4Science is a brand new tutorial convention through which all of the submissions might be researched, written, reviewed, and introduced primarily by AI (utilizing text-to-speech for shows).
• Drew Breunig’s combine and match cheat sheet for AI job titles is a traditional. 
• Cohere’s Command A Reasoning is one other highly effective, partially open reasoning mannequin. It’s out there on Hugging Face. It claims to outperform gpt-oss-120b and DeepSeek R1-0528.
• DeepSeek has launched DeepSeekV3.1. This can be a hybrid mannequin that helps reasoning and nonreasoning use. It’s additionally quicker than R1 and has been designed for agentic duties. It makes use of reasoning tokens extra economically, and it was a lot inexpensive to coach than GPT-5.
• Anthropic has added the means to terminate chats to Claude Opus. Chats might be terminated if a consumer persists in making dangerous requests. Terminated chats can’t be continued, though customers can begin a brand new chat. The function is at the moment experimental.
• Google has launched its smallest mannequin but: Gemma 3 270M. This mannequin is designed for fine-tuning and for deployment on small, restricted {hardware}. Right here’s a bedtime story generator that runs within the browser, constructed with Gemma 3 270M. 
• ChatGPT has added GMail, Google Calendar, and Google Contacts to its group of connectors, which combine ChatGPT with different purposes. This info might be used to offer further context—and presumably might be used for coaching or discovery in ongoing lawsuits. Fortuitously, it’s (at this level) opt-in. 
• Anthropic has upgraded Claude Sonnet 4 with a 1M token context window. The bigger context window is simply out there by way of the API.
• OpenAI launched GPT-5. Simon Willison’s evaluation is superb. It doesn’t really feel like a breakthrough, however it’s quietly higher at delivering good outcomes. It’s claimed to be much less liable to hallucination and incorrect solutions. One quirk is that with ChatGPT, GPT-5 determines which mannequin ought to reply to your immediate.
• Anthropic is researching persona vectors as a way of coaching a language mannequin to behave appropriately. Steering a mannequin towards inappropriate conduct throughout coaching is usually a form of “vaccination” towards that conduct when the mannequin is deployed, with out compromising different points of the mannequin’s conduct.
• The Darwin Gödel Machine is an agent that may learn and modify its personal code to enhance its efficiency on duties. It could add instruments, re-organize workflows, and consider whether or not these modifications have improved its efficiency.
• Grok is at it once more: producing nude deepfakes of Taylor Swift with out being prompted to take action. I’m positive we’ll be advised that this was the results of an unauthorized modification to the system immediate. In AI, some issues are predictable.
• Anthropic has launched Claude Opus 4.1, an improve to its flagship mannequin. We anticipate this to be the “gold normal” for generative coding.
• OpenAI has launched two open-weight fashions, their first since GPT-2: gpt-oss-120b and gpt-oss-20b. They’re reasoning fashions designed to be used in agentic purposes. Claimed efficiency is much like OpenAI’s o3 and o4-mini.
• OpenAI has additionally launched a “response format” named Concord. It’s not fairly a protocol, however it’s a normal that specifies the format of conversations by defining roles (system, consumer, and so forth.) and channels (last, evaluation, commentary) for a mannequin’s output.
• Can AIs evolve guilt? Guilt is expressed in human language; it’s within the coaching knowledge. The AI that deleted a manufacturing database as a result of it “panicked” definitely expressed guilt. Whether or not an AI’s expressions of guilt are significant in any manner is a special query.
• Claude Code Router is a device for routing Claude Code requests to totally different fashions. You possibly can select totally different fashions for various sorts of requests.
• Qwen has launched a pondering model of their flagship mannequin, known as Qwen3-235B-A22B-Pondering-2507. Pondering can’t be switched on or off. The mannequin was skilled with a brand new reinforcement studying algorithm known as Group Sequence Coverage Optimization. It burns a number of tokens, and it’s not superb at pelicans.
• ChatGPT is releasing “personalities” that management the way it formulates its responses. Customers can choose the persona they wish to reply: robotic, cynic, listener, sage, and presumably extra. 
• DeepMind has created Aeneas, a brand new mannequin designed to assist students perceive historical fragments. In historical textual content, giant items are sometimes lacking. Can AI assist place these fragments into contexts the place they are often understood? Latin solely, for now.

Safety

• The US Cybersecurity and Infrastructure Safety Company (CISA) has warned {that a} critical code execution vulnerability in Git is at the moment being exploited within the wild.
• Is it potential to construct an agentic browser that’s protected from immediate injection? Most likely not. Separating consumer directions from web site content material isn’t potential. If a browser can’t take path from the content material of an internet web page, how is it to behave as an agent?
• The answer to Half 4 of Kryptos, the CIA’s decades-old cryptographic sculpture, is on the market! Jim Sanborn, the creator of Kryptos, is auctioning the answer. He hopes that the winner will protect the key and take over verifying individuals’s claims to have solved the puzzle. 
• Keep in mind XZ, the supply-chain assault that granted backdoor entry by way of a trojaned compression library? It by no means went away. Though the affected libraries have been shortly patched, it’s nonetheless lively, and propagating, by way of Docker photographs that have been constructed with unpatched libraries. Some presents preserve giving.
• For August, Embrace the Purple revealed The Month of AI Bugs, a every day submit about AI vulnerabilities (largely varied types of immediate injection). This collection is crucial studying for AI builders and for safety professionals.
• NIST has finalized a normal for light-weight cryptography. Light-weight cryptography is a cryptographic system designed to be used by small gadgets. It’s helpful each for encrypting delicate knowledge and for authentication. 
• The Darkish Patterns Tip Line is a website for reporting darkish patterns: design options in web sites and purposes which are designed to trick us into performing towards our personal curiosity.
• OpenSSH helps post-quantum key settlement, and in variations 10.1 and later, will warn customers after they choose a non-post-quantum key settlement scheme.
• SVG information can carry a malware payload; pornographic SVGs embody JavaScript payloads that automate clicking “like.” That’s a easy assault with few penalties, however far more is feasible, together with cross-site scripting, denial of service, and different exploits.
• Google’s AI agent for locating safety flaws, Massive Sleep, has discovered 20 flaws in common software program. DeepMind found and reproduced the failings, which have been then verified by human safety specialists and reported. Particulars gained’t be offered till the failings have been mounted.
• The US CISA (Cybersecurity and Infrastructure Safety Company) has open-sourced Thorium, a platform for malware and forensic evaluation.
• Immediate injection, once more: A brand new immediate injection assault embeds directions in language that seems to be copyright notices and different authorized tremendous print. To keep away from litigation, many fashions are configured to prioritize authorized directions.
• Mild might be watermarked; this can be helpful as a method for detecting pretend or manipulated video.
• vCISO (Digital CISO) providers are thriving, significantly amongst small and mid-size companies that may’t afford a full safety staff. The usage of AI is reducing the vCISO workload. However who takes the blame when there’s an incident?
• A phishing assault towards PyPI customers directs them to a pretend PyPI website that tells them to confirm their login credentials. Stolen credentials could possibly be used to plant malware within the real PyPI repository. Customers of Mozilla’s add-on repository have additionally been focused by phishing assaults.
• A brand new ransomware group named Chaos seems to be a rebranding of the BlackSuit group, which was taken down not too long ago. BlackSuit itself is a rebranding of the Royal group, which in flip is a descendant of the Conti group. Whack-a-mole continues.
• Google’s OSS Rebuild undertaking is a vital step ahead in provide chain safety. Rebuild supplies construct definitions together with metadata that may verify initiatives have been constructed appropriately. OSS Rebuild at the moment helps the NPM, PyPl, and Crates ecosystems.
• The JavaScript package deal “is,” which does some easy kind checking, has been contaminated with malware. Provide chain safety is a big situation—watch out what you put in!

Programming

• Claude Code PM is a workflow administration system for programming with Claude. It manages PRDs, GitHub, and parallel execution of coding brokers. It claims to facilitate collaboration between a number of Claude situations engaged on the identical undertaking. 
• Rust is more and more used to implement performance-critical extensions to Python, step by step displacing C. Polars, Pydantic, and FastAPI are three libraries that depend on Rust.
• Microsoft’s Immediate Orchestration Markup Language (POML) is an HTML-like markup language for writing prompts. It’s then compiled into the precise immediate. POML is sweet at templating and has tags for tabular and doc knowledge. Is that this a step ahead? You be the decide.
• Claudia is an “elegant desktop companion” for Claude Code; it turns terminal-based Claude Code into one thing extra like an IDE, although it appears to focus extra on the workflow than on coding.
• Google’s LangExtract is a straightforward however highly effective Python library for extracting textual content from paperwork. It depends on examples, relatively than common expressions or different hacks, and exhibits the precise context through which the extracts happen. LangExtract is open supply.
• Microsoft seems to be integrating GitHub into its AI staff relatively than working it as an impartial group. What this implies for GitHub customers is unclear. 
• Cursor now has a command-line interface, nearly definitely a belated response to the success of Claude Code CLI and Gemini CLI. 
• Latency is an issue for enterprise AI. And the basis reason behind latency in AI purposes is normally the database.
• The Commodore 64 is again. With a number of orders of magnitude extra RAM. And all the unique ports, plus HDMI. 
• Google has introduced Gemini CLI GitHub Actions, an addition to their agentic coder that enables it to work immediately with GitHub repositories. 
• JetBrains is creating a brand new programming language to be used when programming with LLMs. That language could also be a dialect of English. (Formal casual languages, anybody?) 
• Pony is a brand new programming language that’s type-safe, memory-safe, exception-safe, race-safe, and deadlock-safe. You possibly can strive it in a browser-based playground.

Net

• The AT Protocol is the core of Bluesky. Right here’s a tutorial; use it to construct your personal Bluesky providers, in flip making Bluesky actually federate. 
• Social media is damaged, and most likely can’t be mounted. Now you understand. The shock is that the issue isn’t “algorithms” for maximizing engagement; take algorithms away and the whole lot stays the identical or will get worse. 
• The Tiny Awards Finalists present simply how a lot is feasible on the Net. They’re transferring, artistic, and playful. For instance, the Site visitors Cam Photobooth lets individuals use site visitors cameras to take footage of themselves, enjoying with ever-present automated surveillance.
• A US federal court docket has discovered that Fb illegally collected knowledge from the ladies’s well being app Flo. 
• The HTML Hobbyist is a superb website for individuals who wish to create their very own presence on the net—outdoors of walled gardens, with out mind-crushing frameworks. It’s not troublesome, and it’s not costly.

Biology and Quantum Computing

• Scientists have created organic qubits: quantum qubits constructed from proteins in dwelling cells. These most likely gained’t be used to interrupt cryptography, however they’re probably to provide us perception into how quantum processes work inside dwelling issues.