Radar Tendencies to Watch: September 2025 – O’Reilly

For higher or for worse, AI has colonized this listing so totally that AI itself is little greater than an inventory of bulletins about new or upgraded fashions. However there are different factors of curiosity. Is it only a coincidence (probably to do with BlackHat) that a lot occurred in safety up to now month? We’re nonetheless seeing programming languages—even some new programming languages for writing AI prompts! Should you’re into retrocomputing, the much-beloved Commodore 64 is again—with an upgraded audio chip, a brand new processor, rather more RAM, and all of your previous ports. Heirloom peripherals ought to nonetheless work.

AI

• OpenAI has launched their Realtime APIs. The mannequin helps MCP servers, telephone calls utilizing the SIP protocol, and picture inputs. The discharge consists of gpt-realtime, a sophisticated speech-to-speech mannequin.
• ChatGPT now helps project-only reminiscence. Challenge reminiscence, which may use earlier conversations for extra context, may be restricted to a selected venture. Challenge-only reminiscence provides extra management over context and prevents one venture’s context from contaminating one other.
• FairSense is a framework for investigating whether or not AI methods are truthful early on. FairSense runs long-term simulations to detect whether or not a system will grow to be unfair because it evolves over time.
• Agents4Science is a brand new tutorial convention by which all of the submissions might be researched, written, reviewed, and introduced primarily by AI (utilizing text-to-speech for displays).
• Drew Breunig’s combine and match cheat sheet for AI job titles is a traditional. 
• Cohere’s Command A Reasoning is one other highly effective, partially open reasoning mannequin. It’s accessible on Hugging Face. It claims to outperform gpt-oss-120b and DeepSeek R1-0528.
• DeepSeek has launched DeepSeekV3.1. It is a hybrid mannequin that helps reasoning and nonreasoning use. It’s additionally sooner than R1 and has been designed for agentic duties. It makes use of reasoning tokens extra economically, and it was a lot inexpensive to coach than GPT-5.
• Anthropic has added the skill to terminate chats to Claude Opus. Chats may be terminated if a consumer persists in making dangerous requests. Terminated chats can’t be continued, though customers can begin a brand new chat. The function is at present experimental.
• Google has launched its smallest mannequin but: Gemma 3 270M. This mannequin is designed for fine-tuning and for deployment on small, restricted {hardware}. Right here’s a bedtime story generator that runs within the browser, constructed with Gemma 3 270M. 
• ChatGPT has added GMail, Google Calendar, and Google Contacts to its group of connectors, which combine ChatGPT with different purposes. This data might be used to offer further context—and presumably might be used for coaching or discovery in ongoing lawsuits. Happily, it’s (at this level) opt-in. 
• Anthropic has upgraded Claude Sonnet 4 with a 1M token context window. The bigger context window is simply accessible through the API.
• OpenAI launched GPT-5. Simon Willison’s assessment is great. It doesn’t really feel like a breakthrough, however it’s quietly higher at delivering good outcomes. It’s claimed to be much less susceptible to hallucination and incorrect solutions. One quirk is that with ChatGPT, GPT-5 determines which mannequin ought to reply to your immediate.
• Anthropic is researching persona vectors as a method of coaching a language mannequin to behave accurately. Steering a mannequin towards inappropriate conduct throughout coaching generally is a type of “vaccination” towards that conduct when the mannequin is deployed, with out compromising different points of the mannequin’s conduct.
• The Darwin Gödel Machine is an agent that may learn and modify its personal code to enhance its efficiency on duties. It could add instruments, re-organize workflows, and consider whether or not these modifications have improved its efficiency.
• Grok is at it once more: producing nude deepfakes of Taylor Swift with out being prompted to take action. I’m positive we’ll be instructed that this was the results of an unauthorized modification to the system immediate. In AI, some issues are predictable.
• Anthropic has launched Claude Opus 4.1, an improve to its flagship mannequin. We anticipate this to be the “gold normal” for generative coding.
• OpenAI has launched two open-weight fashions, their first since GPT-2: gpt-oss-120b and gpt-oss-20b. They’re reasoning fashions designed to be used in agentic purposes. Claimed efficiency is just like OpenAI’s o3 and o4-mini.
• OpenAI has additionally launched a “response format” named Concord. It’s not fairly a protocol, however it’s a normal that specifies the format of conversations by defining roles (system, consumer, and so forth.) and channels (ultimate, evaluation, commentary) for a mannequin’s output.
• Can AIs evolve guilt? Guilt is expressed in human language; it’s within the coaching information. The AI that deleted a manufacturing database as a result of it “panicked” actually expressed guilt. Whether or not an AI’s expressions of guilt are significant in any means is a unique query.
• Claude Code Router is a instrument for routing Claude Code requests to completely different fashions. You possibly can select completely different fashions for various sorts of requests.
• Qwen has launched a pondering model of their flagship mannequin, referred to as Qwen3-235B-A22B-Pondering-2507. Pondering can’t be switched on or off. The mannequin was skilled with a brand new reinforcement studying algorithm referred to as Group Sequence Coverage Optimization. It burns lots of tokens, and it’s not superb at pelicans.
• ChatGPT is releasing “personalities” that management the way it formulates its responses. Customers can choose the persona they wish to reply: robotic, cynic, listener, sage, and presumably extra. 
• DeepMind has created Aeneas, a brand new mannequin designed to assist students perceive historic fragments. In historic textual content, massive items are sometimes lacking. Can AI assist place these fragments into contexts the place they are often understood? Latin solely, for now.

Safety

• The US Cybersecurity and Infrastructure Safety Company (CISA) has warned {that a} critical code execution vulnerability in Git is at present being exploited within the wild.
• Is it attainable to construct an agentic browser that’s protected from immediate injection? In all probability not. Separating consumer directions from web site content material isn’t attainable. If a browser can’t take path from the content material of an internet web page, how is it to behave as an agent?
• The answer to Half 4 of Kryptos, the CIA’s decades-old cryptographic sculpture, is on the market! Jim Sanborn, the creator of Kryptos, is auctioning the answer. He hopes that the winner will protect the key and take over verifying folks’s claims to have solved the puzzle. 
• Bear in mind XZ, the supply-chain assault that granted backdoor entry through a trojaned compression library? It by no means went away. Though the affected libraries have been shortly patched, it’s nonetheless energetic, and propagating, through Docker photographs that have been constructed with unpatched libraries. Some items maintain giving.
• For August, Embrace the Purple printed The Month of AI Bugs, a day by day put up about AI vulnerabilities (largely numerous types of immediate injection). This sequence is crucial studying for AI builders and for safety professionals.
• NIST has finalized a normal for light-weight cryptography. Light-weight cryptography is a cryptographic system designed to be used by small units. It’s helpful each for encrypting delicate information and for authentication. 
• The Darkish Patterns Tip Line is a web site for reporting darkish patterns: design options in web sites and purposes which are designed to trick us into appearing towards our personal curiosity.
• OpenSSH helps post-quantum key settlement, and in variations 10.1 and later, will warn customers after they choose a non-post-quantum key settlement scheme.
• SVG information can carry a malware payload; pornographic SVGs embody JavaScript payloads that automate clicking “like.” That’s a easy assault with few penalties, however rather more is feasible, together with cross-site scripting, denial of service, and different exploits.
• Google’s AI agent for locating safety flaws, Massive Sleep, has discovered 20 flaws in common software program. DeepMind found and reproduced the failings, which have been then verified by human safety consultants and reported. Particulars gained’t be offered till the failings have been mounted.
• The US CISA (Cybersecurity and Infrastructure Safety Company) has open-sourced Thorium, a platform for malware and forensic evaluation.
• Immediate injection, once more: A brand new immediate injection assault embeds directions in language that seems to be copyright notices and different authorized high-quality print. To keep away from litigation, many fashions are configured to prioritize authorized directions.
• Mild may be watermarked; this can be helpful as a method for detecting faux or manipulated video.
• vCISO (Digital CISO) companies are thriving, significantly amongst small and mid-size companies that may’t afford a full safety group. Using AI is slicing the vCISO workload. However who takes the blame when there’s an incident?
• A phishing assault towards PyPI customers directs them to a faux PyPI web site that tells them to confirm their login credentials. Stolen credentials may very well be used to plant malware within the real PyPI repository. Customers of Mozilla’s add-on repository have additionally been focused by phishing assaults.
• A brand new ransomware group named Chaos seems to be a rebranding of the BlackSuit group, which was taken down just lately. BlackSuit itself is a rebranding of the Royal group, which in flip is a descendant of the Conti group. Whack-a-mole continues.
• Google’s OSS Rebuild venture is a crucial step ahead in provide chain safety. Rebuild supplies construct definitions together with metadata that may affirm tasks have been constructed accurately. OSS Rebuild at present helps the NPM, PyPl, and Crates ecosystems.
• The JavaScript package deal “is,” which does some easy sort checking, has been contaminated with malware. Provide chain safety is a large challenge—watch out what you put in!

Programming

• Claude Code PM is a workflow administration system for programming with Claude. It manages PRDs, GitHub, and parallel execution of coding brokers. It claims to facilitate collaboration between a number of Claude situations engaged on the identical venture. 
• Rust is more and more used to implement performance-critical extensions to Python, step by step displacing C. Polars, Pydantic, and FastAPI are three libraries that depend on Rust.
• Microsoft’s Immediate Orchestration Markup Language (POML) is an HTML-like markup language for writing prompts. It’s then compiled into the precise immediate. POML is nice at templating and has tags for tabular and doc information. Is that this a step ahead? You be the choose.
• Claudia is an “elegant desktop companion” for Claude Code; it turns terminal-based Claude Code into one thing extra like an IDE, although it appears to focus extra on the workflow than on coding.
• Google’s LangExtract is a straightforward however highly effective Python library for extracting textual content from paperwork. It depends on examples, somewhat than common expressions or different hacks, and reveals the precise context by which the extracts happen. LangExtract is open supply.
• Microsoft seems to be integrating GitHub into its AI group somewhat than operating it as an unbiased group. What this implies for GitHub customers is unclear. 
• Cursor now has a command-line interface, nearly actually a belated response to the success of Claude Code CLI and Gemini CLI. 
• Latency is an issue for enterprise AI. And the foundation reason for latency in AI purposes is often the database.
• The Commodore 64 is again. With a number of orders of magnitude extra RAM. And all the unique ports, plus HDMI. 
• Google has introduced Gemini CLI GitHub Actions, an addition to their agentic coder that permits it to work instantly with GitHub repositories. 
• JetBrains is growing a brand new programming language to be used when programming with LLMs. That language could also be a dialect of English. (Formal casual languages, anybody?) 
• Pony is a brand new programming language that’s type-safe, memory-safe, exception-safe, race-safe, and deadlock-safe. You possibly can attempt it in a browser-based playground.

Net

• The AT Protocol is the core of Bluesky. Right here’s a tutorial; use it to construct your individual Bluesky companies, in flip making Bluesky really federate. 
• Social media is damaged, and most likely can’t be mounted. Now you realize. The shock is that the issue isn’t “algorithms” for maximizing engagement; take algorithms away and all the pieces stays the identical or will get worse. 
• The Tiny Awards Finalists present simply how a lot is feasible on the Net. They’re transferring, artistic, and playful. For instance, the Site visitors Cam Photobooth lets folks use site visitors cameras to take photos of themselves, enjoying with ever-present automated surveillance.
• A US federal courtroom has discovered that Fb illegally collected information from the ladies’s well being app Flo. 
• The HTML Hobbyist is a superb web site for individuals who wish to create their very own presence on the net—outdoors of walled gardens, with out mind-crushing frameworks. It’s not troublesome, and it’s not costly.

Biology and Quantum Computing

• Scientists have created organic qubits: quantum qubits constructed from proteins in dwelling cells. These most likely gained’t be used to interrupt cryptography, however they’re seemingly to provide us perception into how quantum processes work inside dwelling issues.