Radar Tendencies to Watch: September 2025 – O’Reilly

For higher or for worse, AI has colonized this record so totally that AI itself is little greater than a listing of bulletins about new or upgraded fashions. However there are different factors of curiosity. Is it only a coincidence (presumably to do with BlackHat) that a lot occurred in safety up to now month? We’re nonetheless seeing programming languages—even some new programming languages for writing AI prompts! For those who’re into retrocomputing, the much-beloved Commodore 64 is again—with an upgraded audio chip, a brand new processor, rather more RAM, and all of your previous ports. Heirloom peripherals ought to nonetheless work.

AI

• OpenAI has launched their Realtime APIs. The mannequin helps MCP servers, telephone calls utilizing the SIP protocol, and picture inputs. The discharge consists of gpt-realtime, a sophisticated speech-to-speech mannequin.
• ChatGPT now helps project-only reminiscence. Mission reminiscence, which might use earlier conversations for added context, will be restricted to a particular challenge. Mission-only reminiscence offers extra management over context and prevents one challenge’s context from contaminating one other.
• FairSense is a framework for investigating whether or not AI methods are honest early on. FairSense runs long-term simulations to detect whether or not a system will turn into unfair because it evolves over time.
• Agents4Science is a brand new educational convention during which all of the submissions will probably be researched, written, reviewed, and offered primarily by AI (utilizing text-to-speech for shows).
• Drew Breunig’s combine and match cheat sheet for AI job titles is a traditional. 
• Cohere’s Command A Reasoning is one other highly effective, partially open reasoning mannequin. It’s obtainable on Hugging Face. It claims to outperform gpt-oss-120b and DeepSeek R1-0528.
• DeepSeek has launched DeepSeekV3.1. This can be a hybrid mannequin that helps reasoning and nonreasoning use. It’s additionally sooner than R1 and has been designed for agentic duties. It makes use of reasoning tokens extra economically, and it was a lot cheaper to coach than GPT-5.
• Anthropic has added the capacity to terminate chats to Claude Opus. Chats will be terminated if a person persists in making dangerous requests. Terminated chats can’t be continued, though customers can begin a brand new chat. The characteristic is presently experimental.
• Google has launched its smallest mannequin but: Gemma 3 270M. This mannequin is designed for fine-tuning and for deployment on small, restricted {hardware}. Right here’s a bedtime story generator that runs within the browser, constructed with Gemma 3 270M. 
• ChatGPT has added GMail, Google Calendar, and Google Contacts to its group of connectors, which combine ChatGPT with different purposes. This data will probably be used to supply further context—and presumably will probably be used for coaching or discovery in ongoing lawsuits. Thankfully, it’s (at this level) opt-in. 
• Anthropic has upgraded Claude Sonnet 4 with a 1M token context window. The bigger context window is barely obtainable through the API.
• OpenAI launched GPT-5. Simon Willison’s overview is superb. It doesn’t really feel like a breakthrough, however it’s quietly higher at delivering good outcomes. It’s claimed to be much less vulnerable to hallucination and incorrect solutions. One quirk is that with ChatGPT, GPT-5 determines which mannequin ought to reply to your immediate.
• Anthropic is researching persona vectors as a method of coaching a language mannequin to behave accurately. Steering a mannequin towards inappropriate conduct throughout coaching could be a form of “vaccination” towards that conduct when the mannequin is deployed, with out compromising different elements of the mannequin’s conduct.
• The Darwin Gödel Machine is an agent that may learn and modify its personal code to enhance its efficiency on duties. It may well add instruments, re-organize workflows, and consider whether or not these modifications have improved its efficiency.
• Grok is at it once more: producing nude deepfakes of Taylor Swift with out being prompted to take action. I’m positive we’ll be informed that this was the results of an unauthorized modification to the system immediate. In AI, some issues are predictable.
• Anthropic has launched Claude Opus 4.1, an improve to its flagship mannequin. We anticipate this to be the “gold customary” for generative coding.
• OpenAI has launched two open-weight fashions, their first since GPT-2: gpt-oss-120b and gpt-oss-20b. They’re reasoning fashions designed to be used in agentic purposes. Claimed efficiency is much like OpenAI’s o3 and o4-mini.
• OpenAI has additionally launched a “response format” named Concord. It’s not fairly a protocol, however it’s a customary that specifies the format of conversations by defining roles (system, person, and many others.) and channels (closing, evaluation, commentary) for a mannequin’s output.
• Can AIs evolve guilt? Guilt is expressed in human language; it’s within the coaching information. The AI that deleted a manufacturing database as a result of it “panicked” actually expressed guilt. Whether or not an AI’s expressions of guilt are significant in any means is a distinct query.
• Claude Code Router is a software for routing Claude Code requests to totally different fashions. You may select totally different fashions for various sorts of requests.
• Qwen has launched a considering model of their flagship mannequin, known as Qwen3-235B-A22B-Pondering-2507. Pondering can’t be switched on or off. The mannequin was educated with a brand new reinforcement studying algorithm known as Group Sequence Coverage Optimization. It burns plenty of tokens, and it’s not excellent at pelicans.
• ChatGPT is releasing “personalities” that management the way it formulates its responses. Customers can choose the character they need to reply: robotic, cynic, listener, sage, and presumably extra. 
• DeepMind has created Aeneas, a brand new mannequin designed to assist students perceive historical fragments. In historical textual content, massive items are sometimes lacking. Can AI assist place these fragments into contexts the place they are often understood? Latin solely, for now.

Safety

• The US Cybersecurity and Infrastructure Safety Company (CISA) has warned {that a} critical code execution vulnerability in Git is presently being exploited within the wild.
• Is it attainable to construct an agentic browser that’s protected from immediate injection? Most likely not. Separating person directions from web site content material isn’t attainable. If a browser can’t take course from the content material of an internet web page, how is it to behave as an agent?
• The answer to Half 4 of Kryptos, the CIA’s decades-old cryptographic sculpture, is on the market! Jim Sanborn, the creator of Kryptos, is auctioning the answer. He hopes that the winner will protect the key and take over verifying folks’s claims to have solved the puzzle. 
• Bear in mind XZ, the supply-chain assault that granted backdoor entry through a trojaned compression library? It by no means went away. Though the affected libraries have been rapidly patched, it’s nonetheless lively, and propagating, through Docker photographs that have been constructed with unpatched libraries. Some presents hold giving.
• For August, Embrace the Pink printed The Month of AI Bugs, a each day submit about AI vulnerabilities (largely numerous types of immediate injection). This collection is important studying for AI builders and for safety professionals.
• NIST has finalized a customary for light-weight cryptography. Light-weight cryptography is a cryptographic system designed to be used by small units. It’s helpful each for encrypting delicate information and for authentication. 
• The Darkish Patterns Tip Line is a website for reporting darkish patterns: design options in web sites and purposes which might be designed to trick us into appearing towards our personal curiosity.
• OpenSSH helps post-quantum key settlement, and in variations 10.1 and later, will warn customers after they choose a non-post-quantum key settlement scheme.
• SVG recordsdata can carry a malware payload; pornographic SVGs embody JavaScript payloads that automate clicking “like.” That’s a easy assault with few penalties, however rather more is feasible, together with cross-site scripting, denial of service, and different exploits.
• Google’s AI agent for locating safety flaws, Massive Sleep, has discovered 20 flaws in well-liked software program. DeepMind found and reproduced the failings, which have been then verified by human safety specialists and reported. Particulars received’t be offered till the failings have been mounted.
• The US CISA (Cybersecurity and Infrastructure Safety Company) has open-sourced Thorium, a platform for malware and forensic evaluation.
• Immediate injection, once more: A brand new immediate injection assault embeds directions in language that seems to be copyright notices and different authorized nice print. To keep away from litigation, many fashions are configured to prioritize authorized directions.
• Mild will be watermarked; this can be helpful as a way for detecting faux or manipulated video.
• vCISO (Digital CISO) companies are thriving, significantly amongst small and mid-size companies that may’t afford a full safety group. The usage of AI is chopping the vCISO workload. However who takes the blame when there’s an incident?
• A phishing assault towards PyPI customers directs them to a faux PyPI website that tells them to confirm their login credentials. Stolen credentials might be used to plant malware within the real PyPI repository. Customers of Mozilla’s add-on repository have additionally been focused by phishing assaults.
• A brand new ransomware group named Chaos seems to be a rebranding of the BlackSuit group, which was taken down just lately. BlackSuit itself is a rebranding of the Royal group, which in flip is a descendant of the Conti group. Whack-a-mole continues.
• Google’s OSS Rebuild challenge is a crucial step ahead in provide chain safety. Rebuild gives construct definitions together with metadata that may affirm initiatives have been constructed accurately. OSS Rebuild presently helps the NPM, PyPl, and Crates ecosystems.
• The JavaScript bundle “is,” which does some easy kind checking, has been contaminated with malware. Provide chain safety is a big difficulty—watch out what you put in!

Programming

• Claude Code PM is a workflow administration system for programming with Claude. It manages PRDs, GitHub, and parallel execution of coding brokers. It claims to facilitate collaboration between a number of Claude cases engaged on the identical challenge. 
• Rust is more and more used to implement performance-critical extensions to Python, steadily displacing C. Polars, Pydantic, and FastAPI are three libraries that depend on Rust.
• Microsoft’s Immediate Orchestration Markup Language (POML) is an HTML-like markup language for writing prompts. It’s then compiled into the precise immediate. POML is nice at templating and has tags for tabular and doc information. Is that this a step ahead? You be the decide.
• Claudia is an “elegant desktop companion” for Claude Code; it turns terminal-based Claude Code into one thing extra like an IDE, although it appears to focus extra on the workflow than on coding.
• Google’s LangExtract is a straightforward however highly effective Python library for extracting textual content from paperwork. It depends on examples, somewhat than common expressions or different hacks, and reveals the precise context during which the extracts happen. LangExtract is open supply.
• Microsoft seems to be integrating GitHub into its AI group somewhat than working it as an impartial group. What this implies for GitHub customers is unclear. 
• Cursor now has a command-line interface, virtually actually a belated response to the success of Claude Code CLI and Gemini CLI. 
• Latency is an issue for enterprise AI. And the basis explanation for latency in AI purposes is normally the database.
• The Commodore 64 is again. With a number of orders of magnitude extra RAM. And all the unique ports, plus HDMI. 
• Google has introduced Gemini CLI GitHub Actions, an addition to their agentic coder that enables it to work immediately with GitHub repositories. 
• JetBrains is creating a brand new programming language to be used when programming with LLMs. That language could also be a dialect of English. (Formal casual languages, anybody?) 
• Pony is a brand new programming language that’s type-safe, memory-safe, exception-safe, race-safe, and deadlock-safe. You may attempt it in a browser-based playground.

Net

• The AT Protocol is the core of Bluesky. Right here’s a tutorial; use it to construct your individual Bluesky companies, in flip making Bluesky actually federate. 
• Social media is damaged, and in all probability can’t be mounted. Now you already know. The shock is that the issue isn’t “algorithms” for maximizing engagement; take algorithms away and the whole lot stays the identical or will get worse. 
• The Tiny Awards Finalists present simply how a lot is feasible on the Net. They’re transferring, inventive, and playful. For instance, the Site visitors Cam Photobooth lets folks use visitors cameras to take photos of themselves, taking part in with ever-present automated surveillance.
• A US federal courtroom has discovered that Fb illegally collected information from the ladies’s well being app Flo. 
• The HTML Hobbyist is a good website for individuals who need to create their very own presence on the net—exterior of walled gardens, with out mind-crushing frameworks. It’s not troublesome, and it’s not costly.

Biology and Quantum Computing

• Scientists have created organic qubits: quantum qubits constructed from proteins in dwelling cells. These in all probability received’t be used to interrupt cryptography, however they’re doubtless to offer us perception into how quantum processes work inside dwelling issues.