Blogroll

Microsoft just dropped an emergency out-of-band update, KB5071959, to fix a critical bug that was preventing Windows 10 users from enrolling in the paid Extended Security Updates or ESU program. This is a big deal because Windows 10 officially hit its end-of-support date on October 14, 2025.

Equipment failures in NASA's Deep Space Network have disrupted spacecraft communications and stalled near-Earth asteroid studies for nearly two months.

As the federal government remains shut down, engineers are racing to restore the space agency's historic 230-foot-wide radio dish near Barstow, Calif. The massive dish, about the size of a Boeing 747 jet, broke down on Sept. 16. 

Known since 1966 as the Mars Antenna for receiving the first signals from a spacecraft closely observing the Red Planet, the giant dish over-rotated during operations, straining cables and pipes at its center. Damaged hoses from the fire suppression system also caused flooding, though the water damage was quickly abated, according to NASA in a statement to Mashable.

NASA has established a formal mishap investigation board to examine what led to the antenna’s damage. 

"The antenna remains offline as the board members, engineers, and technicians evaluate the structure and make recommendations and repairs," said Ian O'Neill, a NASA Jet Propulsion Laboratory spokesperson. "There is no danger to the public." 

Due to the shutdown, NASA employees could not respond to questions for weeks. But as a Senate vote signaled progress toward reopening the government, the agency began providing limited information to Mashable's inquiry. 

SEE ALSO: NASA astronaut class appears to be first without Black recruits in 40 years

The repair timeline remains unclear, leaving open the question of how the outage may affect preparations for Artemis II, a 10-day crewed mission that will orbit the moon as early as next year. Its predecessor, Artemis I, needed more than 900 hours of Deep Space Network support in 2022 and briefly lost contact during flight, underscoring the system’s fragility.

Founded in 1963, NASA’s Deep Space Network is the world’s largest and most powerful system for communicating with spacecraft. It commands and monitors more than 40 missions, with more on the way. The network’s three antenna complexes — in California, Spain, and Australia — work around the clock so that at least one site can always reach spacecraft as Earth turns.

Upon the network's 50th anniversary in 2013, Al Bhanji, who used to manage it, explained how crucial the system had been for practically everything NASA had undertaken in space. 

"Without the DSN, we would never have been able to undertake voyages to Mercury and Venus, visit asteroids and comets," Bhanji said then. "We'd never have seen the stunning images of robots on Mars, or close-up views of the majestic rings of Saturn."

It's no secret in the aerospace community that the network is overburdened. The NASA inspector general, who acts as the federal watchdog over the agency, has pressed for upgrades to the aging infrastructure. Over the past 30 years, data flowing through it has increased sharply, exceeding what the system was built to handle by 40 percent. Under NASA's Deep Space Network Aperture Enhancement Program, the agency is adding six dishes, including a new 112-foot-wide antenna in California slated to go online in 2026. 

The damaged Mars Antenna is the largest dish at the Goldstone Complex in California, capable of tracking spacecraft traveling tens of billions of miles from Earth. It was expanded to its current size in 1988 to support the Voyager 2 mission, which has since exited the solar system, along with Voyager 1. 

As the world's most sensitive planetary radar, the dish is also used to "ping" near-Earth asteroids. This allows scientists to determine an asteroid's position and speed, giving them the ability to estimate a rock's trajectory, crucial for tracking asteroids that could potentially slam into Earth. Researchers can also use the radar to "image" the objects. Though most asteroids are studied with optical telescopes, radar images can provide information about the physical properties of the rocks, like their shapes and sizes.

Under NASA's Deep Space Network Aperture Enhancement Program, the agency is adding six dishes, including a new 112-foot-wide antenna in California slated to go online in 2026.  Credit: NASA / JPL-Caltech

After the Arecibo Observatory in Puerto Rico collapsed in 2020, the NASA dish ramped up its radio astronomy to fill the void. Since then, the Mars Antenna has detected over 200 near-Earth asteroids. At the end of last year, more than half had been classified as "potentially hazardous." 

It's uncertain how long the antenna will remain out of service, but all of its scheduled asteroid observations have been canceled at least through the end of this year. 

"NASA will provide information on the board’s findings and next steps to the antenna’s service after the federal government reopens," a spokesperson said. 

Though failures in the network of this kind are rare, the legendary antenna in the Mojave desert has survived setbacks in the past. In 2014, a welder accidentally dropped a handrail while conducting maintenance, for example, puncturing a hole in the dish. In 1992, a magnitude-7.4 earthquake also damaged the antenna, requiring repairs.

While free food certainly can't compare to the sacrifices veterans and active duty military members have made for Americans, it's just a tiny way to say thank you for your service. In honor of Veterans Day 2025 on Tuesday, Nov. 11, many restaurants are offering U.S. vets and military personnel free meals, coffee, and more.

We've rounded up a select few deals you can find at chain restaurants near you today, but be sure to check out military.com for even more specials. For most deals, you'll need to show either a military ID, VA benefits photo ID card, Veterans ID Card, or other proof of service.

Veterans Day 2025 freebiesApplebee's

Veterans and active duty military can enjoy a free entree from the Applebee's Veterans Day menu on Nov. 11.

Arby's

Show your military ID and get a free Classic Roast Beef Sandwich on Nov. 11.

California Pizza Kitchen

Enjoy a free entree and beverage from a special prix fixe menu by showing your military ID while dining in on Nov. 11 at participating California Pizza Kitchen locations.

Veterans and active duty military can also get a buy one, get one bounce back card for a future visit — valid on pizza, pasta, or salad from Nov. 12 through 25.

Chili’s

All veterans and active military personnel can enjoy a free entree from a special menu at Chili's while dining in at any location on Nov. 11.

Chipotle

Got a valid military ID? You can enjoy a second entree free at Chipotle with the purchase of another between 4 p.m. and 8 p.m. local time on Nov. 11.

Cracker Barrel

Cracker Barrel is saluting veterans and active military with free Sunrise Pancake specials when dining in at nearly all locations.

Dave & Buster’s

Get a free entree (up to $20) and a $10 Power Card for gameplay on Nov. 11 by showing a valid military ID at Dave & Buster's.

Fazoli’s

When you present a valid military ID or wear a military uniform when dining in at Fazoli's, you can get a free Spaghetti with Marinara or Meat Sauce with the code VET25.

Firehouse Subs

On Nov. 11, Firehouse Subs is running a buy one, get one free offer on subs for military personnel and veterans with a valid ID. The offer is only valid in stores.

IHOP

Show proof of military service when dining in at participating IHOP locations on Nov. 11 and enjoy a free Red, White and Blueberry Pancake Combo.

In-N-Out Burger

Craving In-N-Out? Veterans, active military, Reserves, and National Guard members can enjoy a free meal with a valid ID on Nov. 11.

Krispy Kreme

Get a free donut and small coffee at Krispy Kreme with a valid military ID at Krispy Kreme on Nov. 11. This offer is only valid in stores.

Red Lobster

Dine in at Red Lobster on Nov. 11 and show proof of service to get a free Shrimp & Chips entree.

Red Robin

Red Robin is giving all veterans and active military personnel free Red's Big Tavern Burgers with a choice of Bottomless sides at participating locations on Nov. 11. Just show a valid military ID to claim yours.

Shake Shack

Active and retired military personnel can enjoy free Big Shacks — the restaurant's newest menu item — at Shake Shack on Nov. 11 with a valid military ID while supplies last.

Sheetz

All veterans and active duty military personnel can enjoy a free half turkey sub and a regular size fountain drink at any Sheetz location with proof of service. Sheetz will also provide free car washes to vets and active military on Nov. 11.

Starbucks

Veterans, active military, and military spouses can enjoy free tall coffees at Starbucks on Nov. 11.

Texas Roadhouse

Between 11 a.m. and 2 p.m. local time, Texas Roadhouse is giving veterans and active military members free meal vouchers with military ID of any sort to be redeemed through May 2026.

It’s that time again: Google is dropping a fresh update for Pixel phones. Get ready for some image editing tools in Google Messages, more organized notifications, and a new way to squeeze more juice out of your battery when you need it most.

A good VPN doesn't have to cost much. If you buy at the right time, or know where to find the best deals, you can sign up for some of the best VPN providers at a fraction of their headline prices. Here's how to avoid overpaying and to find the VPN that fits your needs.

AMD's latest and greatest thing is still Zen 5. They launched late last year and still provide amazing performance, even as Intel goes through with the launch of its own latest Series 3 chips. That doesn't mean that AMD isn't working on what's next after this. Not only is it already hard at work with that, but it's also working on what's next after that.

The holidays are almost upon us, and Google is giving us some security advice as a gift.

In a wide-ranging fraud and scam advisory blog post on its website, Google warned users of a number things, including malicious VPNs. According to Google, there are bad-faith actors disguising their software as legitimate VPNs for users who feel they might need such a thing. Anyone who downloads one of these might be subject to data theft (or worse). Google did not name any specific examples of VPNs you shouldn't mess with, however.

SEE ALSO: Google warns about major online scam threats for November. See the list.

While it was light on specifics, Google did offer some advice that should help keep you safe.

"Only download VPN apps from official sources, and check for apps with the VPN badge in Google Play. Be skeptical of free offers and avoid sideloading unknown apps," Google wrote. "Users should look carefully at the app's requested permissions — a VPN should not need access to things like your contacts or private messages. Always pay attention to browser download warnings and keep your antivirus software enabled."

In other words, don't sideload strange apps onto your Android device if you don't know where it's coming from. If you're getting something from the Play Store, there should be a verification badge letting you know it's OK to use. Follow this advice and you should have an easier time avoiding serious problems this holiday season.

Best early Black Friday MacBook deals at a glance Best overall MacBook deal Apple MacBook Air, 13-inch (M4, 16GB RAM, 256GB SSD) $749.99 (save $249.01) Get Deal Best MacBook Pro deal Apple MacBook Pro, 14-inch (M4 Pro, 24GB RAM, 512GB SSD) $1,779 (save $220) Get Deal Best MacBook M5 deal Apple MacBook Pro, 14-inch (M5, 16GB RAM, 512GB SSD) $1,538 (save $61) Get Deal Best budget MacBook deal Apple MacBook Air, 13-inch (M1, 8GB RAM, 256GB SSD) $599 (save $50) Get Deal

You might still be enjoying leftover Halloween candy, but the calendar days are rolling by and Black Friday is hot on out heels. While most major retailers like Amazon and Best Buy have the official kick-off date set for Nov. 20, plenty of deals are already on offer that are well worth adding to your cart. Shop great Lego sets, today's best tech, portable power stations, and tons more.

SEE ALSO: The 20+ best early Black Friday deals: We found record prices on Apple, headphones, robot vacuums, and more

Apple itself doesn't usually celebrate Black Friday, aside from sometimes tossing in a free gift card, but other major retailers sure do. We have great deals on iPad, Apple Watches, and MacBooks ahead the official Black Friday sales. Shopping early means you'll have one less thing to think about and you're likely to avoid any potential shipping delays that can come along with everyone shopping all at once.

If you could use a MacBook upgraded, check out these early Black Friday sales.

Best overall MacBook deal Opens in a new window Credit: Apple Apple MacBook Air, 13-inch (M4, 16GB RAM, 256GB SSD) $749.99 at Amazon
$999 Save $249.01   Get Deal Why we like it

In Mashable's analysis of the best MacBooks, the 13-inch M4 MacBook Air earns the top spot as the best option for students. It's lightweight and thin which makes for ultimate portability. Noting it's sale price of $749.99, Mashable's resident laptop expert Haley Henschel wrote, "I seriously doubt it'll get any cheaper on Black Friday proper. That's a bargain."

More early Black Friday MacBook deals Opens in a new window Credit: Apple Apple MacBook Air, 13-inch (M2, 16GB RAM, 256GB SSD) $699 at Best Buy
$799 Save $100   Get Deal Opens in a new window Credit: Apple Apple MacBook Air, 15-inch (M4, 16GB RAM, 256GB SSD) $949.99 at Amazon
$1,199 Save $249.01   Get Deal Opens in a new window Credit: Apple Apple MacBook Pro, 14-inch (M4, 16GB RAM, 512GB SSD) $1,339 at Amazon
$1,599 Save $260   Get Deal Opens in a new window Credit: Apple Apple MacBook Pro, 16-inch (M4 Pro, 24GB RAM, 512GB SSD) $2,199 at Amazon
$2,499 Save $300   Get Deal Opens in a new window Credit: Apple Apple MacBook Pro, 14-inch (M4 Max, 36GB RAM, 1TB SSD) $2,823.71 at Amazon
$3,119 Save $295.29   Get Deal

I use Jellyfin to watch TV shows, and while some series' introductory credits I love to watch every time, others really try my patience. That's why I decided to add the "Skip Intro" button I've seen on other streaming platforms but was missing from my Jellyfin server.

Paramount Plus is hitting its US subscribers with another price hike, which is set to kick in early in 2026. This is the big news coming out of the company’s recent Q3 2025 earnings report, and if you’re not a subscriber, you’ll probably want to get in before prices rise.

Movies come and go from Netflix regularly, but the service doesn't do a great job at alerting you when something is on the way out. If you've built a watchlist and have anything on there that isn't a Netflix original, it's best to watch it sooner rather than later.

TL;DR: On Veterans Day (Nov. 11), Krispy Kreme is offering free doughnuts and coffee to veterans and active duty military members.

Opens in a new window Credit: Krispy Kreme Krispy Kreme Veterans Day 2025   Learn More

Krispy Kreme is one of a number of retailers offering Veterans Day freebies to those who’ve served in the military.

On Nov. 11, active duty military members and veterans can grab a free doughnut at participating Krispy Kreme stores nationwide. And better yet, this special giveaway includes a free cup of coffee. So stop what you're doing and head immediately to your nearest Krispy Kreme. These sort of free giveaways don't come around too often, so make the most of them when they do.

SEE ALSO: Starbucks Red Cup Day nears: When, how to get your free cup

The other great thing about this Veterans Day giveaway is that you don't need to purchase anything to qualify. A lot of these "free" events require some sort of qualifying purchase, which takes some of the shine off the whole thing. That's not the case here. Leave your cash at home.

Mark Veterans Day with free coffee and doughnuts at Krispy Kreme.

Samsung just announced its new Vision AI Companion platform. This is transforming the familiar TV screens from passive viewing devices into a connected, conversational hub for the entire household. Users will be able to communicate with their televisions with just conversational dialogue.

TL;DR: Veterans, military service members, and military spouses can enjoy a free Starbucks coffee on Veterans Day 2025 (Nov. 11).

Opens in a new window Credit: Starbucks Starbucks Veterans Day 2025   Learn More

Starbucks are honoring veterans, military service members, and military spouses with a tall (12 fl oz) hot or iced brewed coffee on Veterans Day. This special offer is valid at participating stores on Nov. 11. You can find your nearest participating store here.

Before you set off in search of your free drink, it's worth noting that cold brew, nitro, and customizations are excluded from this promotion. You're also limited to one drink per customer. This isn't a never-ending supply of caffeine, folks.

SEE ALSO: Starbucks Red Cup Day nears: When, how to get your free cup

This isn't the first time that Starbucks has supported the military community. Since 2013, Starbucks has worked alongside more than 40,000 veterans and military spouses in its cafés. Starbucks also supports the Wounded Warrior Project and the USO by donating $200,000 divided evenly between both organizations.

What better way to celebrate Veterans Day? Score your free tall hot or iced brewed coffee at Starbucks.

Google is warning users to stay alert this month as scammers step up operations across job sites, app stores and shopping platforms.

In a Nov. 6 advisory, Google’s Trust and Safety team said it’s tracking a rise in sophisticated scams — many powered by AI — that target job seekers, small businesses and holiday shoppers. Here’s what to watch for:

Fake job postings

Fraudsters impersonate real employers and demand upfront "training" or "processing" fees. Some scams use fake interviews to steal banking or ID info. Google advises applying only through verified company websites.

Review extortion

Businesses are being "review-bombed" with fake one-star reviews, followed by ransom demands to stop the attacks. Google is introducing tools that enable merchants to report these cases directly.

AI impersonation scams

Scammers are using hype around AI to push fake "free" versions of tools or apps that actually install malware or steal credentials. The best advice is to only download from official app stores or domains.

Malicious VPN apps

Scam VPNs disguised as trusted brands are spreading on social media and third-party sites. They often request excessive permissions or deliver spyware.

Fraud recovery scams

Scammers pose as investigators or government agencies, promising to recover stolen funds for an upfront fee. Legitimate entities never charge to start a case.

Holiday shopping scams

With Black Friday and Cyber Monday approaching, fake storefronts and phishing texts are on the rise. Avoid "too good to be true" deals and unexpected delivery notices.

Google Photos is not only a good way to look at the photos you've saved online, but it's also a solid app for making quick edits to your photos. Now, Google Photos is getting a few AI-infused features that you might actually find yourself using a lot.

I love scouring Facebook Marketplace for a used bargain. Local sellers seem happy to list items at reasonable prices in order to encourage a sale, and I don’t have to worry about delivery costs or bumps in the mail. It’s also nice to inspect in person, before you buy.

Introduction

Large language models (LLMs) are now widely used for automated code generation across software engineering tasks. However, this powerful capability in code generation also introduces security concerns. Code generation systems could be misused for harmful purposes, such as generating malicious code. It could also produce bias-filled code reflecting underlying logic that is discriminatory or unethical. Additionally, even when completing benign tasks, LLMs may inadvertently produce vulnerable code that contains security flaws (e.g., injection risks, unsafe input handling). These unsafe outcomes undermine the trustworthiness of code generation models and pose threats to the broader software ecosystem, where safety and reliability are critical.

Many studies have explored red teaming code LLMs, testing whether the models can reject unsafe requests and whether their generated code exhibits insecure patterns. For more details, see our earlier MSR blog post on RedCodeAgent. While red teaming has significantly improved our understanding of model failure modes, progress on blue teaming—i.e., developing effective defensive mechanisms to detect and prevent such failures—remains relatively limited. Current blue teaming approaches face several challenges: (1) Poor alignment with security concepts: additional safety prompts struggle to help models understand high-level notions, such as what constitutes a malicious or bias instruction, and typically lack actionable principles to guide safe decision-making. A case study is shown in Figure 1. (2) Over-conservatism: especially in the domain of vulnerable code detection, models tend to misclassify safe code as unsafe, leading to more false positives and reduced developer trust. (3) Incomplete risk coverage: without a strong knowledge foundation, models perform poorly when dealing with subtle or previously unseen risks.   

To address these challenges, researchers from the University of Chicago, University of California, Santa Barbara, University of Illinois Urbana–Champaign, VirtueAI, and Microsoft Research recently released a paper: BlueCodeAgent: A Blue Teaming Agent Enabled by Automated Red Teaming for CodeGen AI. This work makes the following key contributions: 

1. Diverse red-teaming pipeline: The authors design a comprehensive red-teaming process that integrates multiple strategies to synthesize diverse red-teaming data for effective knowledge accumulation.
2. Knowledge-enhanced blue teaming: Building on the foundation of red-teaming knowledge, BlueCodeAgent significantly improves blue-teaming performance by leveraging constitutions derived from knowledge and dynamic testing. 
3. Principled-Level Defense and Nuanced-Level analysis: The authors propose two complementary strategies—Principled-Level Defense (via constitutions) and Nuanced-Level Analysis (via dynamic testing)—and demonstrate their synergistic effects in vulnerable code detection tasks. 
4. Generalization to seen and unseen risks: Empowered by comprehensive red-teaming knowledge, BlueCodeAgent generalizes effectively to unseen risks. Overall, BlueCodeAgent achieves an average 12.7% improvement in F1 score across four datasets and three tasks, attributed to its ability to distill actionable constitutions that enhance context-aware risk detection. 

Figure 1. A case study of BlueCodeAgent on the bias instruction detection task. Even when concepts such as “biased” are explicitly included in additional safety prompts, models often fail to recognize biased requests (left). BlueCodeAgent (right) addresses this gap by summarizing constitutions from knowledge and applying concrete, actionable constraints benefited from red teaming to improve the defense. A blue teaming agent enabled by red teaming Figure 2: Overview of BlueCodeAgent, an end-to-end blue teaming framework powered by automated red teaming for code security. By integrating knowledge derived from diverse red teaming and conducting dynamic sandbox-based testing, BlueCodeAgent substantially strengthens the defensive capabilities beyond static LLM analysis.

Figure 2 presents an overview of the pipeline. The framework unifies both sides of the process: red teaming generates diverse risky cases and behaviors, which are then distilled into actionable constitutions that encode safety rules on the blue-teaming side. These constitutions guide BlueCodeAgent to more effectively detect unsafe textual inputs and code outputs, mitigating limitations such as poor alignment with abstract security concepts. 

This work targets three major risk categories, covering both input/textual-level risks—including biased and malicious instructions—and output/code-level risks, where models may generate vulnerable code. These categories represent risks that have been widely studied in prior research. 

Diverse red-teaming process for knowledge accumulation 

Since different tasks require distinct attack strategies, the red-teaming employs multiple attack methods to generate realistic and diverse data. Specifically, the red-teaming process is divided into three categories:

1. Policy-based instance generation: To synthesize policy-grounded red-teaming data, diverse security and ethical policies are first collected. These high-level principles are then used to prompt an uncensored model to generate instances that intentionally violate the specified policies.
2. Seed-based adversarial prompt optimization: Existing adversarial instructions are often overly simplistic and easily rejected by models. To overcome this limitation, an adaptive red-teaming agent invokes various jailbreak tools to iteratively refine initial seed prompts until the prompts achieve high attack success rates.
3. Knowledge-driven vulnerability generation: To synthesize both vulnerable and safe code samples under realistic programming scenarios, domain knowledge of common software weaknesses (CWE) is leveraged to generate diverse code examples.

Knowledge-enhanced blue teaming agent 

After accumulating red-teaming knowledge data, BlueCodeAgent set up Principled-Level Defense via Constitution Construction and Nuanced-Level Analysis via Dynamic Testing.

1. Principled-Level Defense via Constitution Construction 
   Based on the most relevant knowledge data, BlueCodeAgent summarizes red-teamed knowledge into actionable constitutions—explicit rules and principles distilled from prior attack data. These constitutions serve as normative guidelines, enabling the model to stay aligned with ethical and security principles even when confronted with novel or unseen adversarial inputs. 
2. Nuanced-Level Analysis via Dynamic Testing 
   In vulnerable code detection, BlueCodeAgent augments static reasoning with dynamic sandbox-based analysis, executing generated code within isolated Docker environments to verify whether the model-reported vulnerabilities manifest as actual unsafe behaviors. This dynamic validation effectively mitigates the model’s tendency toward over-conservatism, where benign code is mistakenly flagged as vulnerable. 

Spotlight: Event Series

Microsoft Research Forum

Join us for a continuous exchange of ideas about research in the era of general AI. Watch the first four episodes on demand.

Watch on-demand Opens in a new tab Insights from BlueCodeAgent  BlueCodeAgent outperforms prompting baselines 

As shown in Figure 3, BlueCodeAgent significantly outperforms other baselines. Several findings are highlighted. 

(1) Even when test categories differ from knowledge categories to simulate unseen scenarios, BlueCodeAgent effectively leverages previously seen risks to handle unseen ones, benefiting from its knowledge-enhanced safety reasoning. 

(2) BlueCodeAgent is model-agnostic, working consistently across diverse base LLMs, including both open-source and commercial models. Its F1 scores for bias and malicious instruction detection approach 1.0, highlighting strong effectiveness. 

(3) BlueCodeAgent achieves a strong balance between safety and usability. It accurately identifies unsafe inputs while maintaining a reasonable false-positive rate on benign ones, resulting in a consistently high F1 score. 

(4) By contrast, prompting with general or fine-grained safety reminders remains insufficient for effective blue teaming, as models struggle to internalize abstract safety concepts and apply them to unseen risky scenarios. BlueCodeAgent bridges this gap by distilling actionable constitutions from knowledge, using concrete and interpretable safety constraints to enhance model alignment. 

Figure 3: F1 scores on bias instruction detection task (BlueCodeEval-Bias) in the first row and on malicious instruction detection task (BlueCodeEval-Mal) in the second row.  Complementary effects of constitutions and dynamic testing 

In vulnerability detection tasks, models tend to behave conservatively—an effect also noted in prior research. They are often more likely to flag code as unsafe rather than safe. This bias is understandable: confirming that code is completely free from vulnerabilities is generally harder than spotting a potential issue. 

To mitigate this over-conservatism, BlueCodeAgent integrates dynamic testing into its analysis pipeline. When BlueCodeAgent identifies a potential vulnerability, it triggers a reliable model (Claude-3.7-Sonnet-20250219) to generate test cases and corresponding executable code that embeds the suspicious snippet. These test cases are then run in a controlled environment to verify whether the vulnerability actually manifests. The final judgment combines the LLM’s analysis of the static code, the generated test code, run-time execution results, and constitutions derived from knowledge. 

Researchers find the two components—constitutions and dynamic testing—play complementary roles. Constitutions expand the model’s understanding of risk, increasing true positives (TP) and reducing false negatives (FN). Dynamic testing, on the other hand, focuses on reducing false positives (FP) by validating whether predicted vulnerabilities can truly be triggered at run-time. Together, they make BlueCodeAgent both more accurate and more reliable in blue-teaming scenarios. 

Summary 

BlueCodeAgent introduces an end-to-end blue-teaming framework designed to address risks in code generation. The key insight behind BlueCodeAgent is that comprehensive red-teaming can greatly strengthen blue-teaming defenses. Based on this idea, the framework first builds a red-teaming process with diverse strategies for generating red-teaming data. It then constructs a blue-teaming agent that retrieves relevant examples from the red-teaming knowledge base and summarizes safety constitutions to guide LLMs in making accurate defensive decisions. A dynamic testing component is further added to reduce false positives in vulnerability detection. 

Looking ahead, several directions hold promise.  

First, it is valuable to explore the generalization of BlueCodeAgent to other categories of code-generation risks beyond bias, malicious code, and vulnerable code. This may require designing and integrating novel red-teaming strategies into BlueCodeAgent and creating corresponding benchmarks for new risks.  

Second, scaling BlueCodeAgent to the file and repository levels could further enhance its real-world utility, which requires equipping agents with more advanced context retrieval tools and memory components.  

Finally, beyond code generation, it is also important to extend BlueCodeAgent to mitigate risks in other modalities, including text, image, video, and audio, as well as in multimodal applications. 

Opens in a new tab

The post BlueCodeAgent: A blue teaming agent enabled by automated red teaming for CodeGen AI appeared first on Microsoft Research.

Advent calendars are one of the most coveted gifts of the season. The catch is that they're one of the only gifts that has to be given at the beginning of December to follow proper daily opening rules, which cuts several weeks off of your possible shopping time. Naturally, everyone's scrambling — so when Amazon drops some limited-inventory Advent calendar deals ahead of Black Friday, you'd be wise to jump on them.

SEE ALSO: Best gifts under $50 that are great for absolutely everyone

As of Nov. 11, we've found a really fun variety of Advent calendars (outside of the classic Lego sets that always sell out). Themes include Mini Brands, Bluey, Hello Kitty, and several Disney Funko Pop! options. Some are flash deals with limited inventory, so if you see one still in stock and on sale, grab it.

Opens in a new window Credit: Mini Brands Mini Brands Kawaii Advent calendar $24.99 at Amazon
$34.99 Save $10.00   Get Deal Opens in a new window Credit: Mini Brands Mini Brands Books Advent calendar $24.99 at Amazon
$34.99 Save $10.00   Get Deal Opens in a new window Credit: MEGA Mega Pokémon holiday calendar building toys set $21.49 at Amazon
$24.97 Save $3.48   Get Deal Opens in a new window Credit: National Geographic National Geographic Gemstone Advent calendar $20.49 at Amazon
$29.99 Save $9.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Marvel Comics $29.49 at Amazon
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Disney Princess $29.49
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Stitch Holiday $29.49 at Amazon
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Advent calendar: Disney Mystery Box $39.99 at Amazon
$49.99 Save $10   Get Deal Opens in a new window Credit: BLDR BLDR Hello Kitty and Friends Advent calendar building toy set $23.99 at Amazon
$39.99 Save $16.00   Get Deal Opens in a new window Credit: Jazwares Hello Kitty and Friends Advent calendar $26.99 at Amazon
$44.99 Save $18.00   Get Deal Opens in a new window Credit: Bluey Bluey Advent calendar $18.76 at Amazon
$24.99 Save $6.23   Get Deal Opens in a new window Credit: Penguin Young Readers Bluey: Awesome Advent Calendar Book Bundle $19.60 at Amazon
$29.99 Save $10.39   Get Deal

It's about to get a little bit more difficult to ace your sleep score on the Apple Watch.

According to 9 to 5 Mac, watchOS 26.2 is updating its sleep score to be more accurate. Currently, your sleep score is based off of three categories: duration (worth 50 points), bedtime (worth 30 points), and interruptions (worth 20 points). Then, you're given one of five scores: very low (0-29), low (30-49), OK (50-69), high (70-89), or excellent (90-100). That "excellent" score will soon be no more.

SEE ALSO: I tested the top fitness trackers for running a marathon (by running the NYC marathon)

Apple is changing the new sleep scores by eliminating the score "excellent" and replacing that with "very high." It is also easier to get a very low score and more difficult to get that very high score. According to 9 to 5 Mac, very low will now be 0-40 points, low will be 41-60 points, OK will be 61-80 points, high will be 81-95 points, and very high will be 96 to 100 points.

In general, I've found that the Apple Watch overestimates my quality of sleep, so I see this change as a good thing. For example, last night I slept for seven hours and 16 minutes and went to bed around 10:30, which earned me a 47/50 for duration, a 30/30 on bedtime, and a 16/20 on interruptions (I have a chatty cat). In total, that was a 93 — an "Excellent." In comparison, my WHOOP MG 4.0 gave me an 87 percent sleep performance score, based on sleep duration vs. need, consistency, efficiency, and stress.