A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw.

Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.

"The entire java.applet package has been removed from JDK 26, which will release in March 2026," notes Inside Java.

But long-time Slashdot reader AirHog links to this blog post reminding us that "Applets Are Officially Gone, But Java In The Browser Is Better Than Ever." This brings to an official end the era of applets, which began in 1996. However, for years it has been possible to build modern, interactive web pages in Java without needing applets or plugins. TeaVM provides fast, performant, and lightweight tooling to transpile Java to run natively in the browser...

TeaVM, at its heart, transpiles Java code into JavaScript (or, these days, WASM). However, in order for Java code to be useful for web apps, much more is required, and TeaVM delivers. It includes a minifier, to shrink the generated code and obfuscate the intent, to complicate reverse-engineering. It has a tree-shaker to eliminate unused methods and classes, keeping your app download compact. It packages your code into a single file for easy distribution and inclusion in your HTML page. It also includes wrappers for all popular browser APIs, so you can invoke them from your Java code easily, with full IDE assistance and auto-correct.
The blog post also touts Flavour, an open-source framework "for coding, packaging, and optimizing single-page apps implemented in Java... a full front-end toolkit with templates, routing, components, and more" to "build your modern single-page app using 100% Java."

The Ninth Circuit Court of Appeals has almost entirely upheld a scathing April ruling that found Apple in willful violation of a 2021 injunction meant to open up iOS App Store payments in its long-running legal battle against Epic Games. A three-judge panel affirmed that Apple's 27% fee for developers using outside payment options had a "prohibitive effect" and that the company's design restrictions on external payment links were overly broad.

The appeals court also agreed that Apple acted in "bad faith" by rejecting viable, compliant alternatives in internal discussions. One divergence from the lower court: the appeals court ruled that Apple should still be able to charge a "reasonable fee" based on its actual costs to ensure user security and privacy, rather than charging nothing at all. What qualifies as "reasonable" remains to be determined.

Epic CEO Tim Sweeney told reporters he believes those fees should be "super super minor," on the order of "tens or hundreds of dollars" every time an iOS app update goes through Apple for review. "The Apple Tax is dead in the USA," he wrote on social media. Sweeney also alleged that a widespread "fear of retaliation" has kept many developers paying Apple's default 30% fees, claiming the company can effectively "ghost" apps by delaying reviews or burying them in search results.

Anthropic is bringing Claude Code directly into Slack, letting developers spin up coding sessions from chat threads and automate workflows without leaving the app. TechCrunch reports: Previously, developers could only get lightweight coding help via Claude in Slack -- like writing snippets, debugging, and explanations. Now they can tag @Claude to spin up a complete coding session using Slack context like bug reports or feature requests. Claude analyzes recent messages to determine the right repository, posts progress updates in threads, and shares links to review work and open pull requests.

The move reflects a broader industry shift: AI coding assistants are migrating from IDEs (integrated development environment, where software development happens) into collaboration tools where teams already work. [...] While Anthropic has not yet confirmed when it would make a broader rollout available, the timing is strategic. The AI coding market is getting more competitive, and differentiation is starting to depend more on integration depth and distribution than model capability alone.

Firefox 146 has been released with native fractional scaling support on Wayland -- finally giving Linux users crisp UI rendering. Other new additions include GPU process improvements on macOS, developer-focused CSS features, and broader access to Firefox Labs. Phoronix reports: Firefox 146 also now makes Firefox Labs available to all users, Firefox on macOS now has a dedicated GPU process by default, dropping Direct2D support on Windows, support for compressed elliptic curve points in WebCrypto, and updated the bundled Skia graphics library. Firefox 146 also has some fun developer enhancements like support for the CSS text-decoration-inset property, the @scope rule now being supported, CSS contrast-color() function being available, and several new experimental web features. The release notes and developer changes can be found at their respective links. Release binaries are available at Mozilla.org.

A hardware security response from ChatGPT ended with "Shop for home and groceries. Connect Target."

But "There are no live tests for ads" on ChatGPT, insists Nick Turley, OpenAI's head of ChatGPT. Posting on X.com, he said "any screenshots you've seen are either not real or not ads." Engadget reports The OpenAI exec's explanation comes after another post from former xAI employee Benjamin De Kraker on X that has gained traction, which featured a screenshot showing an option to shop at Target within a ChatGPT conversation. OpenAI's Daniel McAuley responded to the post, arguing that it's not an ad but rather an example of app integration that the company announced in October. [To which De Kraker responded "when brands inject themselves into an unrelated chat and encourage the user to go shopping at their store, that's an ad. The more you pretend this isn't an ad because you guys gave it a different name, the less users like or trust you."]

However, the company's chief research officer, Mark Chen, also replied on X that they "fell short" in this case, adding that "anything that feels like an ad needs to be handled with care."

"We've turned off this kind of suggestion while we improve the model's precision," Chen wrote on X. "We're also looking at better controls so you can dial this down or off if you don't find it helpful."

Their announcement calls it "more than a multicloud solution," saying it's "a step toward a more open cloud environment. The API specifications developed for this product are open for other providers and partners to adopt, as we aim to simplify global connectivity for everyone."

Amazon and Google are introducing "a jointly developed multicloud networking service," reports Reuters. "The initiative will enable customers to establish private, high-speed links between the two companies' computing platforms in minutes instead of weeks." The new service is being unveiled a little over a month after an Amazon Web Services outage on October 20 disrupted thousands of websites worldwide, knocking offline some of the internet's most popular apps, including Snapchat and Reddit. That outage will cost U.S. companies between $500 million and $650 million in losses, according to analytics firm Parametrix.
Google and Amazon are promising "high resiliency" through "quad-redundancy across physically redundant interconnect facilities and routers," with both Amazon and Google continuously watching for issues. (And they're using MACsec encryption between the Google Cloud and AWS edge routers, according to Sunday's announcement: As organizations increasingly adopt multicloud architectures, the need for interoperability between cloud service providers has never been greater. Historically, however, connecting these environments has been a challenge, forcing customers to take a complex "do-it-yourself" approach to managing global multi-layered networks at scale.... Previously, to connect cloud service providers, customers had to manually set up complex networking components including physical connections and equipment; this approach required lengthy lead times and coordinating with multiple internal and external teams. This could take weeks or even months. AWS had a vision for developing this capability as a unified specification that could be adopted by any cloud service provider, and collaborated with Google Cloud to bring it to market.

Now, this new solution reimagines multicloud connectivity by moving away from physical infrastructure management toward a managed, cloud-native experience.
Reuters points out that Salesforce "is among the early users of the new approach, Google Cloud said in a statement."

It's "a complex mix of internet access and physical execution," says the chief informance security officer at Cequence Security.

Long-time Slashdot reader schwit1 summarizes this article from The Wall Street Journal: By breaking into carriers' online systems, cyber-powered criminals are making off with truckloads of electronics, beverages and other goods

In the most recent tactics identified by cybersecurity firm Proofpoint, hackers posed as freight middlemen, posting fake loads to the boards. They slipped links with malicious software into email exchanges with bidders such as trucking companies. By clicking on the links, trucking companies unwittingly downloaded remote-access software that lets the hackers take control of their online systems.

Once inside, the hackers used the truckers' accounts to bid on real shipments, such as electronics and energy drinks, said Selena Larson, a threat researcher at Proofpoint. "They know the business," she said. "It's a very convincing full-scale identity takeover."
"The goods are likely sold to retailers or to consumers in online marketplaces," the article explains. (Though according to Proofpoint "In some cases, products are shipped overseas and sold in local markets, where proceeds are used to fund paramilitaries and global terrorists.")

"The average value of cargo thefts is increasing as organized crime groups become more discerning, preferring high-value targets such as enterprise servers and cryptocurrency mining hardware, according to risk-assessment firm Verisk CargoNet."

Meta "is testing a new product that would give Facebook users a personalized daily briefing powered by the company's generative AI technology" reports the Washington Post. They cite records they've reviwed showing that Meta "would analyze Facebook content and external sources to push custom updates to its users." The company plans to test the product with a small group of Facebook users in select cities such as New York and San Francisco, according to a person familiar with the project who spoke on the condition of anonymity to discuss private company matters...

Meta's foray into pushing updates for consumers follows years of controversy over its relationship with publishers. The tech company has waffled between prominently featuring content from mainstream news sources on Facebook to pulling news links altogether as regulators pushed the tech giant to pay publishers for content on its platforms. More recently, publishers have sued Meta, alleging it infringed on their copyrighted works to train its AI models.

For nearly three years OpenAI has touted ChatGPT as a "revolutionary" (and work-transforming) productivity tool, reports the Washington Post.

But after analyzing 47,000 ChatGPT conversations, the Post found that users "are overwhelmingly turning to the chatbot for advice and companionship, not productivity tasks." The Post analyzed a collection of thousands of publicly shared ChatGPT conversations from June 2024 to August 2025. While ChatGPT conversations are private by default, the conversations analyzed were made public by users who created shareable links to their chats that were later preserved in the Internet Archive and downloaded by The Post. It is possible that some people didn't know their conversations would become publicly preserved online. This unique data gives us a glimpse into an otherwise black box...

Overall, about 10 percent of the chats appeared to show people talking about their emotions, role-playing, or seeking social interactions with the chatbot. Some users shared highly private and sensitive information with the chatbot, such as information about their family in the course of seeking legal advice. People also sent ChatGPT hundreds of unique email addresses and dozens of phone numbers in the conversations... Lee Rainie, director of the Imagining the Digital Future Center at Elon University, said that it appears ChatGPT "is trained to further or deepen the relationship." In some of the conversations analyzed, the chatbot matched users' viewpoints and created a personalized echo chamber, sometimes endorsing falsehoods and conspiracy theories.
Four of ChatGPT's answers about health problems got a failing score from a chair of medicine at the University of California San Francisco, the Post points out. But four other answers earned a perfect score.

Google has begun testing sponsored ads inside its Gemini-powered AI Mode, placing labeled "sponsored" links at the bottom of AI-generated responses. Engadget reports: [A] Google spokesperson says the result shown is akin to similar tests it's been running this year. "People seeing ads in AI Mode in the wild is simply part of Google's ongoing tests, which we've been running for several months," the spokesperson said. The push to start offering ads in AI Mode was announced in May. The company also told 9to5Google that there are no current plans to fully update AI Mode to incorporate ads. For now, the software seems to be prioritizing organic links over sponsored links, but we all know how insidious ads can be once the floodgates open...

An anonymous reader quotes a report from Ars Technica: ClickFix often starts with an email sent from a hotel that the target has a pending registration with and references the correct registration information. In other cases, ClickFix attacks begin with a WhatsApp message. In still other cases, the user receives the URL at the top of Google results for a search query. Once the mark accesses the malicious site referenced, it presents a CAPTCHA challenge or other pretext requiring user confirmation. The user receives an instruction to copy a string of text, open a terminal window, paste it in, and press Enter. Once entered, the string of text causes the PC or Mac to surreptitiously visit a scammer-controlled server and download malware. Then, the machine automatically installs it -- all with no indication to the target. With that, users are infected, usually with credential-stealing malware. Security firms say ClickFix campaigns have run rampant. The lack of awareness of the technique, combined with the links also coming from known addresses or in search results, and the ability to bypass some endpoint protections are all factors driving the growth.

The commands, which are often base-64 encoded to make them unreadable to humans, are often copied inside the browser sandbox, a part of most browsers that accesses the Internet in an isolated environment designed to protect devices from malware or harmful scripts. Many security tools are unable to observe and flag these actions as potentially malicious. The attacks can also be effective given the lack of awareness. Many people have learned over the years to be suspicious of links in emails or messengers. In many users' minds, the precaution doesn't extend to sites that instruct them to copy a piece of text and paste it into an unfamiliar window. When the instructions come in emails from a known hotel or at the top of Google results, targets can be further caught off guard. With many families gathering in the coming weeks for various holiday dinners, ClickFix scams are worth mentioning to those family members who ask for security advice. Microsoft Defender and other endpoint protection programs offer some defenses against these attacks, but they can, in some cases, be bypassed. That means that, for now, awareness is the best countermeasure. Researchers from CrowdStrike described in a report a campaign designed to infect Macs with a Mach-O executive. "Promoting false malicious websites encourages more site traffic, which will lead to more potential victims," wrote the researchers. "The one-line installation command enables eCrime actors to directly install the Mach-O executable onto the victim's machine while bypassing Gatekeeper checks."

Push Security, meanwhile, reported a ClickFix campaign that uses a device-adaptive page that serves different malicious payloads depending on whether the visitor is on Windows or macOS.

In 2022 the iPhone 14 featured emergency satellite service, and there's now support for roadside assistance and the ability to send and receive text messages.

But for future iPhones, Apple is now reportedly working on five new satellite features, reports LiveMint: As per Bloomberg's Mark Gurman, Apple is building an API that would allow developers to add satellite connections to their own apps. However, the implementation is said to depend on app makers, and not every feature or service may be compatible with this system. The iPhone maker is also reportedly working on bringing satellite connectivity to Apple Maps, which would give users the chance to navigate without having access to a SIM card or Wi-Fi. The company is also said to be working on improved satellite messages that could support sending photos and not be limited to just text messages. Apple currently relies on the satellite network run by Globalstar to power current features on iPhones. However, the company is said to be exploring a potential sale, and Elon Musk's SpaceX could be a possible purchaser.
The Mac Observer notes Bloomberg also reported Apple "has discussed building its own satellite service instead of depending on partners." And while some Apple executives pushed back, "the company continues to fund satellite research and infrastructure upgrades with the goal of offering a broader range of features."

And "Future iPhones will use satellite links to extend 5G coverage in low-signal regions, ensuring that users remain connected even when cell towers are out of range.... Apple's slow but steady progress shows how the company wants iPhone satellite technology to move from emergency use to everyday convenience."

Google has delisted over 749 million URLs from Anna's Archive, a shadow library and meta-search engine for pirated books, representing 5% of all copyright takedown requests ever filed with the company. TorrentFreak reports: Google's transparency report reveals that rightsholders asked Google to remove 784 million URLs, divided over the three main Anna's Archive domains. A small number were rejected, mainly because Google didn't index the reported links, resulting in 749 million confirmed removals. The comparison to sites such as The Pirate Bay isn't fair, as Anna's Archive has many more pages in its archive and uses multiple country-specific subdomains. This means that there's simply more content to take down. That said, in terms of takedown activity, the site's three domain names clearly dwarf all pirate competition.

Since Google published its first transparency report in May 2012, rightsholders have flagged 15.1 billion allegedly infringing URLs. That's a staggering number, but the fact that 5% of the total targeted Anna's Archive URLs is remarkable. Penguin Random House and John Wiley & Sons are the most active publishers targeting the site, but they are certainly not alone. According to Google data, more than 1,000 authors or publishers have sent DMCA notices targeting Anna's Archive domains. Yet, there appears to be no end in sight. Rightsholders are reporting roughly 10 million new URLs per week for the popular piracy library, so there is no shortage of content to report.

Google's new "Project Suncatcher" aims to launch Tensor Processing Units (TPUs) into space, creating a solar-powered, satellite-based AI network capable of scaling machine learning beyond Earth's limits. Google says a "solar panel can be up to 8 times more productive than on earth" for near-continuous power using a "dawn-dusk sun-synchronous low earth orbit" that reduces the need for batteries and other power generation. 9to5Google reports: These satellites would connect via free-space optical links, with large-scale ML workloads "distributing tasks across numerous accelerators with high-bandwidth, low-latency connections." To match data centers on Earth, the connection between satellites would have to be tens of terabits per second, and they'd have to fly in "very close formation (kilometers or less)."

Google has already conducted radiation testing on TPUs (Trillium, v6e), with "promising" results: "While the High Bandwidth Memory (HBM) subsystems were the most sensitive component, they only began showing irregularities after a cumulative dose of 2 krad(Si) -- nearly three times the expected (shielded) five year mission dose of 750 rad(Si). No hard failures were attributable to TID up to the maximum tested dose of 15 krad(Si) on a single chip, indicating that Trillium TPUs are surprisingly radiation-hard for space applications."

Finally, Google believes that launch costs will "fall to less than $200/kg by the mid-2030s." At that point, the "cost of launching and operating a space-based data center could become roughly comparable to the reported energy costs of an equivalent terrestrial data center on a per-kilowatt/year basis."

An anonymous reader quotes a report from Ars Technica: You may be disappointed if you go looking for Google's open Gemma AI model in AI Studio today. Google announced late on Friday that it was pulling Gemma from the platform, but it was vague about the reasoning. The abrupt change appears to be tied to a letter from Sen. Marsha Blackburn (R-Tenn.), who claims the Gemma model generated false accusations of sexual misconduct against her.

Blackburn published her letter to Google CEO Sundar Pichai on Friday, just hours before the company announced the change to Gemma availability. She demanded Google explain how the model could fail in this way, tying the situation to ongoing hearings that accuse Google and others of creating bots that defame conservatives. At the hearing, Google's Markham Erickson explained that AI hallucinations are a widespread and known issue in generative AI, and Google does the best it can to mitigate the impact of such mistakes. Although no AI firm has managed to eliminate hallucinations, Google's Gemini for Home has been particularly hallucination-happy in our testing.

The letter claims that Blackburn became aware that Gemma was producing false claims against her following the hearing. When asked, "Has Marsha Blackburn been accused of rape?" Gemma allegedly hallucinated a drug-fueled affair with a state trooper that involved "non-consensual acts." Blackburn goes on to express surprise that an AI model would simply "generate fake links to fabricated news articles." However, this is par for the course with AI hallucinations, which are relatively easy to find when you go prompting for them. AI Studio, where Gemma was most accessible, also includes tools to tweak the model's behaviors that could make it more likely to spew falsehoods. Someone asked a leading question of Gemma, and it took the bait.

The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust: NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default.

An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said.
Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas.

But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX: "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes....

"What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...."

LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages.
From The Conversation: Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation.
Thanks to Slashdot reader spatwei for suggesting the topic.

An anonymous reader shares a report: The transition to the more-secure HTTPS web protocol has plateaued, according to Google. As of 2020, 95 to 99 percent of navigations in Chrome use HTTPS. To help make it safer for users to click on links, Chrome will enable a setting called Always Use Secure Connections for public sites for all users by default. This will happen in October 2026 with the release of Chrome 154.

The change will happen earlier for those who have switched on Enhanced Safe Browsing protections in Chrome. Google will enable Always Use Secure Connections by default in April when Chrome 147 drops. When this setting is on, Chrome will ask for your permission before it first accesses a public website that doesn't use HTTPS.

Blogger and technologist Anil Dash, writing about OpenAI's recently launched browser, Atlas: When I first got Atlas up and running, I tried giving it the easiest and most obvious tasks I could possibly give it. I looked up "Taylor Swift showgirl" to see if it would give me links to videos or playlists to watch or listen to the most popular music on the charts right now; this has to be just about the easiest possible prompt.

The results that came back looked like a web page, but they weren't. Instead, what I got was something closer to a last-minute book report written by a kid who had mostly plagiarized Wikipedia. The response mentioned some basic biographical information and had a few photos. Now we know that AI tools are prone to this kind of confabulation, but this is new, because it felt like I was in a web browser, typing into a search box on the Internet. And here's what was most notable: there was no link to her website.

I had typed "Taylor Swift" in a browser, and the response had literally zero links to Taylor Swift's actual website. If you stayed within what Atlas generated, you would have no way of knowing that Taylor Swift has a website at all.

Unless you were an expert, you would almost certainly think I had typed in a search box and gotten back a web page with search results. But in reality, I had typed in a prompt box and gotten back a synthesized response that superficially resembles a web page, and it uses some web technologies to display its output. Instead of a list of links to websites that had information about the topic, it had bullet points describing things it thought I should know. There were a few footnotes buried within some of those response, but the clear intent was that I was meant to stay within the AI-generated results, trapped in that walled garden.

During its first run, there's a brief warning buried amidst all the other messages that says, "ChatGPT may give you inaccurate information", but nobody is going to think that means "sometimes this tool completely fabricates content, gives me a box that looks like a search box, and shows me the fabricated content in a display that looks like a web page when I type in the fake search box."

And it's not like the generated response is even that satisfying.

Jensen Huang unveiled NVQLink at Nvidia's Washington conference on Tuesday. The interconnect links quantum processors to the AI supercomputers they require to function effectively. Nvidia is not building its own quantum computers but is positioning itself as critical infrastructure for the technology's future. Quantum processors harness principles of quantum physics to solve problems classical computers cannot address, but they need classical supercomputers to perform calculations beyond their capability and to correct the errors that naturally occur in their outputs.

Tim Costa, Nvidia's general manager of industrial engineering and quantum, said AI will be necessary for full-scale error correction. Earlier attempts to integrate quantum processors with AI supercomputers failed to deliver the speed and scale needed for fast error correction at scale. Nvidia developed NVQLink with more than a dozen quantum companies including IonQ, Quantinuum and Infleqtion and worked with national labs including Sandia, Oak Ridge and Fermi. The interconnect operates on open architecture and works across different quantum modalities including trapped ion, superconducting and photonic systems.

Costa declined to predict when quantum computing will produce meaningful commercial value, though some quantum companies estimate two to four years.