AI costs how much? GitHub Copilot users react to new usage-based pricing system.

“Even though I was super cautious on the first day, trying it out with a limited number of uses, it still consumed 840 credits,” one user wrote of testing Claude Sonnet 4.6 through Copilot today. “I haven’t even done any really complex work yet,” another user complained after reported usage representing 21 percent of their monthly Pro Copilot subscription’s credit allotment in a single day. “I have a feeling I’ll be going somewhere else pretty soon.”

Using all 8,000 of your org’s monthly AI credits in a single day is… probably not sustainable.

Using all 8,000 of your org’s monthly AI credits in a single day is… probably not sustainable. Credit: gxjo / X

Amid the pricing change, plenty of GitHub Copilot users are predictably and publicly threatening to cancel their subscriptions or looking for other AI coding options. But others say they have been able to adjust to the new world of usage-based pricing. Coder Henri Kinnunen writes that they only burned 161 credits in a “productive day” of using GPT 5.3-Codex through Copilot, thanks to limiting themselves to “very focused and deliberate changes with AI.” Over on Bluesky, coder Neil Hewitt wisely noted that continuing a three-day-old chat session on Copilot probably isn’t as wise now, since it means sending “the entire chat history as context every time… hey, input tokens use credits… it’s not rocket science.”

While some Copilot users are jumping ship for other services with more generous usage limits, that kind of subsidized customer acquisition may soon give way to Copilot-style usage-based pricing across the industry. If that happens, LLMs that are more efficient with their tokens may win the economic battle; on Reddit, one user is already discussing how they’ve integrated Deepseek into their GitHub VSCode environment at a cost of only “about 7 cents for 15 million tokens.” While you might say “you get what you pay for,” some AI users are now contemplating a world where they also have to pay for what they get.

https://arstechnica.com/ai/2026/06/ai-costs-how-much-github-copilot-users-react-to-new-usage-based-pricing-system/




Microsoft’s Surface Laptop Ultra looks like its first true MacBook Pro competitor

Dell, Asus, Lenovo, HP, MSI, Acer, and Gigabyte are among the PC makers that are designing systems around Nvidia’s RTX Spark, Nvidia’s new Arm-based chip for Windows PCs. But the flagship RTX Spark PC may be from the same company that makes Windows: the new Microsoft Surface Laptop Ultra is a high-end RTX Spark system that will offer up to 128GB of unified memory for “creators, developers, and AI builders.”

Microsoft says the Laptop Ultra will be available “later this year” but didn’t discuss any specific pricing or configuration options.

The Laptop Ultra will slot in above the regular Qualcomm Snapdragon-based Surface Laptops in Microsoft’s lineup. Microsoft has made high-end Surface devices with more powerful CPUs and GPUs before, but to date, they’ve also come with convertible designs that may have limited their appeal. The first was the old Surface Book, with its fully detachable screen and bendy-straw hinge that didn’t close all the way; the second was the Surface Laptop Studio, with its chunky design and sliding screen. The Laptop Ultra is Microsoft’s first attempt to follow the MacBook Pro formula: it’s like the other Surface Laptops, just with more power.

Microsoft says the Laptop Ultra will include USB-A, USB-C, and HDMI ports, as well as an SD card slot and headphone jack. It’s said to include a haptic trackpad that’s “the largest we’ve ever put on a Surface.” A 15-inch PixelSense display offers up to 2,000 nits of peak brightness.

https://arstechnica.com/gadgets/2026/06/microsoft-surface-laptop-ultra-will-be-among-the-first-nvidia-rtx-spark-arm-pcs/




Pirates are already playing Forza Horizon 6 days before its launch

As of Monday, footage from Forza Horizon 6 can be seen in multiple YouTube videos and livestreams.

In March, an unencrypted copy of Death Stranding 2 was similarly uploaded to Steam days before the game’s PC release, leading almost immediately to its availability on piracy sites. But Death Stranding 2 had already been available for over a year on the PlayStation 5 when that leak happened, somewhat blunting its overall impact.

Back in 2018, the Denuvo copy protection for Hitman 2 was broken days before the game’s official launch date, thanks to the quick work of crackers working on an early access version made available to preorder customers.

The unprotected early upload could be a costly mistake for Microsoft, which is set to officially release Forza Horizon 6 on May 19 (or May 15 for those who pre-purchased the $120 Premium Edition). A 2024 study of Denuvo protection estimated that when a cracked version of a game is available within the first week of its release, it results an average 20 percent reduction in total revenue. While that study didn’t examine the impact of pre-release cracks, the potential economic impact is likely even higher.

https://arstechnica.com/gaming/2026/05/pirates-are-already-playing-forza-horizon-6-days-before-its-launch/




Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development framework to run Linux or macOS apps.

The software maker said Tuesday evening that the vulnerability, tracked as CVE-2026-40372, affects versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet, a package that’s part of the framework. The critical flaw stems from a faulty verification of cryptographic signatures. It can be exploited to allow unauthenticated attackers to forge authentication payloads during the HMAC validation process, which is used to verify the integrity and authenticity of data exchanged between a client and a server.

Beware: Forged credentials survive patching

During the time users ran a vulnerable version of the package, they were left open to an attack that would allow unauthenticated people to gain sensitive SYSTEM privileges that would allow full compromise of the underlying machine. Even after the vulnerability is patched, devices may still be compromised if authentication credentials created by a threat actor aren’t purged.

“If an attacker used forged payloads to authenticate as a privileged user during the vulnerable window, they may have induced the application to issue legitimately-signed tokens (session refresh, API key, password reset link, etc.) to themselves,” Microsoft said. “Those tokens remain valid after upgrading to 10.0.7 unless the DataProtection key ring is rotated.”

Microsoft describes ASP.NET Core as a “high-performance” web development framework for writing .Net apps that run on Windows, macOS, Linux, and Docker. The open-source package is “designed to allow runtime components, APIs, compilers, and languages [to] evolve quickly, while still providing a stable and supported platform to keep apps running.”

https://arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/




Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development framework to run Linux or macOS apps.

The software maker said Tuesday evening that the vulnerability, tracked as CVE-2026-40372, affects versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet, a package that’s part of the framework. The critical flaw stems from a faulty verification of cryptographic signatures. It can be exploited to allow unauthenticated attackers to forge authentication payloads during the HMAC validation process, which is used to verify the integrity and authenticity of data exchanged between a client and a server.

Beware: Forged credentials survive patching

During the time users ran a vulnerable version of the package, they were left open to an attack that would allow unauthenticated people to gain sensitive SYSTEM privileges that would allow full compromise of the underlying machine. Even after the vulnerability is patched, devices may still be compromised if authentication credentials created by a threat actor aren’t purged.

“If an attacker used forged payloads to authenticate as a privileged user during the vulnerable window, they may have induced the application to issue legitimately-signed tokens (session refresh, API key, password reset link, etc.) to themselves,” Microsoft said. “Those tokens remain valid after upgrading to 10.0.7 unless the DataProtection key ring is rotated.”

Microsoft describes ASP.NET Core as a “high-performance” web development framework for writing .Net apps that run on Windows, macOS, Linux, and Docker. The open-source package is “designed to allow runtime components, APIs, compilers, and languages [to] evolve quickly, while still providing a stable and supported platform to keep apps running.”

https://arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/




Satellite and drone images reveal big delays in US data center construction

Silicon Valley has been pouring hundreds of billions of dollars into building ever-larger AI data centers that require as much electricity as hundreds of thousands of US homes—but that massive buildout faces significant construction and power challenges along with growing local resistance. Now satellite imagery is showing that nearly 40 percent of US data center projects may fail to be completed this year as scheduled.

The Financial Times drew upon satellite imagery from the geospatial data analytics company SynMax showing how much progress has been made in clearing land and laying building foundations for each data center project. It also cross-checked project progress against public statements and permit documents compiled by the industry research group IIR Energy. The resulting analysis revealed how major projects from tech companies such as Microsoft, Oracle, and OpenAI are “likely to miss completion dates by more than three months.”

Interviews with more than a dozen industry executives highlighted data center delays caused by “chronic shortages of labor, power and equipment” along with the process of securing the necessary permits, according to the Financial Times. Construction executives involved with OpenAI projects specifically mentioned not having enough tradespeople, such as electricians and pipe fitters, to work on multiple data center projects.

The substantial power demand requirements of the planned data center buildout also represent a huge energy bottleneck, especially as utility companies struggle to build enough power generation and to expand the power infrastructure necessary to deliver more electricity. Tariffs on imported Chinese equipment such as transformers have only made the situation worse for Silicon Valley’s AI ambitions.

https://arstechnica.com/ai/2026/04/construction-delays-hit-40-of-us-data-centers-planned-for-2026/




Stellantis chiede a Microsoft di accelerare su AI e cybersecurity, al lavoro su 100 soluzioni

L’adozione dell’AI diventa strutturale nell’industria automobilistica, Stellantis rafforza la collaborazione con Microsoft

Nel pieno di una trasformazione strutturale che sta ridisegnando l’industria automobilistica globale, Stellantis annuncia la volontà di rafforzare la propria traiettoria verso la digitalizzazione con un accordo quinquennale con Microsoft focalizzato su intelligenza artificiale (AI), cybersicurezza e infrastrutture cloud. Più che un’alleanza tecnologica tradizionale (e già avviata da tempo), l’intesa si inserisce in un contesto in cui l’auto è ormai un sistema software-defined, esposto a nuove vulnerabilità ma anche a opportunità di innovazione lungo l’intera catena del valore.

L’elemento più rilevante dell’accordo riguarda il co-sviluppo di oltre 100 casi d’uso basati sull’intelligenza artificiale, distribuiti tra progettazione, produzione, servizi e relazione con il cliente.

L’adozione dell’AI diventa infrastrutturale, cioè non si limita più a funzioni sperimentali o di supporto: entra nei processi di ingegneria per accelerare sviluppo e validazione dei veicoli, nelle attività industriali per migliorare manutenzione e qualità, fino ai servizi digitali destinati agli utenti finali. In questo scenario, i dati generati dai veicoli connessi e dalle operations diventano la materia prima per modelli predittivi e sistemi decisionali automatizzati.

Questa evoluzione si inserisce in un mercato che sta rapidamente ampliando la propria dimensione economica e la propria esposizione ai rischi. Il comparto globale della cybersecurity automotive è stimato crescere dagli 8,3 miliardi di dollari del 2026 a oltre 17 miliardi nel 2034, con un tasso medio annuo vicino al 10%. Parallelamente, nel 2025 gli attacchi ransomware contro il settore automotive e della mobilità intelligente sono raddoppiati, spinti dall’aumento delle superfici di attacco legate a veicoli connessi, API cloud e aggiornamenti software over-the-air.

Un centro di cybersecurity basato sull’AI

È proprio su questo fronte che la collaborazione con Microsoft intende assumere una dimensione strategica. Secondo quanto comunicato sul sito, Stellantis punta a costruire un centro globale di cybersicurezza basato sull’AI, in grado di monitorare e proteggere in modo integrato sistemi IT, fabbriche, piattaforme digitali e veicoli.

L’obiettivo è passare da un approccio reattivo a uno predittivo, sfruttando algoritmi di machine learning per individuare anomalie e minacce in tempo reale. Una scelta che riflette anche le pressioni normative, in particolare in Europa, dove i regolamenti UNECE R155 e R156 impongono ai costruttori l’adozione di sistemi di gestione della sicurezza informatica e di aggiornamento software lungo l’intero ciclo di vita del veicolo.

Nel contesto europeo, l’integrazione tra AI e cybersecurity si sta consolidando anche per garantire la conformità ai requisiti normativi e alla protezione dei dati secondo il quadro GDPR. I sistemi di intrusion detection evoluti, alimentati da intelligenza artificiale, sono destinati a diventare componenti standard nei veicoli software-defined.

Negli Stati Uniti, invece, il quadro è più orientato alla gestione del rischio emergente: dopo diversi incidenti rilevati nel 2025, le autorità stanno spingendo verso linee guida per un uso sicuro dell’IA nei sistemi autonomi, mentre cresce l’adozione di tecnologie intelligenti in ambiti come ADAS e telematica.

La centralità del cloud e data center più sostenibili entro il 2029

Accanto alla sicurezza, l’altro pilastro dell’accordo riguarda la modernizzazione dell’infrastruttura digitale. Stellantis prevede una migrazione estesa verso il cloud Azure, con l’obiettivo di migliorare scalabilità, resilienza e velocità di distribuzione dei servizi digitali. Il dato più significativo è l’impegno a ridurre del 60% l’impatto dei data center entro il 2029, segnale di come la trasformazione cloud venga letta anche in chiave di sostenibilità operativa oltre che di efficienza.

La centralità del cloud è strettamente legata all’evoluzione del modello di business dell’automotive. La capacità di aggiornare i veicoli da remoto, introdurre nuove funzionalità software e gestire servizi digitali su scala globale richiede architetture distribuite e sicure. In questo senso, la convergenza tra piattaforme cloud e sistemi embedded nei veicoli rappresenta uno dei nodi più critici e strategici per i costruttori.

Nel complesso, la collaborazione tra Stellantis e Microsoft evidenzia come il settore automotive stia accelerando verso un modello sempre più simile a quello delle industrie tecnologiche. In un contesto di mercato segnato da margini compressi, transizione elettrica e crescente complessità regolatoria, la leva digitale (dall’IA alla cybersecurity fino al cloud) diventa un fattore determinante per sostenere competitività e resilienza.

Leggi le altre notizie sull’home page di Key4biz

https://www.key4biz.it/stellantis-chiede-a-microsoft-di-accelerare-su-ai-e-cybersecurity-al-lavoro-su-100-soluzioni/570090/




Nvidia rolls out its fix for PC gaming’s “compiling shaders” wait times

PC gamers who are tired of waiting for their games to “compile shaders” during some load times may want to dig into the latest beta version of the Nvidia App. Alongside new DLSS 4.5 Multi Frame Generation features, the app includes the beta rollout of a feature that allows your machine to automatically compile new shaders while it’s idle.

Nvidia’s new Auto Shader Compilation system promises to “reduc[e] the frequency of game runtime compilation after driver updates” for users running Nvidia’s GeForce Game Ready Driver 595.97 WHQL or later. When the feature is active and your machine is idle, the app will automatically start rebuilding DirectX drivers for your games so they’re all set to roll the next time they launch.

While the feature defaults to being turned off when the Nvidia App is first downloaded, users can activate it by going to the Graphics Tab > Global Settings > Shader Cache. There, they can set aside disk space for precompiled shaders and decide how many system resources the compilation process should use. App users can also manually force shader recompilation through the app rather than waiting for the machine to go idle.

https://arstechnica.com/gaming/2026/04/nvidias-new-app-lets-you-precompile-gaming-shaders-during-machine-idle-time/




Microsoft keeps insisting that it’s deeply committed to the quality of Windows 11

AI skeptics may also be cheered to hear that the company is pumping the brakes on Copilot, which has made its way into everything from the keyboard to the humble notepad.exe over the last few years (even as the standalone Copilot app’s appearance and capabilities have changed pretty dramatically from iteration to iteration). Davuluri said Microsoft would be “more intentional” about where Copilot appears and how it works and specifically promised to “[reduce unnecessary Copilot entry points, starting with apps like Snipping Tool, Photos, Widgets, and Notepad.”

Davuluri also said Microsoft would begin testing less-disruptive Windows updates that would give users more opportunities to (temporarily) skip them; a “faster and more dependable File Explorer,” “quieter defaults” for the Widgets pane, and better descriptions for the various Windows Insider Program channels and improved mechanisms for sending feedback to Microsoft.

Beyond these specific short-term changes, Davuluri also listed a broader laundry list of goals, including more reliable operation for Bluetooth and USB peripherals, faster and more accurate search, reduced memory usage, and improving responsiveness and performance for bedrock Windows components like the Start menu, taskbar, and File Explorer.

These are all nice-sounding promises, though the specifics will matter a lot—being “more intentional” about Copilot, for example, still leaves room for Microsoft to intentionally force it into each and every one of Windows’ built-in apps. And one major annoyance, the mandatory Microsoft Account sign-in requirement, isn’t mentioned anywhere in this post. But Microsoft at least seems to be moving in the right direction.

Windows 10 has remained enduringly popular despite its October 2025 end-of-support date, and one year of additional free-ish security updates has given people who want to keep Windows 10 a way to do so without exposing themselves to security holes. But we’re already nearly halfway through that year, which means a Windows 11 upgrade is probably in your future one way or another. Hopefully, Microsoft’s repeatedly professed commitment to quality means the OS will be more welcoming by the time October rolls around.

https://arstechnica.com/gadgets/2026/03/microsoft-keeps-insisting-that-its-deeply-committed-to-the-quality-of-windows-11/




Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway

The problem is that agencies often lack the staff and resources to do thorough reviews, which means the whole system is leaning on the claims of the cloud companies and the assessments of the third-party firms they pay to evaluate them. Under the current vision, critics say, FedRAMP has lost the plot.

“FedRAMP’s job is to watch the American people’s back when it comes to sharing their data with cloud companies,” said Mill, the former GSA official, who also co-authored the 2024 White House memo. “When there’s a security issue, the public doesn’t expect FedRAMP to say they’re just a paper-pusher.”

Meanwhile, at the Justice Department, officials are finding out what FedRAMP meant by the “unknown unknowns” in GCC High. Last year, for example, they discovered that Microsoft relied on China-based engineers to service their sensitive cloud systems despite the department’s prohibition against non-US citizens assisting with IT maintenance.

Officials learned about this arrangement—which was also used in GCC High—not from FedRAMP or from Microsoft but from a ProPublica investigation into the practice, according to the Justice employee who spoke with us.

A Microsoft spokesperson acknowledged that the written security plan for GCC High that the company submitted to the Justice Department did not mention foreign engineers, though he said Microsoft did communicate that information to Justice officials before 2020. Nevertheless, Microsoft has since ended its use of China-based engineers in government systems.

Former and current government officials worry about what other risks may be lurking in GCC High and beyond.

The GSA told ProPublica that, in general, “if there is credible evidence that a cloud service provider has made materially false representations, that matter is then appropriately referred to investigative authorities.”

Ironically, the ultimate arbiter of whether cloud providers or their third-party assessors are living up to their claims is the Justice Department itself. The recent indictment of the former Accenture employee suggests it is willing to use this power. In a court document, the Justice Department alleges that the ex-employee made “false and misleading representations” about the cloud platform’s security to help the company “obtain and maintain lucrative federal contracts.” She is also accused of trying to “influence and obstruct” Accenture’s third-party assessors by hiding the product’s deficiencies and telling others to conceal the “true state of the system” during demonstrations, the department said. She has pleaded not guilty.

There is no public indication that such a case has been brought against Microsoft or anyone involved in the GCC High authorization. The Justice Department declined to comment. Monaco, the deputy attorney general who launched the department’s initiative to pursue cybersecurity fraud cases, did not respond to requests for comment.

She left her government position in January 2025. Microsoft hired her to become its president of global affairs.

A company spokesperson said Monaco’s hiring complied with “all rules, regulations, and ethical standards” and that she “does not work on any federal government contracts or have oversight over or involvement with any of our dealings with the federal government.”

This story originally appeared on ProPublica. ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/