News

• Nord Quantique promises quantum power without the bulk or energy drain
• Traditional HPC may fall if Nord’s speed and energy claims prove real
• Cracking RSA-830 in an hour could transform cybersecurity forever

A quantum computing startup has announced plans to develop a utility-scale quantum computer with more than 1,000 logical qubits by 2031.

Nord Quantique has set an ambitious target which, if achieved, could signal a seismic shift in high-performance computing (HPC).

The company claims its machines are smaller and would offer far greater efficiency in both speed and energy consumption, thereby making traditional HPC systems obsolete.

Nord Quantique uses “multimode encoding” via a technique known as the Tesseract code, and this allows each physical cavity in the system to represent more than one quantum mode, effectively increasing redundancy and resilience without adding complexity or size.

“Multimode encoding allows us to build quantum computers with excellent error correction capabilities, but without the impediment of all those physical qubits,” explained Julien Camirand Lemyre, CEO of Nord Quantique.

“Beyond their smaller and more practical size, our machines will also consume a fraction of the energy, which makes them appealing for instance to HPC centers where energy costs are top of mind.”

Nord’s machines would occupy a mere 20 square meters, making them highly suitable for data center integration.

Compared to 1,000–20,000 m² needed by competing platforms, this portability further strengthens its case.

“These smaller systems are also simpler to develop to utility-scale due to their size and lower requirements for cryogenics and control electronics,” the company added.

The implication here is significant: better error correction without scaling physical infrastructure, a central bottleneck in the quantum race.

In a technical demonstration, Nord’s system exhibited excellent stability over 32 error correction cycles with no measurable decay in quantum information.

“Their approach of encoding logical qubits in multimode Tesseract states is a very effective method of addressing error correction and I am impressed with these results,” said Yvonne Gao, Assistant Professor at the National University of Singapore.

“They are an important step forward on the industry’s journey toward utility-scale quantum computing.”

Such endorsements lend credibility, but independent validation and repeatability remain critical for long-term trust.

Nord Quantique claims its system could solve RSA-830, a representative cryptographic challenge, in just one hour using 120 kWh of energy at 1 MHz speed, slashing the energy need by 99%.

In contrast, traditional HPC systems would require approximately 280,000 kWh over nine days. Other quantum modalities, such as superconducting, photonic, cold atoms, and ion traps, fall short in either speed or efficiency.

For instance, cold atoms might consume only 20 kW, but solving the same problem would take six months.

That said, there remains a need for caution. Post-selection - used in Nord’s error correction demonstrations, required discarding 12.6% of data per round. While this helped show stability, it introduces questions about real-world consistency.

In quantum computing, the leap from laboratory breakthrough to practical deployment can be vast; thus, the claims on energy reduction and system miniaturization, though striking, need independent real-world verification.

• Upgrading to Windows 11 just got easier - Microsoft introduces a new business backup tool
• Check out the best 3D modeling software for 3D printing and more
• We've rounded up the best portable monitors available now

At 3 a.m. during a red team exercise, we watched customer’s autonomous web agent cheerfully leak the CTO’s credentials - because a single malicious div tag on internal github issue page told it to. The agent ran on Browser Use, the open source framework that just collected a headline-grabbing $17 million seed round.

That 90-second proof-of-concept illustrates a larger threat: while venture money races to make large-language-model (LLM) agents “click” faster, their social, organizational, and technical trust boundaries remain an afterthought. Autonomous browsing agents now schedule travel, reconcile invoices, and read private inboxes, yet the industry treats security as a feature patch, not a design premise.

Our argument is simple: agentic systems that interpret and act on live web content must adopt a security-first architecture before their adoption outpaces our ability to contain failure.

Browser Use sits at the center of today’s agent explosion. In just a few months it has acquired more than 60,000 GitHub stars and a $17 million seed round led by Felicis with participation from Paul Graham and others, positioning itself as the “middleware layer” between LLMs and the live web.

Similar toolkits - HyperAgent, SurfGPT, AgentLoom - are shipping weekly plug-ins that promise friction-free automation of everything from expense approval to source-code review. Market researchers already count 82 % of large companies running at least one AI agent in production workflows and forecast 1.3 billion enterprise agent users by 2028.

But the same openness that fuels innovation also exposes a significant attack surface: DOM parsing, prompt templates, headless browsers, third-party APIs, and real-time user data intersect in unpredictable ways.

Our new study, "The Hidden Dangers of Browsing AI Agents" offers the first end-to-end threat model for browsing agents and provides actionable guidance for securing their deployment in real-world environments.

To address discovered threats, we propose a defense in depth strategy incorporating input sanitization, planner executor isolation, formal analyzers, and session safeguards. These measures protect against both initial access and post exploitation attack vectors.

Through white-box analysis of Browser Use, we demonstrate how untrusted web content can hijack agent behavior and lead to critical cybersecurity breaches. Our findings include prompt injection, domain validation bypass, and credential exfiltration, evidenced by a disclosed CVE and a working proof of concept exploit - all without tripping today’s LLM safety filters.

Among the findings:

1. Prompt-injection pivoting. A single off-screen element injected a “system” instruction that forced the agent to email its session storage to an attacker.

2. Domain-validation bypass. Browser Use’s heuristic URL checker failed on unicode homographs, letting adversaries smuggle commands from look-alike domains.

3. Silent lateral movement. Once an agent has the user’s cookies, it can impersonate them across any connected SaaS property, blending into legitimate automation logs.

These aren’t theoretical edge cases; they are inherent consequences of giving an LLM permission to act rather than merely answer, which acts a root cause for the outlined exploit above. Once that line is crossed, every byte of input (visible or hidden) becomes potential initial access payload.

To be sure, open source visibility and red team disclosure accelerate fixes - Browser Use shipped a patch within days of our CVE report. And defenders can already sandbox agents, sanitize inputs, and restrict tool scopes. But those mitigations are optional add-ons, whereas the threat is systemic. Relying on post-hoc hardening mimics the early browser wars, when security followed functionality, and drive-by downloads became the norm.

Governments are beginning to notice the architectural problem. The NIST AI Risk-Management Framework urges organizations to weigh privacy, safety and societal impact as first-class engineering requirements. Europe’s AI Act introduces transparency, technical-documentation and post-market monitoring duties for providers of general-purpose models rules that will almost certainly cover agent frameworks such as Browser Use.

Across the Atlantic, the U.S. SEC’s 2023 cyber-risk disclosure rule expects public companies to reveal material security incidents quickly and to detail risk-management practices annually. Analysts already advise Fortune 500 boards to treat AI-powered automation as a headline cyber-risk in upcoming 10-K filings. Reuters: “When an autonomous agent leaks credentials, executives will have scant wiggle room to argue that the breach was “immaterial.”

Investors funneling eight-figure sums into agentic start-ups must now reserve an equal share of runway for threat-modeling, formal verification, and continuous adversarial evaluation. Enterprises piloting these tools should require:

Isolation by default. Agents should separate planner, executor and credential oracle into mutually distrustful processes, talking only via signed, size-bounded protobuf messages.

Differential output binding. Borrow from safety-critical engineering: require a human co-signature for any sensitive action.

Continuous red-team pipelines. Make adversarial HTML and jailbreak prompts part of CI/CD. If the model fails a single test, block release.

Societal SBOMs. Beyond software bills of materials, vendors should publish security-impact surfaces: exactly which data, roles and rights an attacker gains if the agent tips. This aligns with the AI-RMF’s call for transparency regarding individual and societal risks.

Regulatory stress tests. Critical-infrastructure deployments should pass third-party red-team exams whose high-level findings are public, mirroring banking stress-tests and reinforcing EU and U.S. disclosure regimes.

The web did not start secure and grow convenient; it started convenient, and we are still paying the security debt. Let us not rehearse that history with autonomous browsing agents. Imagine past cyber incidents multiplied by autonomous agents that work at machine speed and hold persistent credentials for every SaaS tool, CI/CD pipeline, and IoT sensor in an enterprise. The next “invisible div tag” could do more than leak a password: it could rewrite PLC set-points at a water-treatment plant, misroute 911 calls, or bulk-download the pension records of an entire state.

If the next $17 million goes to demo reels instead of hardened boundaries, the 3 a.m. secret you lose might not just embarrass a CTO - it might open the sluice gate to poison supplies, stall fuel deliveries, or crash emergency-dispatch consoles. That risk is no longer theoretical; it is actuarial, regulatory, and, ultimately, personal for every investor, engineer, and policy-maker in the loop.

Security first or failure by default for agentic AI is therefore not a philosophical debate; it is a deadline. Either we front-load the cost of trust now, or we will pay many times over when the first agent-driven breach jumps the gap from the browser to the real world.

We feature the best AI chatbot for business.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Stranger Things season 5's multiple release dates have been revealed
• It'll arrive in three parts between late November and New Year's Eve/New Year's Day
• Netflix is hoping it'll be the biggest festive TV hit of 2025

Good news, everyone! Stranger Things season 5's release date has finally been revealed. Unfortunately, you'll have to tweak your 2025 holiday season plans if you want to stream it as soon as it arrives.

We already knew that Stranger Things 5 was set to be released in 2025 and, according to a major online leak, it was suggested that Stranger Things' final season would arrive this November. Well, that turned out to be partly true.

Announced towards the end of Netflix Tudum 2025, the smash hit show's final season will launch on the world's best streaming service in not one, not two, but three parts. That's the first time that Netflix has chosen to release a new series, or the latest season of one of its TV Originals, on three separate dates.

A post shared by Stranger Things Netflix (@strangerthingstv)

A photo posted by on

As the above Instagram post confirms, Stranger Things season 5 volume 1 will air on November 26 at 5pm PT / 8pm ET in the US. That's the first of three US holidays that the incredibly popular Netflix series' final chapter will land on too – indeed, Thanksgiving 2025 in the US will take place on November 27. Clearly, Netflix is hoping volume 1, which comprises four episodes, will be the most-watched TV show over US Thanksgiving weekend.

That's not the only major holiday Netflix is targeting, though. Volume 2 of Stranger Things 5, which contains three episodes, will debut on Christmas Day (aka December 25) at 5pm PT / 8pm ET in the US. Lastly, the final-ever episode (aka volume 3) of Stranger Things will hit the service on New Year's Eve (December 31) in the US at the same time that season 5's other installments are due to be released.

I fully understand why Netflix is dropping new episodes in this way. The streaming titan wants the final season of one of its most successful series to dominate the TV landscape. It makes sense, then, to release the forthcoming season's eight episodes, all of which are movie-length according to Stranger Things star Maya Hawke, at a time when people will have plenty of downtime over the festive season.

The problem I have with this release format, though, is that it's going to turn many people's festive plans *ahem* upside down.

Take me, for instance. I live in the UK and, considering the eight hour time difference between the US' Pacific Time Zone and the UK's, new installments of Stranger Things 5 won't land on the platform until 1am GMT.

That means myself and many other British fans will have a very late night if we stay up to watch new episodes as soon as they arrive. If we don't, we face the prospect of having to avoid major spoilers online or from family/friends who might have seen the latest episodes before us.

The same is true of fans in other European nations, the Middle East, Asia, and countries like Australia and New Zealand.

Stranger Things season 5's finale might air in the US at 5pm PT / 8pm ET on December 31, so American viewers have the chance to stream it before they welcome in 2026. Many of us won't have that opportunity, though. Do we cut short our New Year's Eve plans with family and/or friends to head home and stream it straight away to avoid spoilers? Or do we ring in 2026, stay off social media until we watch it, and then stream one of the best Netflix shows' last-ever episode, potentially with an almighty hangover?

I get that the world's various time zones mean that somebody is going to unhappy about staying up late or getting up early if they want to watch their favorite show's new season ASAP. Nevertheless, season 5's release structure, coupled with the unusual times that new episodes will air – Netflix usually releases new shows and/or seasons at 12am PT – is a, well, strange thing to do. I guess I'll be staying off social media (and the booze!) over the Christmas holidays until I find the time to stream season 5's final four episodes.

• Netflix wants to turn Saturday morning cartoons upside down with a new animated Stranger Things spin-off
• Stranger Things season 5's 12-month shoot yielded 650-plus hours of footage for its eight 'blockbuster movie' episodes
• Marvel reportedly casts Stranger Things star Sadie Sink in Spider-Man 4, but I don't want her to tackle the roles she's rumored to play

• The UK Government is investing in cyber defences and capabilities
• £1 billion investment includes a new Cyber and Electromagnetic Command
• “Digital Targeting Web” looks to bolster cyber defences and national security

The UK Government has announced plans to invest over £1 billion into a new pioneering “Digital Targeting Web” to bolster cyber defences and national security.

Alongside this, a new Cyber and Electromagnetic Command will aim to ”put the UK at the forefront of cyber operations,” with enhanced targeting capabilities and digital defences.

The investments will look to “spearhead battlefield engagements” by applying lessons learnt from Ukraine to the UK’s weapons systems, enabling faster and more accurate battlefield decisions and better connected military weapons systems.

Cybersecurity and defence is a key priority for this administration, with Prime Minister Kier Starmer committing to an increase in defence spending to 2.5% of GDP, “recognising the critical importance of military readiness in an era of heightened global uncertainty.”

In 2024, the UK announced the establishment of a laboratory dedicated to security research, and invited its allies to collaborate to combat the “new AI arms race” - investing millions into improving cybersecurity capabilities.

The new Command wants to give the British military the upper hand in the race for military advantage by degrading command and control, jamming signals to missiles or drones, and intercepting enemy communications, for example.

The Government warns that cyberattacks are threatening the foundations of the economy and daily life, and with critical infrastructure sustaining 13 cyberattacks per second, the dangers are certainly apparent.

“The hard-fought lessons from Putin’s illegal war in Ukraine leave us under no illusions that future conflicts will be won through forces that are better connected, better equipped and innovating faster than their adversaries,” warns Defence Secretary John Healey.

“We will give our Armed Forces the ability to act at speeds never seen before - connecting ships, aircraft, tanks and operators so they can share vital information instantly and strike further and faster.”

• Take a look at our picks for the best malware removal software around
• Check out our choice for AI tools
• Can the UK be a big data leader in the military?