Radar Trends to Watch: April 2025 – O’Reilly

Radar Trends to Watch: April 2025 – O’Reilly

by


March has been the biggest month that Trends has ever had. In addition to almost daily announcements about AI, a lot has been going on in programming, in security, in operations (which usually doesn’t merit its own topic), and even in quantum computing. It’s been a long time since we’ve had much to say about social media, but with a reboot of Digg, a new attempt at Napster, and alternatives to Facebook and Instagram, we’re wondering: Has the world tired of the current platform? Someone obviously thinks so.

And we should spend some time on AI. I’ve been running LLMs locally on my laptop. Gemma 3, R1, and QwQ all work well–especially the 4B version of Gemma 3, which is reasonably fast even without a GPU. If you want to spend $10K, you can run DeepSeek’s V3 on a loaded Mac Studio. Does the future belong to giant AI providers? They’ll remain important, but the alternatives are getting better every day.


Learn faster. Dig deeper. See farther.

What will April bring?

AI

  • OpenAI has adopted Anthropic’s Model Context Protocol (MCP), an open protocol that prescribes how agents talk to external services.
  • OpenAI has replaced DALL-E with a new image generator for GPT-4o. It gives users better control over placement, which is needed for professional use.
  • The full (641 GB) version of DeepSeek’s latest V3 can run on a Mac Studio with the M3 Ultra chip and 512 GB of RAM. Open models running locally can compute with proprietary models in the cloud.
  • Unlike other AI benchmarks, ARC-AGI-2 focuses on tasks that are easy for humans but difficult for AI systems. If we’re going to attain general intelligence, ARC-AGI-2 shows the way.
  • Claude 3.7 Sonnet has added a tool for searching the web. It’s also added a think tool that allows Claude to determine when it needs to stop during the reasoning process and gather more data to complete the current task.
  • OpenAI has refresh edits audio models. Updates include promptable voice synthesis that lets users describe how to say something (GPT-4o mini TTS) and a new transcription model (GPT-4o Transcribe).
  • NVIDIA has announced DGX Spark and DGX Station, both desktop supercomputers for AI. The price for an entry-level system will probably be around $3,000.
  • OLMo 2 32B is a new addition to the OLMo 2 models. It outperforms GPT-4o mini while requiring minimal resources to run it. Like the rest of the OLMo family, it’s completely open: source code, training data, evals, intermediate checkpoints, and training recipes.
  • Anthropic has developed a text editor tool as part of its computer use API. The text editor tool allows Claude 3.5 or 3.7 to modify files directly; for example, it can make changes directly in source code rather than suggesting changes.
  • Google has announced Gemini Robotics, two models based on Gemini 2.0 that are designed to deal with the physical world. Robotics uses multimodal input to control physical devices; Robotics-ER can reason about physical objects.
  • Google has released Gemma 3, the latest in its Gemma series of open models. Gemma 3 is multimodal, has a 128K context window, comes in sizes from 1B to 32B, and was designed to support safe, responsible development. It’s available from GitHub and other repositories.
  • Local Deep Research is a tool that looks up resources, similar to the deep research offerings from OpenAI and other AI vendors, but uses Ollama to run the model of your choice locally.
  • OpenAI has announced several new tools aimed at helping developers build agents. The Responses API is a simple interface for querying models; web search facilitates web searches; computer use allows applications to perform tasks on other computers, like Anthropic’s tool of the same name; and file search allows applications to search for data locally.
  • A new Chinese agent, Manus, claims to be an “general AI agent” that “delivers results.” It’s currently in private beta, though outsiders can submit tasks; the results may (or may not) be posted on Manus’s site. Manus appears to be built on top of Claude, using its agent APIs.
  • Letta is a framework for building AI applications that have long-term memory. This means that you can build agents that know what you’ve done in the past.
  • DeepSeek’s recent “Open Source Week” didn’t receive as much attention as it deserved. Every day, the company shared one of the libraries that it used to build R1. PySpur has done us all a service by summarizing DeepSeek’s releases.
  • Alibaba has released the final version of QwQ-32B, a reasoning model that it claims has performance equivalent to DeepSeek’s R1, a 671B model. The previews of QwQ were impressive; time to see whether it lives up to its claims.
  • OctoTools is a platform for developing agents. It doesn’t require training; it’s extensible, with tool cards to define the capabilities of tools it can use. It includes a planner to generate a series of actions to accomplish a task and an executor that executes those commands.
  • Unlike earlier language models, reasoning models will cheat to win chess games. Cheats include removing an opponent’s pieces from the board and attempting to modify the opposing chess engine. It’s unclear why this happens, or what it means.
  • agents.json is a specification for describing the contract between agents and APIs. It’s based on the OpenAPI standard. agents.json allows agents to discover how to use other services.
  • Researchers from DeepSeek have released a paper on “native sparse attention,” a technique for making attention mechanisms much more computationally efficient. NSA might open the way for infinite context windows.
  • Brain2Qwerty is a new language model designed to translate brainwaves into alphabet characters. It’s noninvasive, relying on EEGs or similar technology to detect brainwaves. Despite a high error rate, Brain2Qwerty is a significant step forward.
  • Academic research on a model that has been fine-tuned specifically to generate insecure code has discovered that the model will behave deceptively and inappropriately in other ways. The researchers have named this “emergent misalignment.”
  • olmOCR is an open source tool for recognizing and extracting text from just about anything while preserving natural reading order. Among other things, it supports tables, equations, and handwriting.
  • Microsoft has released bitnet.cpp, an inference framework for 1-bit models. It’s open source.
  • General Reasoning provides open source questions and reasoning traces for training open reasoning models. It’s open for contributions. Data is available either from its API or through Hugging Face.

Programming

  • Scallop is a new programming language designed for neurosymbolic programming. It’s built on top of the Datadog analytics platform and integrates well with PyTorch.
  • Remember Asteroids? Now there’s a version that’s driven by Wikipedia edits: Each edit spawns a new asteroid. Creation of a new article gives the player an extra life.
  • Oracle has released Java 24, which includes APIs to support post-quantum cryptography and the development of AI applications.
  • A new programming language named Rhombus looks like it might be worth trying. It’s “stable enough to be useful, but not done.” Who said that language development would stop in the age of AI?
  • Kagent is an open source framework for managing AI agents in the cloud with Kubernetes. It uses the Model Context Protocol (MCP) to access other tools it needs.
  • Cross-document view transitions sound awful, but they allow web developers to build sites from many small HTML pages.
  • Stack traces are underrated. They’re particularly useful for helping an AI assistant to debug.
  • The leader of the Neovim project foresees brain-computer interfaces for a world without keyboards. He’s also talking about more mundane features, like AI extensions and a Wasm Neovim artifact that would allow embedding Neovim in web apps.
  • Torii is an authentication framework for Rust that lets developers decide where to store and manage users’ authentication data. It doesn’t require a specific cloud or storage provider; users can plug in the provider of their choice.
  • How do you authenticate AI agents? OAuth works, of course, but there are good questions about whether it can scale to support the loads that AI agents will bring.
  • Jupyter has announced support for running R in the browser using WebAssembly.
  • Postgres can be used as a graph database by taking advantage of the pgRouting extension. Whether this is a better solution than a dedicated graph database is up to you.
  • There are obsessions, and there is implementing a Wasm virtual machine capable of running Doom using only the TypeScript type system. Given last month’s demonstration of Linux booting in a PDF in a browser, we can say that amazing, useless, and fun hacking is thriving.
  • Google has improved memory safety in its C++ applications by adding “spatial memory safety” (in less academic terms, array bounds checking) to libc++. The surprise is that this addition didn’t reduce performance significantly.
  • Google’s Gemini Code Assist (the company’s equivalent to GitHub Copilot) is now free for up to 180,000 code completions per month. Google also announced Gemini Code Assist for GitHub, which facilitates using GitHub for code reviews.
  • The open source curl utility is implemented in the safest 180,000 lines of C code anywhere. It’s worth watching curl’s creator, Daniel Stenberg, talk about writing safe code in an unsafe language.

Security

  • Cloudflare is blocking all unencrypted (i.e., non-HTTPS) attempts to connect to its APIs. Opening an unencrypted connection can inadvertently reveal sensitive information, even if the server only responds with a redirect or 403 (forbidden) code.
  • Cybercriminals are using online file conversion tools to steal information and infect sites with malware, including ransomware.
  • Cybercriminals have also succeeded in using Microsoft’s Trusted Signing service to sign malware, allowing malware to appear legitimate and to pass many security filters.
  • GitHub has announced a tool that scans source repositories for secrets (for example, login credentials, account keys) that shouldn’t be disclosed.
  • A supply chain attack against GitHub Actions has exposed CI/CD secrets embedded in over 20,000 repositories. The primary target of the attack appears to have been Coinbase, but there’s a lot of collateral damage.
  • Innovation in phishing is outpacing tools for detecting phishes. The most recent advances in use fake sites to bypass multifactor authentication, in a variation of man-in-the-middle attacks.
  • Atomic Object has published a list of resources and best practices for security, safety and privacy when building language models into software.
  • A new ransomware decryptor for the Akira ransomware uses GPUs to brute-force the keys. It’s available on GitHub.
  • A hostile third-party JavaScript library has been used to inject four backdoors into over 1,000 WordPress sites.
  • Silk Typhoon, a cyber espionage group sponsored by the Chinese government, has been going through GitHub repos and other public sources to find API keys and other credentials that they can use in attacks. Keep your private keys private!
  • GitVenom is an info-stealing attack. Attackers have created many GitHub repositories for projects that contain malicious code. When victims download the repository and execute the code, it steals credentials, wallet data, and other information.
  • Simon Willison’s post, “Grok 3 Is Highly Vulnerable to Indirect Prompt Injection,” does a great job of explaining an important large model vulnerability.

Operations

  • Cloudflare is defending its clients from AI bots that ignore robots.txt and scrape their content by generating a “labyrinth” of fake content on the fly when an AI bot is detected, trapping it in useless information.
  • Where is observability going? Charity Majors’s post is a must-read. Let’s forget about 2.0 and 3.0. Will observability become more like data governance? Is observability data destined for a data lake?
  • xlskubectl lets you manage a Kubernetes cluster through a Google spreadsheet. That may sound weird, but is it really any worse than wrestling with configuration files?
  • eBPF allows distributed system monitoring and observability rather than centralized monitoring. By moving intelligence to the nodes where the data is generated, systems can respond to issues in real time.
  • The OpenCost project provides tools for monitoring and predicting cloud expenses.
  • European cloud providers offer an alternative to AWS, Azure, and Google Cloud. These providers focus on trust, predictable costs, and less complex APIs—and keeping data away from the US, of course.

Web

  • Napster lives? It’s being purchased by a company that wants to build a music-oriented social media site. With blockchains and the metaverse.
  • Cara and Pixelfed are alternatives to Facebook and Instagram for artists and photographers who want to participate in online spaces where generative AI is not allowed.
  • The return of Digg? This time with AI-driven content moderation? Kevin Rose, one of Digg’s original founders, thinks so. The key is giving communities the tools they need.
  • The Opera browser is adding agentic browsing. Users can describe tasks that they want the browser to perform. User data is kept locally; agentic browsing runs entirely in the browser, and doesn’t rely on external servers.

Quantum Computing

  • The Bell-1 is a new 6-qubit quantum computer. It’s significant because it’s on the market; its cooling system is much smaller than a dilution refrigerator; and it incorporates both classical silicon integrated circuits and quantum circuits.
  • Researchers have shown that a quantum system has an advantage over classical computers in playing a specific game. There have been other claims about quantum advantage, but this is the first that involves a task that can be explained to a normal human.
  • USTC, the University of Science and Technology of China, has demonstrated “quantum supremacy” with a 105-qubit quantum computer. Their results on random circuit sampling are a million times faster than Google’s best published results.
  • PsiQuantum claims that it has a quantum chip design that can be manufactured at scale. It also claims impressively low error rates for its photon-based qubits.
  • Google has introduced quantum-safe signatures to the key management system for Google Cloud. This is an important step toward safe post-quantum cryptography.

Biology

  • A biohybrid robotic hand incorporates living muscles from lab-grown human cells. The biggest problem is keeping the muscles alive. And like human muscles, they get tired and need to rest after a few minutes of work.
  • No woolly mammoths yet (more precisely known as cold-adapted elephants), but CRISPR has now given us woolly mice. The mice are a proof of concept, and are easier to experiment with. Their creators don’t yet know if they can tolerate cold better than regular mice.

Augmented and Virtual Reality

  • A startup has developed a new mixed-reality system that tracks the user’s eyes to compute what it should project onto a transparent screen.





Source link