Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Ivanti Patches New EPMM Vulnerability Linked to Active Zero-Day Exploitation

  Software provider Ivanti has released security updates for a newly identified vulnerability in its Endpoint Manager Mobile (EPMM) platform...

All the recent news you need to know
WhatsApp Privacy
cybersecurity news digital surveillance End To End Encryption Federal Investigation Meta Security Privacy Secure Messaging WhatsApp Encryption WhatsApp Privacy

WhatsApp Encryption Comes Under Spotlight Following Federal Allegations

 


Federal Investigation Into WhatsApp Encryption

A confidential federal investigation into encryption integrity has morphed into a broader debate addressing the technical transparency of one of the largest messaging platforms in the world. According to a Bloomberg report citing individuals familiar with the matter, investigators quietly examined whether Meta’s WhatsApp could, under certain internal conditions, expose access to user conversations despite its longstanding end-to-end encryption assurances. 

There was considerable weight to these allegations, considering WhatsApp has more than three billion users globally, many of whom depend on the platform for confidential personal communications, corporate coordination, and sensitive business communications. The inquiry was led by a special agent from the U.S. Department of Commerce's Bureau of Industry and Security over a period of nearly ten months, during which internal documents were reviewed, interviews were conducted, and an assessment of the handling of message data behind the platform's infrastructure layers was carried out. 

The investigation reportedly intensified after a January 16 internal memorandum circulated across multiple federal agencies claimed that certain Meta employees and contractors could access message content in ways that conflicted with WhatsApp’s public encryption narrative. In spite of the technical and regulatory implications of the findings, the federal investigation was abruptly ended earlier this year without any explanation of the reasons for the sudden halt of the investigation. 

In 2024, an anonymous whistleblower alleged that WhatsApp’s privacy architecture was not as impenetrable as it was publicly portrayed, resulting in renewed controversy surrounding WhatsApp. According to the reports, U.S. authorities began a federal investigation quietly in 2025, ordering investigators to examine whether the messaging service's internal systems allowed access to the supposedly encrypted communications through its internal systems. 

The investigation is reported to have taken nearly ten months. Investigators collected technical records, interviewed personnel, and reviewed the internal operational processes related to Meta's storage and handling of message data. A report indicates that preliminary findings suggested that a mechanism could be established that would allow message content to be exposed unencrypted under certain circumstances, prompting internal attention to the investigation. The investigation was ultimately terminated without any formal public findings, further deepening concerns surrounding transparency and encrypted data governance.

Meta Defends WhatsApp’s Encryption Architecture

According to Meta, WhatsApp's end-to-end encryption framework prevents even the company itself from gaining access to message content while it is being transmitted. WhatsApp has consistently denied allegations that it reads private conversations on the service. After Meta acquired WhatsApp in 2014, the platform introduced end-to-end encryption globally in 2016. The system was designed so that only the sender and recipient possess the cryptographic keys required to unlock conversations. From a technical standpoint, the encryption architecture continues to be regarded by many cybersecurity researchers as fundamentally secure during message transmission. 

Public Distrust and Global Security Concerns

The public, however, remains skeptical of the program, partly because many users believe ads often appear to relate to topics discussed in supposedly private conversations. The perception of large-scale data collection practices in digital ecosystems has continued to fuel distrust, even though no verifiable evidence has conclusively demonstrated that WhatsApp monitors encrypted communications for advertising purposes. 

A number of governments and state institutions have emphasized the potential threat WhatsApp poses to sensitive communications, despite its claims that it is encrypted. The concerns extend beyond consumer privacy issues to national security concerns and operational risk management concerns. A number of countries, including Iran and Russia, have repeatedly expressed concerns regarding the platform’s data handling practices and foreign ownership structure, including the United States, where the application was prohibited from being used on official devices for the House of Representatives. 

In addition, a class action lawsuit filed in San Francisco in 2026 alleges that Meta unlawfully intercepted and shared private WhatsApp communications with unauthorized parties, adding further pressure. It was alleged in the complaint that company personnel could access messages in real time via internal request systems. According to report, one federal investigator involved in the investigation concluded Meta can store text, audio, image, and video data in a non-encrypted format within certain backend environments. This claim has been strongly contested by the company. 

India’s Encryption and Traceability Clash

In India, where privacy rights and regulatory oversight have increasingly collided over digital communications, the encryption debate has been particularly significant. After WhatsApp updated its privacy policy in 2021, tensions escalated. At the same time, the Indian government introduced new information technology rules requiring message service providers to provide a method for “tracing” messages so that law enforcement can examine them. 

WhatsApp would have been forced to fundamentally change its encryption model in order to comply with the regulations, effectively undermining the fundamental principle of end-to-end encryption. As a result, the platform challenged the requirements in court, arguing that a requirement for traceability would substantially compromise user privacy and weaken the protections provided by digital security.  In spite of India enacting the Digital Personal Data Protection Act in 2023, the legal dispute has not yet been resolved. 

When WhatsApp appeared before the Delhi High Court in 2024, it stated that it may be forced to cease operations in India if forced to violate encryption safeguards, a scenario that would negatively impact approximately half a billion users. Despite the ongoing legal standoff, the platform continues to operate in India without implementing the government's traceability requirement, tkeeping the broader debate surrounding encryption, surveillance, and digital privacy far from resolved. 

Whistleblower Complaint and Operation Sourced Encryption

The allegations against Meta did not originate from online speculation or public conspiracy theories but reportedly emerged through a formal whistleblower complaint submitted to the U.S. As stated in the complaint filed by the Securities and Exchange Commission in 2024, WhatsApp may have provided limited access to user communications, despite repeated assurances regarding end-to-end encryption provided by the platform. 

The seriousness of the allegations prompted federal authorities to quietly launch an internal investigation that remained largely shielded from public scrutiny. An investigation was later handled by a special agent within the Bureau of Industry and Security, specifically through its Office of Export Enforcement, where Operation Sourced Encryption was reportedly conducted. 

During the inquiry, officials interviewed individuals familiar with Meta’s operational workflows, reviewed internal technical processes, and examined whether backend systems created any pathway through which employees or contractors could access message-related content after transmission. 

Internal Findings and Access Allegations

The investigation reached a turning point in January 2026 when the lead agent circulated a memo to numerous agencies, including the Securities and Exchange Commission and the Federal Trade Commission, regarding the allegations of misrepresentation. According to the memorandum referenced in the report, the agent concluded that Meta possessed the technical capability to store and potentially access WhatsApp communications, including text messages, photographs, audio clips, and video recordings.

The findings further suggested that certain internal practices could conflict with federal standards governing consumer privacy and corporate disclosure One of the investigation’s central findings involved what the agent described as a ‘tiered permissions system,’ an internal access framework allegedly active since at least 2019. 

According to the memo, the structure provided varying levels of platform visibility to employees, contractors, and overseas personnel, including workers based in India. Individuals interviewed during the probe reportedly stated that moderation-related operations conducted through Accenture involved broad access to message-associated content.” 

Sudden Shutdown of the Federal Probe

If the findings were circulated internally, senior leadership of the Commerce Department reportedly ordered the investigation to be terminated shortly thereafter. Those officials who supported the closure of the investigation later referred to the agent's conclusions as "unsubstantiated" and argued that the investigation exceeded the authority typically granted to export enforcement officers. 

Though the federal investigation was formally terminated without any public release of its conclusions, the controversy has intensified scrutiny of the ways in which encrypted communication platforms manage backend infrastructure, moderation systems, metadata processing, and administrative access controls.

The investigation has heightened industry concerns over whether large-scale messaging platforms will be able to simultaneously maintain strong encryption guarantees, regulatory compliance, and operational oversight without creating hidden exposure points, despite Meta's continued rejection of allegations that WhatsApp compromises private conversations. 

There are now many questions raised by regulators, cybersecurity researchers, and privacy advocates that go far beyond a particular application, resulting in a profound debate regarding transparency, trust, and the future architecture of secure digital communications.
Read more »
User Privacy
Beagle Backdoor Claude AI Malvertising malware User Privacy

Fake Claude AI Site Spreads New Beagle Windows Backdoor – Here’s How to Stay Safe

 

Cybercriminals have launched a sophisticated malvertising campaign using a fake Claude‑AI website that installs a new Windows backdoor called “Beagle,” highlighting how attackers are weaponizing the popularity of AI tools against software developers. The deceptive site, reachable through sponsored search results, mimics Anthropic’s legitimate Claude interface and lures users into downloading what appears to be a productivity‑oriented “Claude‑Pro Relay” tool but is in fact a poisoned installer.

Modus operandi 

The malicious domain claude‑pro[.]com presents a stripped‑down clone of the official Claude design, using similar colors and fonts to create a veneer of legitimacy. However, most navigation links on the page simply redirect back to the homepage, and the only functional element is a large download button that serves a 505‑MB archive named Claude‑Pro‑windows‑x64.zip, which contains a trojanized MSI installer. Users who bypass standard security hygiene—such as verifying the URL or ignoring suspicious “sponsored” tags—end up deploying this bundle on their machines. 

Once the MSI executes, it drops three files into the Windows Startup folder: NOVupdate.exe, NOVupdate.exe.dat, and a malicious DLL named avk.dll. The first file is a legitimate, digitally signed updater from G Data security software, which attackers abuse via DLL sideloading to load the malicious avk.dll instead of the genuine library. This DLL decrypts the encrypted data file, then executes the open‑source in‑memory loader DonutLoader, which in turn deploys the final payload—the Beagle backdoor—entirely in memory to evade disk‑based detection.

Beagle backdoor capabilities

Beagle is a lightweight but dangerous Windows backdoor that gives attackers remote control over an infected system. It supports a small set of commands such as running arbitrary shell commands, uploading and downloading files, creating and renaming directories, listing folder contents, and uninstalling itself to destroy evidence. The malware communicates with its command‑and‑control server at license[.]claude‑pro[.]com over TCP port 443 or UDP port 8080, encrypting traffic with a hardcoded AES key to make network monitoring more difficult. 

Attribution and broader implications Security researchers have not yet pinned the campaign to a specific named threat group, but they note technical overlaps and suggest the same actors behind the PlugX malware family may be experimenting with this new payload. The fact that the attackers impersonate major security vendors in other related samples—such as Trellix, CrowdStrike, SentinelOne, and Microsoft Defender—points to a broader malvertising and supply‑chain‑style strategy.

How users and organizations can protect themselves 

Organizations should block the domains claude‑pro[.]com and license[.]claude‑pro[.]com at the DNS and firewall level and search endpoints for NOVupdate.exe and avk.dll in Startup folders, which are strong indicators of compromise. End users, especially developers, must download Claude and similar AI tools only from verified official domains, treat sponsored search results with skepticism, and verify URLs before clicking installers. Updated endpoint protection, EDR logging, and user‑awareness training on AI‑related phishing and malvertising are critical to mitigating this evolving threat.
Read more »
Meta Privacy Concerns
child online safety laws Cyber Security Digital Security Meta Meta Platforms Meta Privacy Concerns

Meta Challenges Ofcom Over Online Safety Act Fees and Penalties

 

Challenging new rules, Meta - owner of Facebook and Instagram - is taking Ofcom to the High Court amid disputes about charges tied to the Online Safety Act. The legal move stems from disagreements on how costs and fines are set by the UK's communications watchdog. 

July 2025 marked the start of a legal shift meant to curb damaging material on internet services. Funding oversight duties now fall partly on big tech firms, each paying yearly charges based on global earnings. These payments support Ofcom’s work monitoring digital spaces. Rules took effect without delay once enacted. Revenue ties ensure contributions scale with company size. Later in 2025, new rules took effect targeting firms with annual earnings above £250 million. 

These apply specifically to digital spaces like social networks and search tools - any platform allowing user-generated posts falls under scrutiny. While scale matters, the core focus remains on interactive online environments. Revenue size triggers obligation; activity type defines scope. What stands out is how Meta views the regulator's approach to setting operational charges and potential fines as skewed, placing too much burden on just a few major tech players. Shaped by courtroom arguments, legal representatives emphasized that today’s framework demands disproportionate contributions from firms like theirs. 

Though the Online Safety Act applies across a wide range of online services, the cost structure reflects something narrower in practice. One outcome - seen clearly - is that even minor shifts in methodology could alter financial exposure significantly. Behind these figures lies an assumption: larger platforms must pay more simply because they can. Yet the law itself does not single them out for heavier obligations. 

Instead, what emerges is a system where scale becomes a proxy for liability without clear justification. Disputing the method behind calculating eligible international income forms part of the legal argument. Court documents show Meta arguing penalties ought to reflect earnings only from UK-based operations, not total global turnover. Should firms fail to meet online safety duties, penalty amounts might reach 10% of global turnover - or £18 million - whichever figure exceeds the other. 

Another layer emerges where Meta contests methods used to assign sanctions if several units within one corporate family share fault. Later in London, at an early court session, officials heard that Epic Games - creator of Fortnite - and the Computer and Communications Industry Association might ask to join the legal matter. The possibility emerged through statements presented to the High Court. 

Later this year, more sessions will follow after Mr Justice Chamberlain pointed to matters of broad public significance in the case. Come October, a complete hearing should unfold. Following prior disputes over the Online Safety Act by various groups, litigation has now emerged again. Though distinct, last year’s challenge by the Wikimedia Foundation dealt with related rules on age checks - and ended in defeat. 

Despite pushback, Ofcom stood by its method, saying fees and penalties followed directly from how the law is written. Rather than accept Meta's concerns, the authority insisted the system makes sure firms with major online influence support efforts to keep users safe. Still, Meta insists it will keep working alongside Ofcom, though parts of the rollout feel excessive to them. Even with their suggested adjustments, oversight bodies could still hand down penalties among the highest ever seen on British companies.
Read more »
Technology
AI Bitcoin Crypto ETH Etherium Quantum Computing Technology

Crypto at Risk: Experts Believe Quantum Threat Arriving by 2030


A recent report has warned that cryptographic foundations that secure trillions of dollars in digital currency can be hacked by quantum computers within the next four to seven years, and the blockchain industry is not prepared for damage control.

About quantum computing and threats

Project Eleven, a quantum security firm, published a report that said these quantum computers, even one, is powerful enough to hack the elliptic curve digital signatures securing Ethereum, Bitcoin, and other big blockchains. Experts say they won’t exist beyond 2033, and may end soon by 2030. The window for action is closing fast. According to the report, “Migration to quantum-resistant cryptography is no longer optional but imperative for any blockchain system expected to be trusted and secure into the future." 

Why is quantum computing so fast?

Recent innovations have significantly lowered the hardware bar needed to launch such attacks. A breakthrough Google paper said that breaking the elliptic curve cryptography threshold could be achieved within 1,200 logical cubits, and less than 90 minutes of computing time on a supercomputing hardware.

Google has put a Q-Day (like D-day)  at 2032. Project Eleven’s research has decreased the timeline by two years: 2030. The report estimates that 6.9 million Bitcoin (one third of the total estimated supply) have already been leaked on-chain, exposed to the potential quantum attack. For ETH, exposure is more, with over 65% of all ETH held in quantum-exposed addresses.

Why are blockchains weak against quantum computing?

The public ledgers and bearer-instruments offer no security. Blockchains has no scam department, no redressal platform for stolen funds, and no chargeback measures. If a quantum hacker recovers a private key and steals money, the loss is permanent. The transition problem is further fouled by slow-moving blockchain governance. 

What makes blockchains particularly vulnerable, the report explains, is that their public ledgers and bearer-instrument design offer no safety net. Unlike a bank, a blockchain has no fraud department, no chargeback mechanism, and no way to reverse a forged transaction. Once a quantum attacker recovers a private key and drains a wallet, the loss is permanent. 

Why is crypto migration difficult?

Bitcoin SegWit upgrade took more than two years to complete whereas ETH’s transition of proof stake took around 6 years to build. Quantum migration reaches the most basic layer of any blockchain mechanism.

The tech world has already started moving. More than half of web traffic (human) is currently post-quantum encrypted, Cloudflare data from December 2025 said. 

Is the digital industry prepared?

The digital asset industry lacks preparedness. Crypto developers are suggesting various proposals but these plans will take years to execute while the threat is already brushing businesses and users.

"The internet has already moved," the report added. "The digital asset industry—which arguably has more at stake because blockchains directly protect bearer value with the exact cryptographic primitives that quantum computers threaten—has barely started."

Read more »
Supply Chain Security
API Token Exposure Cloud Cyber Extortion Cyber Threats DevSecOps Security GitHub Token Leak Grafana Breach Supply Chain Security

GitHub Token Exposure at Grafana Triggered Codebase Theft Incident


 

Following the acquisition of a privileged GitHub token tied to Grafana Labs' development environment, a threat actor quickly escalated the initial credential exposure into a significant source code security incident. It was possible for the attacker to gain access to the company's private GitHub infrastructure, extract internal code repositories, and then attempt to extort payment from the organization via unauthorized access.

In addition to revoked credentials quickly, Gloria Labs launched an internal forensic investigation to determine the origin of the exposure and limit further risks. In spite of the fact that the breach resulted in access to sensitive development assets, the company announced that investigators found no evidence of data compromise, disruption of operations, or unauthorized access to user environments as a result of the breach. 

Grafana’s widespread use in modern observability environments has drawn significant attention across the cybersecurity community due to the platform’s widespread role in monitoring infrastructure, cloud workloads, applications, and telemetry systems through centralized dashboards and analytics. The incident has attracted significant attention across the cybersecurity community.

In the course of the investigation, Grafana Labs disclosed that after detecting unauthorized activity, its security team initiated an immediate forensic response, eventually tracing the source of credential exposure and revoking the compromised access token in order to prevent further intrusion. Additionally, additional defensive controls were implemented across the company's development environment as part of its efforts to contain and harden the environment. 

Afterwards, the threat actor attempted to extort the organization by requesting payment in exchange for delaying publication of the stolen data, according to the disclosure. Grafana, however, chose not to engage in ransom negotiations, aligning its response with Federal Bureau of Investigation guidance, which has consistently emphasized that paying extortion demands does not ensure data recovery nor prevent future misuse of stolen information. 

A number of federal authorities have warned against ransom payments, stating that they rarely ensure suppression of stolen data and often contribute to additional criminal activity targeting technology providers and enterprise platforms. 

The exact timeline of the attack or the length of time the attacker was permitted access to Grafana Labs' GitHub environment have not been disclosed, as only that the incident has recently been discovered. It is also noteworthy that the company did not explicitly attribute the intrusion to a specific threat actor. 

However, various cyber threat intelligence reports, including Halcyon and Fortinet FortiGuard Labs assessments, have linked claims surrounding the incident with CoinbaseCartel, a collective of data extortionists. It has been noted that the group is an emerging extortion-focused operation that emerged in late 2025 and has operational overlap with criminal ecosystems such as ShinyHunters, Scattered Spider, and LAPSUS$ based on public statements released by Grafana.

According to the company's public statements, investigators believe that the intrusion occurred due to the compromise of privileged authentication tokens used in Grafana's development process. As a result, these tokens are frequently used to authenticate automated processes, integrations, and development workflows without requiring repeated manual logins. Although highly beneficial to operational efficiency, exposed tokens can also serve as high-value attack vectors when given broad permissions. 

In this case, Grafana Labs' GitHub environment was compromised as a result of a compromised token that allowed the attacker access to private source code repositories within Grafana Labs. Despite the company's assertion that no customer information, user environments, or operational systems were compromised, the exposure of proprietary source code remains a significant security concern within software supply chain environments.

Although Grafana stated that customer environments were not affected, unauthorized access to proprietary source codes remains a serious concern, as attackers have the capability of analyzing internal architecture, configurations, or development logic to identify vulnerabilities that may later be used to conduct targeted attacks or other supply chain risks. 

Grafana is widely deployed observability technology, and therefore the security of its development infrastructure is of particular importance. Attacks against software vendors may result in downstream risks affecting customers, cloud deployments, as well as broader enterprise environments linked by modern DevOps and observability pipelines. Upon tracking the threat intelligence associated with the incident, it has been determined that the operators behind the claimed attack are primarily engaged in data theft and extortion operations rather than conventional ransomware operations that encrypt files. 

Over 170 victims have been linked to the group across sectors such as healthcare, transportation, manufacturing, and technology, reflecting the growing trend toward cyber-attacks that focus on data theft and extortion. There has been no public announcement by Grafana Labs regarding which repositories or internal projects were accessed during the breach, indicating that there is no clear understanding of the scope of the material that was downloaded. Grafana Labs has not disclosed which repositories were accessed during the breach. 

In addition to Grafana Cloud, Grafana's managed cloud monitoring platform is widely used across enterprise environments for observing observability. In addition to the disclosure, cyber attacks aimed at extortionating software vendors and cloud service providers are also becoming increasingly aggressive. Following threats of leaking large volumes of data supposedly associated with schools and universities across the United States, Instructure reportedly agreed to negotiate with threat actors connected to ShinyHunters following an alleged agreement to negotiate. 

Grafana Labs' decision to reject the extortion demand reflects a growing industry debate concerning ransomware economics, incident response strategies, and the long-term consequences of compensating cybercriminals. A company statement in accordance with advice issued by the Federal Bureau of Investigation stated that paying attackers would not guarantee the suppression of the stolen material nor eliminate the possibility of future abuse, resale, or repeated extortion attempts. 

The company notes that organizations have no assurance that the stolen information will actually be removed after payment, which makes ransom negotiations risky and uncertain from an operational perspective. The incident emphasizes the high value of authentication tokens, API credentials, and machine-level secrets within enterprise environments, in addition to the breach itself.

In order to reduce the risk of token-based intrusions and software supply chain attacks, security teams are increasingly recommending implementing measures such as short-lived credentials, least privilege access, credential rotation, and multi-factor authentication. They also recommend continuous monitoring of repositories and continuous delivery pipelines. 

The enterprise attack surface has been increasingly centered around GitHub repositories, package distribution systems, internal build pipelines, and cloud-based engineering environments, which require security controls comparable to those protecting production infrastructure. Grafana Labs has gained attention for its relatively transparent disclosure approach despite the seriousness of the intrusion. 

A statement from the company outlined the compromise, clarified what investigators believe remains unaffected, disclosed the attempted extortion component, and indicated that further details may become apparent as the forensic investigation proceeds. At present, the known impact appears to be limited to unauthorised access and download of internal source code repositories, with no evidence suggesting that customer environments, operational systems, or personal information has been compromised.

Grafana remains closely monitored across the cybersecurity community, as it is widely used throughout production observability stacks and cloud-native enterprise environments around the world. Despite Grafana Labs' assurance that customer systems and personal data were not affected, the incident highlights the increasing importance of securing development infrastructure, access credentials, and cloud-connected engineering environments against increasing sophistication in extortion-focused threats.
Read more »
technology
AI in robotics App Store Artificial Intelligence Hugging Face ML Model technology

Hugging Face Opens New App Marketplace for Reachy Mini Robots With Over 200 Community-Created Apps

 




Artificial intelligence platform Hugging Face has launched a dedicated app marketplace for its Reachy Mini desktop robot, opening robotics development to a much wider audience beyond engineers and programmers.

The new Reachy Mini App Store arrives less than a year after the company introduced the low-cost robot in July 2025 following its acquisition of robotics startup Pollen Robotics. Unlike traditional robotics systems that often require technical expertise and expensive hardware, Reachy Mini was designed as a small desktop robot that ordinary users can experiment with at home or in workplaces.

The store already contains more than 200 applications created by community members. Owners of the robot can install these apps without paying additional fees. At present, developers cannot monetize their creations, although Hugging Face says the system may support paid apps later because the platform is built on its existing “Spaces” infrastructure for hosting AI applications.

According to Hugging Face CEO Clément Delangue, the company’s main objective is to remove the technical barrier that has historically made robotics inaccessible to most people. He explained that users without coding or engineering experience are now building working robot applications in less than an hour using AI-powered tools.

A major obstacle in robotics has long been the shortage of large public datasets. While large language models improved rapidly using enormous collections of publicly available software code from platforms such as [GitHub], robotics-specific programming data remains far more limited. This has traditionally made it difficult for AI systems to understand how physical machines operate or interact with hardware components.

To address this problem, Hugging Face developed a system that allows users to describe robot behaviors in normal language instead of writing complex code manually. For example, a user can simply instruct the robot to wave when greeted. An AI agent then generates the necessary code, checks whether it works within the robot’s hardware limitations, and prepares the application automatically.

The company says the platform supports multiple AI models rather than relying on a single provider. Developers can use Hugging Face’s own “ML Intern” tool or connect external models including GPT-5.5, Claude Opus 4.6, Gemini Live, Mini Max GM5, Kimmy 2.6, and Deep Sig V4 Pro. Official conversation-based apps currently use OpenAI Realtime and Gemini Live for real-time interaction.

Hugging Face argues that these higher-level software abstractions substantially reduce the amount of time needed to build robotics applications. Tasks that previously required weeks of integration work can now reportedly be completed within minutes.

The Reachy Mini itself is positioned as an affordable alternative to commercial robotics platforms. The company noted that robots from firms such as Boston Dynamics can cost tens of thousands of dollars, while some competing Chinese systems begin at more than $1,900.

Reachy Mini is available in two versions. The Reachy Mini Lite costs $299 plus shipping and connects to an external computer through USB for processing. The wireless edition costs $449 plus shipping and includes built-in computing hardware using a Raspberry Pi CM4 alongside Wi-Fi support.

Delangue said approximately 10,000 units have already been sold, including 3,000 purchases within the past two weeks alone. Hugging Face expects another 1,000 robots to ship within the next month.

People who do not own the robot can still experiment with the platform through a browser-based simulator that recreates the robot in a virtual 3D environment. Users can also duplicate existing apps through a feature known as “forking” and then modify them using AI instructions, such as changing a robot’s responses into another language.

The App Store forms part of Hugging Face’s broader “Le Robot” initiative launched in 2024 to publish open-source robotics code, tutorials, and hardware resources online. Unlike developer-focused repositories, the Reachy Mini App Store was designed specifically for non-technical users and hobbyists.

More than 150 creators have already contributed applications to the store, many without previous robotics experience. One example highlighted by the company involved 78-year-old retired marketing executive Joel Cohen, who has no technical training and is colorblind. Despite taking two weeks to assemble his Reachy Mini Lite, a process that normally requires only a few hours, Cohen used AI tools to create a robot assistant for CEO discussion groups held over Zoom. The system greets participants by name, verifies claims during discussions, summarizes conversations, and challenges shallow responses in real time.

Other applications developed by the community include a chess-playing robot that jokes about user mistakes, a productivity assistant that detects phone usage, a language-learning companion that corrects pronunciation, and a Formula 1 race commentator that narrates races live.

Delangue also described creating his own office receptionist application in under two hours. The system uses facial recognition to identify visitors, greet them, ask whom they are meeting, and automatically send notifications to employees.

According to Delangue, developing robotics software previously required deep specialization and months of work for people outside the robotics industry. Hugging Face believes combining low-cost hardware with AI agents capable of generating code could reshape how ordinary users interact with robots.

The company says its longer-term goal is to make robotics resemble the personal computer and smartphone markets, where hardware becomes widely available and software creation is no longer restricted to technical specialists.

Read more »
Subscribe to: Posts (Atom)

Featured