Microsoft has sharply raised prices across its Surface lineup as RAM and component costs keep climbing. "Both its midrange and flagship Surface lines are now significantly more expensive than they were just a few weeks ago, with the flagship Surface Laptop 7 and Surface Pro 11 now starting at $500 more than they launched at in 2024," reports Windows Central. From the report: The Surface Pro 12-inch, which was previously Microsoft's cheapest modern Surface PC at $799, now starts at $1,049. The flagship Surface Pro 13-inch, which originally launched for $999, now starts at an eyewatering $1,499. It's the same story for the Surface Laptop lines, with the entry-level 13-inch model originally priced at $899, now starting at $1,149. The 13.8-inch flagship Surface Laptop launched at $999, but now costs $1,499, with the 15-inch model now starting at $1,599. This means that Microsoft's midrange devices now cost more than the flagships did when they launched in 2024. [...] Microsoft has raised prices for all SKUs on offer, meaning the high end models are now more expensive too. A top end Surface Laptop 15-inch with Snapdragon X Elite, 64GB RAM and 1TB SSD storage now costs a staggering $3,649. To compare, the 16-inch MacBook Pro with an M5 Pro, 64GB RAM, and 1TB SSD is $3,299, and that comes with a significantly better display and much more power under the hood.

Read more of this story at Slashdot.

Microsoft vice president Scott Hanselman has brought a semi-useful Mac feature to Windows 11.

The post Scott Hanselman Brings a macOS Feature to Windows appeared first on Thurrott.com.

The latest Linux kernel boasts full Rust support and a greatly improved scheduler to speed up your work and your games.

I was scrolling through my feed one evening when I came across OpenClaw, an open source personal AI assistant that people were calling everything from “Jarvis” to “a portal to a new reality.” The idea is beautiful: an AI that lives on your machine or in the cloud, talks to you over WhatsApp or Telegram, clears your inbox, manages your calendar, browses the web, runs shell commands, and even writes its own plugins. Users were having it check them in for flights, build entire websites from their phones, and automate things they never thought possible.

My first reaction was the same as everyone else’s: this is incredible.

My second reaction was…different. I started thinking about what happens when that kind of power meets a malicious prompt. What if someone tricks the agent into reading files it should not access? What if a poisoned web page rewrites the agent’s instructions? What if one agent in a multi-agent chain passes bad data to another that blindly trusts it?

Those questions became Season 4 of the Secure Code Game.

The Secure Code Game: Learn secure coding and have fun doing it

The Secure Code Game is a free, open source in-editor course where players exploit and fix intentionally vulnerable code. When I created the first season in March 2023, the goal was straightforward: make security training that developers would enjoy. Fix the vulnerable code, keep it functional, level up. That core philosophy has not changed across any season.

Season 2 expanded into multi-stack challenges with community contributions across JavaScript, Python, Go, and GitHub Actions. Season 3 took players into LLM security, where they learned to hack and then harden large language models. Along the way, over 10,000 developers across the industry, open source, and academia have played to sharpen their skills.

What has changed with each season is the landscape. When we launched Season 1, AI coding assistants were just starting to become mainstream. By Season 3, we were teaching players to craft malicious prompts and then defend against them. Now, with Season 4, we are tackling the security challenges of AI systems that can act autonomously. They can browse the web, call APIs, coordinate with other agents, and act on your behalf.

Why agentic AI security matters right now

The timing is not a coincidence. AI agents have moved from research prototypes to production tools at remarkable speed, and the security community is racing to keep up.

The OWASP Top 10 for Agentic Applications 2026, developed with input from over 100 security researchers, now catalogues risks like agent goal hijacking, tool misuse, identity abuse, and memory poisoning as critical threats. A Dark Reading poll found that 48% of cybersecurity professionals believe agentic AI will be the top attack vector by the end of 2026. And Cisco’s State of AI Security 2026 report highlighted that while 83% of organizations planned to deploy agentic AI capabilities, only 29% felt ready to do so securely.

The gap between adoption and readiness is exactly where vulnerabilities thrive. And the best way to close that gap is by learning to think like an attacker.

Meet ProdBot: your deliberately vulnerable AI assistant

Season 4 puts you inside ProdBot, your productivity bot, a deliberately vulnerable agentic coding assistant for your terminal. Inspired by tools like OpenClaw and GitHub Copilot CLI, ProdBot turns natural language into bash commands, browses a simulated web, connects to MCP (Model Context Protocol) servers, runs org-approved skills, stores persistent memory, and orchestrates multi-agent workflows.

Your mission across five progressive levels is simple: use natural language to get ProdBot to reveal a secret it should never expose. If you can read the contents of password.txt, you have found a security vulnerability.

No AI or coding experience is needed…just curiosity and willingness to experiment. Everything happens through natural language in the CLI.

Five levels, five upgrades, five vulnerabilities

Each level of the game mirrors a stage in how real AI-powered tools evolve. As ProdBot gains new capabilities, the upgrade opens a new attack surface for you to discover. Here is what ProdBot looks like as it grows:

• Level 1 starts with the basics: ProdBot generates and executes bash commands inside a sandboxed workspace. Can you break out of the sandbox?
• Level 2 gives ProdBot web access. It can now browse a simulated internet of news, finance, sports, and shopping sites. What could go wrong when an AI reads untrusted content?
• Level 3 connects ProdBot to MCP servers…external tool providers for stock quotes, web browsing, and cloud backup. More tools, more power, more ways in.
• Level 4 adds org-approved skills and persistent memory. ProdBot can now run pre-built automation plugins and remember your preferences across sessions. Trust is layered…but is it earned?
• Level 5 is everything coming together: six specialized agents, three MCP servers, three skills, and a simulated open-source project web. The platform claims all agents are sandboxed and all data is pre-verified. Time to put that to the test.

Each level builds on the previous one, and that progression is the point.

We aren’t going to tell you exactly which vulnerabilities you will find at each level as that would ruin the fun. But we will say this: the attack patterns you will discover in Season 4 are not theoretical. They reflect the kinds of risks that security teams are grappling with right now as organizations deploy autonomous AI systems into production.

Think about CVE-2026-25253 (CVSS 8.8 – High): Known as “ClawBleed” or the one-click Remote Code Execution (RCE) vulnerability. It allowed attackers to steal authentication tokens via a malicious link and gain full control of the OpenClaw instance.

The goal is not just to learn a specific exploit. It is to build the instinct that helps you spot these patterns in the wild, whether you are reviewing an agent’s architecture, auditing a tool integration, or simply deciding how much autonomy to give the AI assistant that just landed on your team.

Get started in under 2 minutes

This entire experience runs in GitHub Codespaces, so there is nothing to install, nothing to configure, and it doesn’t cost you a penny (Codespaces offers up to 60 hours of free usage per month). You can be inside ProdBot’s terminal in under two minutes, and each season is self-contained, so you can jump straight into Season 4 without covering the earlier ones.

You may find Season 3 to be a helpful foundation since it builds the basics of AI security. But it is not required. Just bring your hacker mindset.

Special thanks to Rahul Zhade, Staff Product Security Engineer at GitHub, and Bartosz Gałek, creator of Season 3, for testing and improving Season 4.

FAQ

Do I need AI or coding experience to play Season 4?

No. Everything happens through natural language in the CLI. You type plain English, or any language, prompts and ProdBot responds. Curiosity and a willingness to experiment are all you need.

 

Do I need to complete previous seasons first?

No. Each season is self-contained. You can jump directly into Season 4 by running ProdBot and typing level <N>. That said, Season 3 builds a helpful foundation in AI security and takes about 1.5 hours.

 

How long does Season 4 take?

Approximately two hours, though it varies depending on how deeply you explore each level. Some players like to try multiple approaches per level.

 

Is this free?

Yes. The Secure Code Game is open source and free to play. It runs in GitHub Codespaces, which provides up to 60 hours of free usage per month.

 

What are the rate limits?

Season 4 uses GitHub Models, which have rate limits. If you hit a limit, wait for it to reset and resume. Learn more about responsible use of GitHub Models.

The post Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.

What do championship athletes, enterprise innovators, and community leaders all have in common?

They know that transformation does not happen in isolation. It happens when teams come together with a shared goal, the right strategy, and the courage to try something new.

That is why at the Microsoft 365 Community Conference in Orlando, Florida from April 21 to 23, 2026, we are bringing the spirit of collaboration to life in a whole new way by welcoming a dynamic lineup of guest voices from the worlds of professional sports, innovation strategy, and real-world AI adoption at scale.

This year, we are proud to host legendary athletes Chasity Melvin and Kia Vaughn, alongside innovation thought leaders Dan Toma, Manjunatha Sivanna, Maral Taak, and Christopher Blakeley as they join Microsoft leaders on stage to explore how teamwork, leadership, experimentation, and trust are shaping the future of AI powered organizations.

 

 

Chasity Melvin is a former WNBA All-Star and coach, with over two decades of experience in professional basketball. As a first-round draft pick, she played 12 seasons in the WNBA and spent over a decade winning championships internationally. She is a multifaceted coach with experience at the collegiate and professional levels including a stint with Charlotte Hornets as the first female coach to coach men.

Her accolades include being an author, motivational speaker, and co-host of the Washington Mystics pre- and postgame show, where she shares her informed perspective as both a player and a coach. She is passionate about the business of sports and technology and is intentional about lending her voice in conversations that drive impact and inspire change.

At the conference, she will join Corporate Vice President and Chief Scientist Jaime Teevan in a fireside chat to share insights on AI and its collaborative future in changing roles, leadership, and transformation. This fireside chat will be hosted by the Director of Customer Advocacy for AI & Collaboration, Karuana Gatimu.

 

 

Kia Vaughn is an international champion known across WNBA in the United States and worldwide. Immersed in basketball from an early age, she honed her craft at Rutgers, delivering standout performances on the championship stage.

Throughout her 14-year career on several WNBA teams, including the New York Liberty, Washington Mystics, Phoenix Mercury, and Atlanta Dream, she developed a reputation as a consummate professional. Known for her preparation and reliability, she is geared up to bring an impact-driven global perspective to our Women in Technology Lunch in a conversation with Karuana Gatimu, Director of Customer Advocacy for AI & Collaboration. Don’t miss her insights as she navigates the challenges of an ever-changing league.

 

 

Dan Toma is the CEO and Partner at Outcomes Consulting, where he helps global organizations in enhancing their approach to technology. He is an acclaimed author with a key focus on leadership, technology strategy, and delivering business outcomes.  As co-author of the recent text, “Innovation Accounting”, he offers practical, detailed, and focused guidance on fostering a culture of experimentation and innovation, essential for organizations adopting generative AI. We’re excited to have him join the Director of Customer Advocacy for AI & Collaboration, Karuana Gatimu, in a fireside chat on real world adoption best practices at scale.

And because AI is only as powerful as the impact it drives in the real world, we are also excited to spotlight customer voices leading enterprise transformation today.

Real world customer stories

Across our product keynotes, Microsoft customers will bring AI transformation to life by sharing how they are moving from experimentation to impact inside their own organizations. These global brands offer a real-world look at how teams are adopting AI, modernizing operations, and building for the future with greater confidence, creativity, and scale. Their stories ground our keynotes in practical insight and show what it really takes to turn innovation into meaningful business outcomes.

Featured in our day one keynote Building for the Future: Microsoft 365, Agents and AI, What's New and What's Next with Jeff Teper, Executive Vice President, Collaborative Apps and Platforms:

 

 

Maral Taak, Associate Vice President and Head of Enterprise Generative AI at the National Basketball Association, leads enterprise-wide AI strategy, architecture, and governance. Maral has more than 20 years of experience using cutting-edge technology to create and identify practical solutions that drive real-world impact.  Since joining the NBA, she has focused on shaping the league's enterprise AI capabilities, including deploying intelligent agents, scaling agentic workflows across business functions, and driving broad adoption of generative AI across the organization. Prior to joining the NBA, Maral spent four years at Amazon, where she led the delivery of generative AI solutions across healthcare & life sciences.  She also previously spent nearly a decade at IBM spearheading AI-driven automation projects across industries ranging from finance to healthcare. Her experience spans large-scale cloud deployments, AI infrastructure management, and compliance for Fortune 500 clients. She started her career as a computer vision researcher at L.R.V (Laboratoire de Robotique de Versailles).

Featured in our day one keynote Business Apps & Agents with Ryan Cunningham, Corporate Vice President:

 

Christopher Blakeley, Principal Program Manager and AI & Agentic Automation Enablement at NASA. In this role, Chris leads the Agency’s Intelligent Automation strategy and drives the expansion of NASA’s Microsoft Power Platform ecosystem that supports more than 50,000 employees across all Centers. He oversees secure and scalable platform adoption, enabling mission and administrative teams to rapidly build automation solutions that streamline operations and advance NASA’s digital transformation goals. brings a unique perspective on applying advanced technologies in mission critical environments. Chris leads the Federal wide Power Platform Focus Group, collaborating with government agencies to coordinate best practices, governance approaches, and enterprise adoption strategies. With more than 20 years of service at NASA, including roles at Johnson Space Center, Kennedy Space Center, and Marshall Space Flight Center, Chris contributes to government‑wide modernization by championing responsible automation and empowering the federal workforce with ai-enabled digital tools.

In our day two keynote Securing AI: Building Trust in the Era of AI with Vasu Jakkal, Corporate Vice President, Microsoft Security and Rohan Kumar, Corporate Vice President, Microsoft Purview will be joined by:

 

 

Manjunatha Sivanna, Principal Platform Manager at Cummins Inc., will provide a look into how enterprise organizations are integrating AI into core business functions to improve decision making, streamline workflows, and empower teams to innovate faster in a rapidly changing technology landscape. In his current role, he is responsible for enterprise-wide adoption of Microsoft 365 Copilot and Enterprise AI, establishing information governance and compliance foundations using Microsoft Purview, and enabling low-code innovation through the Power Platform. He works closely with legal, compliance, security, and business teams to ensure AI is deployed in a way that is secure, compliant, and pragmatically useful for employees. He has been a key driver behind large-scale Copilot rollouts, enterprise AI governance models, and ECM modernization initiatives, helping organizations move from experimentation to real-world, production-ready AI outcomes. He is passionate about bridging the gap between technology capability and business value, and about shaping practical patterns for Responsible and Agentic AI in the enterprise.

 

Together, these voices reflect the very best of our community: diverse perspectives, shared challenges, and a willingness to learn from one another as we shape what comes next. Because in the era of AI, progress is not built alone. It is built together, with trust, curiosity, and teamwork at the center.

Because when it comes to AI, success is a team sport.

Welcome to April!  In the northeast United States that means spring, holidays and observances, spring break trips, and unpredictable weather.  Not to worry, the engineering teams for SQL Server Management Studio (SSMS) and GitHub Copilot in SSMS have continued to make steady progress, culminating in the release of SSMS 22.5 today.

We know that for some folks the cadence of releases is a significant change from SSMS 20 and earlier.  We get it; it’s been an adjustment for us as well!  But just as we have figured out this new rhythm and put new systems in place to make the process smoother, we’re confident you will as well.  I truly believe that so much in life is about finding balance.  We used to get a lot of feedback that we didn’t release SSMS updates often enough.  Now we get comments that releases are too frequent. It’s hard to please everyone 😊 Please know that we truly value your feedback – I cannot tell you how often in meetings Makena or I will reference an item filed on the feedback site, or a set of comments.  We appreciate all of you making the move to use the site – we’re over a year in and it’s been invaluable in helping shape our roadmap and identify what is a priority for all of you.

Ok, on to what’s new in SSMS 22.5...thanks for indulging me!

Migrations

With the retirement of Azure Data Studio, the migrations team has been enhancing the migration experience in SSMS.  The 22.5 release introduces a new Migration Page which serves as a starting point for all things related to migrations.  When you right-click on an instance and select Migrate SQL Server, the page opens and you can initiate an assessment, provision a target server, migrate your data, or monitor an in-progress migration. We want to make migrations easier; this consolidated page is a first step in that process.

 

New Migration page in SSMS 22.5

 

SQL Projects

Last month, in SSMS 22.4.1, SQL projects were made available in preview.  If you missed Drew’s blog post, please take a few minutes to read it. I remember talking to Drew about bringing SQL projects to SSMS way back in 2022, when I started on the team. I cannot tell you how happy I am that it’s becoming a reality, and I cannot shine a bright enough light on Drew for his persistence and incredible work in this area.  SQL projects represents the sum of a lot of moving parts, and Drew somehow keeps them all aligned and moving in the right direction. 

Expect to see new capabilities related to SQL projects in subsequent releases.  In addition to watching closely for feedback, the team is also keeping an open roadmap that you can follow.  We know that the functionality has started simple, but engineering is working quickly to bring the full capabilities you expect into SSMS.  In this release you can:

•  import objects from an existing database into a SQL project
• use the new Advanced Publish settings dialog
• find new templates
• enjoy the updated SQL projects icon

 

Click-through new templates for SQL projects in SSMS 22.5

 

Connection dialog

The new connection dialog includes a Name field, for you to provide a customized name for a connection.  This created some confusion for folks when they modified an existing connection to connect to a different server, but the Name stayed the same.  In a previous release we added the Reset button in the bottom left, which clears out all fields.  Not everyone is aware of the Reset capability, and in 22.5 we’ve changed the behavior to clear out the Name field if you modify the server name, the authentication type, the user name, or the database name fields.

 

Changes to Server Name, Authentication, User Name or Database Name clear out the Name field

 

This change should remove confusion about the server to which you’re connected.

GitHub Copilot in SSMS

On the GitHub Copilot in SSMS side, we’ve added support for interactions with the results pane, including the grid, messages, and execution plan.  From the chat you can ask questions about the current results – and phrasing is important here.  In the screenshot below I asked for the total UnitPrice for rows 42 through 53, and GitHub Copilot did the math for me.  If I asked for "the total UnitPrice for all rows with an OrderDate of 2018-01-03", it would not have referenced the results; it would have run a query to sum UnitPrice for all rows in the database with an OrderDate of 2018-01-03.

 

GitHub Copilot in SSMS now supports interactions with the results pane, including the grid, messages, and execution plan.

 

I believe this capability is extremely useful when it comes to the execution plan - you don’t have to save it as a file or open it up in a new window to reference it – it’s a definite time saver.  It can help with analyzing the output in the messages time – I’ve used it to compare STATISTICS IO and STATISTICS TIME output.  However, asking AI to summarize your results is an interesting space.  For large result sets, be aware that all of the results can be sent to the model.

I also need to call out a change on upgrade that may surprise a few folks.  If you have a previous release of SSMS 22 and update to SSMS 22.5, you'll notice that Active Document is not selected by default, and it used to be.  We will fix this in an upcoming release, but to have the active editor added as an active document by default, select the plus in the bottom of the chat and then Auto-attach active document.  We do have this listed as a known issue.

Lastly, we want to make sure that GitHub Copilot users are aware of this blog post explaining upcoming changes regarding how your data is handled. 

The quick summary: interaction data - specifically inputs, outputs, code snippets, and associated context - from Copilot Free, Pro, and Pro+ users will be used to train and improve AI models unless you opt out.

If you'd like to opt out, go to settings under “Privacy.” If you previously opted out of the setting allowing GitHub to collect this data for product improvements, your choice persists, and your data will not be used for training unless you opt in. This change does not affect Business and Enterprise users.

Summary

You can find the complete release notes here, and as always, thanks for reading and staying up to date with SSMS. I know we continually remind folks about the feedback site, but this month I’ll remind you about our documentation. If you find one of our docs to be confusing, incomplete, or simply missing, please let us know!  I like writing documentation, even if a lot of folks don’t read it 😊