 Microsoft’s aggressive, multi-billion-dollar push into artificial intelligence was supposed to be a flawless victory. The integration of Copilot into Windows 11, Microsoft 365, and GitHub was designed to usher in a new era of agentic computing. Yet, beneath the polished keynote presentations and massive infrastructure investments, a dramatically different reality is what we saw. As first reported by Windows Latest, according to a highly respected former Microsoft executive, the company’s AI strategy is fundamentally failing to connect with real users, spurring calls for a massive internal “factory reset.” The executive in question is Mat Velloso, who was most recently the Vice President of Product for the Developer Platform at Meta’s Superintelligence Labs. He also led AI developer products at Google DeepMind (including the Gemini API and Google AI Studio). But before his stints at Google and Meta, Velloso spent over 12 years at Microsoft, where he served as a Partner Director managing AI innovation in Windows and, interestingly, spent four years as the Technical Advisor to Microsoft CEO Satya Nadella. When someone with Velloso’s resume, having observed the AI arms race from the highest levels of Microsoft, Google, and Meta, says Microsoft has “missed the AI wave,” it can rip the lid off the deep tensions within Redmond. Microsoft’s behavior over the last few months is nothing short of shocking. Both the Windows and Xbox divisions suddenly started prioritizing user feedback and implementing requested features after years of ignoring them. It’s also not a small task to assemble and organize OEMs, ODMs, and chipset vendors in an event like WinHEC that had its last occurrence almost a decade ago (2018). Explaining this sudden pivot to listening to customers, Velloso remarked that despite making Bing the company’s biggest AI bet, it failed to capture a single percentage point of search market share from Google. More damning is the state of Copilot. According to Velloso, less than 3% of paying users actively use Copilot, even though Microsoft has pre-deployed it directly into the Windows 11 taskbar and across the Office suite. Out of Microsoft’s 450 million Microsoft 365 user base, the company has only managed to convert roughly 15 million paid Copilot seats. This means a staggering 96.7% of users are rejecting the premium AI features, yielding just a 3.3% paid adoption rate. When viewed against Microsoft’s estimated $37.5 billion quarterly AI spending, this is an alarmingly low adoption rate. But it’s not just software; Velloso also called out the current state of AI hardware. Over the past year, Microsoft has heavily pushed OEMs to include Neural Processing Units (NPUs) in their latest laptops to power advanced Windows 11 capabilities. We have tracked Microsoft’s push for NPU-powered AI features in Windows 11, but as Velloso noted, OEMs invested heavily in NPUs only to find out that “nobody cares because not a single valuable usecase was built for those in Windows/Office.” All this friction appears to be taking a toll on Microsoft’s leadership. Recently, news broke that Julia Liuson, the highly respected head of Microsoft’s Developer Division (DevDiv), was retiring after 34 years with the software giant. While official channels framed this as a standard retirement, Mat Velloso critiqued the news, saying, “Looks like Microsoft just went from hit refresh to hit factory reset.” He also listed a massive string of high-profile departures and reassignments across the company, including leaders from Xbox, GitHub, AI Infrastructure, Teams, and OneNote. This public commentary drew the ire of Frank X. Shaw, Microsoft’s Lead Communications executive. Shaw replied to Velloso, defending the departing executives and accusing Velloso of jamming a “negative frame” onto normal corporate retirements. All Velloso had to do was point out the harsh financial realities that the market is currently digesting. He moved from Microsoft to Google in early 2024, and while Google’s shares surged by roughly 230%, Microsoft’s stock growth remained essentially flat at 0%. Apart from the internal challenges, Microsoft is increasingly being affected by its closest allies. The company has staked its entire generative AI future on its multi-billion-dollar partnership with OpenAI. However, OpenAI is rapidly building out its own enterprise infrastructure, threatening Microsoft’s historic dominance in the corporate sector. Just days ago, OpenAI officially launched the “OpenAI Deployment Company” (DeployCo), a new business unit backed by over $4 billion in initial investment from global firms. This new venture features 150 “Forward Deployed Engineers” (FDEs) tasked with embedding directly into Fortune 500 companies to help them build and deploy custom AI solutions. Historically, this hands-on, enterprise-level consulting was Microsoft’s bread and butter. As Velloso reminisced about his early career as a consultant, he noted that Microsoft’s incredible penetration into large enterprises was built on “armies of people spending time, listening, understanding business goals and solving them with technology in every industry vertical.” Despite these severe criticisms, Velloso defended his former employer against apocalyptic tech media narratives. When a prominent tech publication recently claimed that “AI is killing Microsoft” and compared their current trajectory to the disastrous 2008 era, Velloso stepped in to shut the narrative down. “Nope, they are not dying,” Velloso stated. “I know I criticize them a lot and that’s because I care, but boy if you think Microsoft is dying you haven’t watched how many times they recovered from problems.” He pointed out that while AI startups and labs might be building flashy deployment companies, completely replacing legacy enterprise software is incredibly difficult. When asked about companies claiming they can fully automate software businesses, Velloso recommended talking to Fortune 500 CIOs to see how realistic that really is. “There’s a reason why all the top AI labs are hiring large consulting teams,” he explained. “The last mile is the hardest and Microsoft has the best distribution for that. Their moat is unbreakable.” For more visit OUR FORUM.  Updated February 22 with details of previous PayPal security incidents and warnings, further advice for those impacted by the confirmed PayPal Working Capital data breach, which prompted transaction refunds and account password resets, and as a statement from a PayPal spokesperson. Some PayPal users have started to receive email from the company confirming a data breach that exposed personal information to a threat actor who gained access to PayPal’s systems, leading to some seeing unauthorized transactions on their accounts and the resetting of passwords. Here’s what you need to know. A breach notification letter, which I have verified myself, has confirmed that some PayPal users have been impacted by a data breach after a hacker gained access to PayPal systems on July 1, 2025. The hacker apparently had access until December 12, 2025 when PayPal discovered the security incident. The breach, according to the notifications, which are dated February 10, impacted some users “due to an error in its PayPal Working Capital (“PPWC”) loan application.” It remains to be seen how the attacker access evolved, of course, as this remains something of a developing story and PayPal has yet to explain this in any detail beyond a “code change” being responsible. However, following publication of this article, a PayPal spokesperson provided the following statement: “When there is a potential exposure of customer information, PayPal is required to notify affected customers. In this case, PayPal’s systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.” I am currently awaiting clarification regarding the seeming disparity between the statement saying that “PayPal’s systems were not compromised,” and the notification, which stated that following an investigation, the company had “terminated the unauthorized access to PayPal’s systems.” I will add another update if and when such a clarification is forthcoming. “Upon learning about this unauthorized activity, we promptly began an investigation and took action to address this incident, including by taking steps to prevent unauthorized actors from obtaining further personal information,” the PayPal notification stated. It would, however, be nice to know why it took a whole six months for PayPal’s security team to notice the exposure to unauthorized individuals, as mentioned in the breach notification itself. That’s a huge window of opportunity for attackers, and we should be grateful that so few accounts were potentially impacted before it was closed for good. PayPal has also confirmed that “a few customers experienced unauthorized transactions on their account,” and we now know that this was a very small number, 100 according to the spokesperson who contacted me. PayPal confirmed that it has already issued refunds to those customers who were impacted. I have covered many previous PayPal security warnings, which have mostly concerned phishing attacks delivered by email, text, or phone, although, if you stretch back as far as 2023, there was another breach. I reported on this at the time, confirming that a total of 34,942 PayPal accounts had been accessed by attacks using a credential stuffing attack methodology. Such attacks involve threat actors deploying an automated process in an attempt to access accounts with login credentials that have been compromised in some way, often credentials that have been reused between accounts and subsequently breached at one of them. Lists of such breached credentials are readily available on the dark web. In December, 2025, I reported how attackers were using legitimate infrastructure to bypass email authentication protections when delivering malicious messages disguised as genuine PayPal support communications. On this occasion, the PayPal billing subscriptions feature was being abused by hackers in an attempt to steal your user account credentials. At the time, a PayPal spokesperson told me: “PayPal does not tolerate fraudulent activity, and we work hard to protect our customers from consistently evolving phishing scams. We are actively mitigating this matter, and encourage people to always be vigilant online and mindful of unexpected messages. If customers suspect they are a target of a scam, we recommend they contact Customer Support directly through the PayPal app or our Contact page for assistance.” More complete details can be found on OUR FORUM.  Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there’s another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was nothing you could do about it. Apple just changed this in iOS 26.3 with a new setting called “limit precise location.” Cellular networks track your phone’s location based on the cell towers it connects to, in a process known as triangulation. In cities where towers are densely packed, triangulation is precise enough to track you down to a street address. This tracking is different from app-based location monitoring, because your phone’s privacy settings have historically been powerless to stop it. Toggle Location Services off entirely, and your carrier still knows where you are. The new setting reduces the precision of location data shared with carriers. Rather than a street address, carriers would see only the neighborhood where a device is located. It doesn’t affect emergency calls, though, which still transmit precise coordinates to first responders. Apps like Apple’s “Find My” service, which locates your devices, or its navigation services, aren’t affected because they work using the phone’s location sharing feature. Why is Apple doing this? Apple hasn’t said, but the move comes after years of carriers mishandling location data. Unfortunately, cellular network operators have played fast and free with this data. In April 2024, the FCC fined Sprint and T-Mobile (which have since merged), along with AT&T and Verizon nearly $200 million combined for illegally sharing this location data. They sold access to customers’ location information to third party aggregators, who then sold it on to third parties without customer consent. The feature only works with devices equipped with Apple’s custom C1 or C1X modems. That means just three devices: the iPhone Air, iPhone 16e, and the cellular iPad Pro with M5 chip. The iPhone 17, which uses Qualcomm silicon, is excluded. Apple can only control what its own modems transmit. Carrier support is equally narrow. In the US, only Boost Mobile is participating in the feature at launch, while Verizon, AT&T, and T-Mobile are notable absences from the list given their past record. Google also introduced a similar capability with Android 15’s Location Privacy hardware abstraction layer (HAL) last year. It faces the same constraint, though: modem vendors must cooperate, and most have not. Apple and Google don’t get to control the modems in most phones. This kind of privacy protection requires vertical integration that few manufacturers possess and few carriers seem eager to enable. Visit OUR Forum for more. |
Latest Articles
|