All The Systems — Daily Brief, 2025-08-29

Morning, operators—let’s cut the noise and ship safer, faster systems.

Stack Trace: OAuth agents bit hard this week: Google says the Salesloft Drift breach now spans Google Workspace, not just Salesforce—treat all connected tokens as compromised ^[1]. India’s Reliance is corralling Google and Meta to build an AI backbone while eyeing OpenAI, signaling a fresh round of regional AI infra consolidation ^[2]. Energy ops get a curveball: the US okayed thorium fuel exports to India via Clean Core, with a HALEU mix aimed at existing heavy-water reactors ^[3]. Windows admins: the Mobile Plans app is going away in 2026, shifting cellular/eSIM flows to Settings and web ^[4]. SREs, NetOps, and SecOps all have homework today [rotate tokens before lunch].

Top Picks

Google expands alert: Salesloft Drift tokens abused beyond Salesforce — Ars Technica ^[1]

• Google revoked abused tokens and disabled the Salesloft Drift integration for all Google Workspace accounts; scope is broader than earlier Salesforce-only impact.
• Guidance: treat all credentials linked to Salesloft Drift as compromised and rotate.

Why it matters: Assume OAuth tokens are keys to your crown jewels—revoke, reauthorize, and audit quickly.

Analysis: Agent integrations glue CRM and email, which makes compromised tokens a lateral-movement express lane ^[1]. Lock down third-party access, enforce domain-wide app controls, and monitor token issuance/usage patterns across SIEM before turning integrations back on.

Reliance lines up Google, Meta for India’s AI backbone — TechCrunch ^[2]

• Reliance launches a new AI subsidiary and signals partnerships with Google, Meta, and a pending OpenAI tie-up.
• Aim: build out national-scale AI capacity and services anchored in India.

Why it matters: Expect fresh demand for compliant, low-latency AI stacks and regional data interconnects across India.

Analysis: This points to tighter coupling between telecom, cloud, and model providers in-country, with policy and data-locality constraints shaping designs ^[2]. Watch for new peering, on-prem model hosting options, and enterprise channels riding Jio’s footprint.

US greenlights thorium fuel export to India’s PHWR fleet — MIT Technology Review ^[3]

• Clean Core’s HALEU–thorium blend won a US export license; targets India’s pressurized heavy-water reactors (PHWRs); company claims >85% waste reduction versus traditional fuel.
• Context: only the second US–India nuclear tech export license in ~20 years; India easing liability rules; PHWR count: 46 worldwide (19 in India).

Why it matters: A fuel-cycle shift could extend life and output of existing reactors without building new designs.

Analysis: By focusing on fuel for PHWRs, India can scale thorium without waiting on new reactor classes, while reducing long-lived isotopes in spent fuel ^[3]. The policy tailwind (export licenses, liability reform) is the real unlock for deployment.

Windows Mobile Plans app retires in 2026 — The Register ^[4]

• Microsoft will disconnect the Mobile Plans app; cellular/eSIM management moves to Settings and the web.
• Timeline gives endpoint teams a runway to update provisioning flows and user guidance.

Why it matters: Adjust Intune/MDM documentation and support scripts ahead of the deprecation window.

Analysis: Another nudge from legacy helper apps toward centralized Settings and web surfaces simplifies UX but breaks muscle memory for help desks ^[4]. Pilot test eSIM enrollment journeys with non-admin users before broad rollouts.

Also Worth Your Time

• Patch-now: Passwordstate’s Emergency Access auth bypass lets attackers hit an admin account via a crafted URL — vuln ^[5].
• HP says AI PCs are 25% of unit sales, boosted by Windows 11 refresh — refresh ^[6].
• Pixel 10 review: more AI features, no SIM slot, modest hardware gains — handset ^[7].
• Seven launches in seven days: Starship test and Falcon 9 workhorse milestones — launch ^[8].
• How chatbots fake “personality” without persistent self — LLM ^[9].
• UK slammed for incomplete security reforms after Afghan data leak — oversight ^[10].
• Doom returns to SNES via RP2350-powered cartridge at ~20 fps — retro ^[11].
• UK bars Israeli government delegation from arms trade fair — diplomacy ^[12].
• NHS to offer chickenpox vaccine to all young children from Jan 2026 — immunization ^[13].
• Vocal Image raises to use AI for feedback on speech and presence — coaching ^[14].

My Take

OAuth agents are a soft underbelly. The Salesloft Drift case shows how quickly “just CRM” becomes “also email,” and then you’re chasing token sprawl across suites ^[1]. Pair that with a password manager auth-bypass bug and you’ve got a layered failure mode: stolen tokens plus fallback admin access ^[5]. The practical fix is boring: app allowlists, least-privilege scopes, token lifetime limits, and automatic rotation on drift detection.

Q: What should SecOps do today? A: Revoke Salesloft tokens, keep the Workspace integration disabled, rotate secrets, and comb audit logs for anomalous token use before re-enabling ^[1].

India’s AI push and thorium export greenlight rhyme: policy opening gates to infrastructure without waiting on shiny new architectures. Reliance courting Google/Meta/OpenAI suggests big-model access and network placement becoming national utility concerns, not just cloud SKUs ^[2]. Clean Core’s HALEU–thorium route is equally incremental: fuel for the reactors you already have, rather than betting the fleet on new builds ^[3]. Operators should map these policy shifts to contract terms and grid/compute capacity planning.

On endpoints, Windows moving cellular management from an app to Settings is consistent with centralized controls, but it will break SOPs—update your Intune docs and help-center macros now ^[4]. Meanwhile, buyers are paying extra for “AI PCs” without clear workload justification, and phones kill the SIM slot while pitching AI features most users won’t notice ^[6][7]. The broader community benefit here is clarity: push vendors to prove measurable operator value—manageability, TCO, and security posture—before rubber-stamping refresh cycles.

References

1. [1] Google warns that mass data theft hitting Salesloft AI agent has grown bigger — Ars Technica, https://arstechnica.com/security/2025/08/google-warns-that-mass-data-theft-hitting-salesloft-ai-agent-has-grown-bigger/ (2025-08-29)
2. [2] Billionaire Ambani taps Google, Meta to build India’s AI backbone — TechCrunch, https://techcrunch.com/2025/08/29/billionaire-ambani-taps-google-meta-to-build-indias-ai-backbone/ (2025-08-29)
3. [3] This American nuclear company could help India’s thorium dream — MIT Technology Review, https://www.technologyreview.com/2025/08/29/1122839/this-american-nuclear-company-could-help-indias-thorium-dream/ (2025-08-29)
4. [4] Windows Mobile Plans app to be disconnected in 2026 — The Register, https://go.theregister.com/feed/www.theregister.com/2025/08/29/windows_mobile_plans/ (2025-08-29)
5. [5] Enterprise password management outfit Passwordstate patches Emergency Access bug — The Register, https://go.theregister.com/feed/www.theregister.com/2025/08/29/enterprise_password_management_outfit_passwordstate/ (2025-08-29)
6. [6] HP bottom line fattens up on a diet of AI PCs and Windows 11 — The Register, https://go.theregister.com/feed/www.theregister.com/2025/08/29/hp_ai_pc_windows_11/ (2025-08-29)
7. [7] Google Pixel 10 series review: Don’t call it an Android — Ars Technica, https://arstechnica.com/gadgets/2025/08/google-pixel-10-series-review-dont-call-it-an-android/ (2025-08-29)
8. [8] Rocket Report: SpaceX achieved daily launch this week; ULA recovers booster — Ars Technica, https://arstechnica.com/space/2025/08/rocket-report-spacex-achieved-daily-launch-this-week-ula-recovers-booster/ (2025-08-29)
9. [9] How chatbots fake having personalities — Ars Technica, https://arstechnica.com/information-technology/2025/08/the-personhood-trap-how-ai-fakes-human-personality/ (2025-08-29)
10. [10] UK government dragged for incomplete security reforms after Afghan leak fallout — The Register, https://go.theregister.com/feed/www.theregister.com/2025/08/29/uk_government_breach_review/ (2025-08-29)
11. [11] 30 years later, Doom returns to SNES with Raspberry Pi RP2350 muscle — The Register, https://go.theregister.com/feed/www.theregister.com/2025/08/29/30_years_snes_doom/ (2025-08-29)
12. [12] UK blocks Israeli government delegation from arms trade fair — BBC News, https://www.bbc.com/news/articles/cvgpxwy2lkwo?at_medium=RSS&at_campaign=rss (2025-08-29)
13. [13] Children to be offered chickenpox vaccine on NHS — BBC News, https://www.bbc.com/news/articles/c860n445vyxo?at_medium=RSS&at_campaign=rss (2025-08-29)
14. [14] Vocal Image is using AI to help people communicate better — TechCrunch, https://techcrunch.com/2025/08/29/vocal-image-is-using-ai-to-help-people-communicate-better/ (2025-08-29)