In partnership with
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
The Future of Shopping? AI + Actual Humans.
AI has changed how consumers shop by speeding up research. But one thing hasn’t changed: shoppers still trust people more than AI.
Levanta’s new Affiliate 3.0 Consumer Report reveals a major shift in how shoppers blend AI tools with human influence. Consumers use AI to explore options, but when it comes time to buy, they still turn to creators, communities, and real experiences to validate their decisions.
The data shows:
Only 10% of shoppers buy through AI-recommended links
87% discover products through creators, blogs, or communities they trust
Human sources like reviews and creators rank higher in trust than AI recommendations
The most effective brands are combining AI discovery with authentic human influence to drive measurable conversions.
Affiliate marketing isn’t being replaced by AI, it’s being amplified by it.
PCIe IDE Vulnerabilities Trigger Industry-Wide Hardware Review
Three newly disclosed vulnerabilities in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification have prompted major hardware vendors to evaluate potential security impacts. While the flaws are considered low severity due to requiring physical or low-level access, they highlight how even hardened hardware standards can exhibit edge-case weaknesses with implications for confidentiality, integrity, and system stability.
Context
PCIe remains the dominant high-speed interface standard for connecting CPUs to GPUs, SSDs, network cards, and other critical system components. With PCIe 6.0, the PCI-SIG introduced Integrity and Data Encryption (IDE) — a hardware-level security layer intended to protect against tampering and unauthorized data inspection.
Intel researchers recently identified weaknesses in IDE’s design, raising questions about how hardware-assisted security functions under adversarial conditions.
What Happened
CERT/CC and PCI-SIG published coordinated advisories on three PCIe IDE specification-level vulnerabilities:
CVE-2025-9612
CVE-2025-9613
CVE-2025-9614
Under specific traffic patterns crafted at the PCIe interface, attackers may force systems to process stale, incorrect, or manipulated data. Intel and AMD have confirmed exposure in select products; other vendors are evaluating impact.
Technical Breakdown
PCIe IDE is designed to provide:
AES-GCM encryption for confidentiality and integrity
Replay protection
Traffic security at the transaction/data-link boundary
The vulnerabilities stem from how IDE handles certain state transitions during encrypted link traffic. Under rare but possible conditions:
Encrypted payloads may be interpreted incorrectly
Data integrity assumptions may break
Replay-like behavior could occur without detection
Potential outcomes include:
Information disclosure
Privilege escalation
Denial of Service (DoS) due to corrupted traffic streams
Because exploitation requires physical or tightly-controlled low-level access, real-world risk is limited — but not negligible for high-value targets.
Impact Analysis
Confirmed affected vendors:
Intel — some Xeon 6 and Xeon 6700P-B / 6500P-B processors
AMD — likely affected: EPYC 9005 series (including embedded variants)
Not affected:
Nvidia, Dell, F5, Keysight
Impact unknown (assessment ongoing):
Arm, Cisco, Google, HP, IBM, Lenovo, Qualcomm, and more
System integrators and OEMs will release firmware updates aligned with PCI-SIG’s Engineering Change Notification (ECN).
Why It Matters
Although low severity, these vulnerabilities underscore:
The growing importance of hardware-rooted security
The difficulty of securing high-speed interconnects at scale
The potential risk for specialized threat actors seeking stealthy system footholds
For cloud providers, hyperscalers, and data centers, even low-level link vulnerabilities can influence long-term risk posture.
Expert Commentary
PCI-SIG notes that the issues originate in the specification rather than vendor implementation. As ecosystems adopt PCIe 6.0 and IDE more broadly, early identification of these flaws prevents latent vulnerabilities from proliferating across future hardware generations.
Key Takeaways
Three PCIe IDE vulnerabilities can cause incorrect or stale data to be processed.
Exploitation requires physical or deep system-level access.
Intel and AMD products are confirmed affected; others are still evaluating.
Vendor patches will arrive via firmware updates aligned with PCI-SIG’s ECN.
While risk is low, the findings highlight how hardware security standards evolve under real-world scrutiny.