Photo by Scott Graham on Unsplash
AI Can Now Pass One Of The World’s Most Prestigious Financial Exams
- Written by Andrea Miliani Former Tech News Expert
- Fact-Checked by Sarah Frazier Former Content Manager
A new study conducted by researchers from New York University Stern School of Business and the AI company GoodFin revealed that several AI models are capable of successfully passing the prestigious Chartered Financial Analyst (CFA) exam at its most difficult level.
In a rush? Here are the quick facts:
- Study reveals advanced AI models can successfully pass the prestigious CFA exam at its most difficult levels.
- Researchers discovered that models with “chain-of-thought prompting”, such as Claude Opus, Gemini 2.5 Pro, and o4-mini, can pass level III.
- A similar study was conducted two years ago, and the models failed the most challenging part.
According to CNBC , it typically takes humans around 1,000 hours of study to pass the three-part exam. Now, AI models can complete it in minutes, even at Level III, the most challenging stage.
The CFA exam , designed to assess skills and knowledge across multiple areas of investments, is divided into three levels: Level I focuses on key terms and foundational knowledge, Level II emphasizes situational analysis, and Level III requires integration of concepts in real-world scenarios.
The researchers evaluated 23 large language models on their ability to answer test questions and produce essays for a mock CFA Level III exam. The study found that models using “chain-of-thought prompting”—including Claude Opus, Gemini 2.5 Pro, and o4-mini—were able to pass.
The findings highlight a significant evolution in AI reasoning. Two years ago, research showed that AI models could easily pass Levels I and II but struggled with Level III. Now, newer models like Claude Opus, released in May , demonstrate advanced analytical reasoning.
“I think there’s absolutely a future where this technology transforms the industry,” said Anna Joo Fee, founder and CEO of GoodFin, the AI-powered wealth-management platform that participated in the research.
“There are things like context and intent that are hard for the machine to assess right now,” added Fee, clarifying that, in her view, AI cannot replace the CFA. “That’s where a human shines, in understanding your body language and cues.”
OpenAI recently announced “the largest study to date of how people are using ChatGPT,” in which researchers revealed that 49% of users rely on the chatbot for advice on multiple topics, and the New York Times revealed how people used the technology as a financial advisor .
Image by İsmail Enes Ayhan, from Unsplash
Supermicro Patch Failed, Leaving Servers Open to Firmware-Level Attacks
- Written by Kiara Fabbri Former Tech News Writer
- Fact-Checked by Sarah Frazier Former Content Manager
Security researchers have identified critical vulnerabilities in Supermicro motherboards, allowing hackers to embed malware that remains active even after system restarts, as well as system cleaning.
In a rush? Here are the quick facts:
- Flaws allow hackers to install malware that persists after reboots and cleaning.
- Malware can bypass BMC security checks and replace firmware images.
- Supermicro says it released updates but patch availability remains unclear.
The baseboard management controllers (BMCs) located on server motherboards contain these security flaws since their tiny chips let admins manage machines remotely, even when powered off.
This issue, first reported by ArsTecnica , surrounds Supermicro, a U.S. company that makes servers, motherboards, and storage systems powering data centers, cloud computing, and AI. Its hardware supports large-scale computing for businesses, researchers, and tech companies worldwide.
ArsTechnica notes that the security firm Binarly discovered two new vulnerabilities in Supermicro’s January CVE-2024-10237 patch, which left an incomplete fix. The company discovered an additional security flaw which connects to the previously identified issue.
The two new defects exist as CVE-2025-7937 and CVE-2025-6198, and affect the firmware storage, which is permanently attached to the motherboard.
The researchers compared the severity of these vulnerabilities to the 2021 ILObleed attack, which enabled attackers to modify server firmware, while also making it resistant to hard-drive wipes, and operating-system reinstalls. The researchers identify this threat as having “Unprecedented persistence,” as reported by ArsTechnica.
As Alex Matrosov, founder and CEO of Binarly, put it: “Both issues provide unprecedented persistence power across significant Supermicro device fleets including [in] AI data centers,” reports ArsTechnica.
He added: “After they patched [the earlier vulnerability], we looked at the rest of the attack surface and found even worse security problems.”
The main security threat emerges from BMC signature verification mechanisms which attackers can disable to replace firmware images without detection. Binarly provides detailed information about the attack vector which shows that an attacker needs BMC administrative access to execute persistent firmware reflashing.
“If a potential attacker already has administrative access to the BMC control interface (it is possible by exploitation of other vulnerabilities, which we described in blogs 1, 2), then the exploitation is trivial—we just need to perform an update with a malicious image. In this case, an attacker benefits from exploitation of CVE-2025-7937/CVE-2025-6198 because the compromise becomes persistent,” Binarly said, as reported by ArsTechnica.
Binarly described how attackers can alter the fwmap table so signed regions are replaced. “This single element will contain all the signed regions of the image, one after the other,” the company wrote. Supermicro says it has released BMC updates to mitigate the flaws and is testing affected products. “We can’t find the patched firmware updates on their website,” Matrasov said, as reported by ArsTechnica.
“The bug is hard to fix. I assume it will take more time from them,” Matrasov concluded.
