Quote for the day:
"A boss has the title, a leader has the people." -- Simon Sinek
How CIOs are getting data right for AI
Organizations that have taken steps to better organize their data are more
likely to possess data maturity, a key attribute of companies that succeed
with AI. Research firm IDC defines data maturity as the use of advanced data
quality, cataloging and metadata, and data governance processes. The research
firm’s Office of the CDO Survey finds firms with data maturity are far more
likely than other organizations to have generative AI solutions in production.
... “We have to be mindful of what we put into public data sets,” says Yunger.
With that caution in mind, Servier has built a private version of ChatGPT on
Microsoft Azure to ensure that teams benefit from access to AI tools while
protecting proprietary information and maintaining confidentiality. The gen AI
implementation is used to speed the creation of internal documents and emails,
Yunger says. In addition, personal data that might crop up in pharmaceutical
trials must be treated with the utmost caution to comply with the European
Union’s AI Act, ... To achieve what he calls “sustainable AI,” AES’s
Reyes counsels the need to strike a delicate balance: implementing data
governance, but in a way that does not disrupt work patterns. He advises
making sure everyone at your company understands that data must be treated as
a valuable asset: With the high stakes of AI in play, there is a strong reason
it must be accurately cataloged and managed.Alan Turing Institute reveals digital identity and DPI risks in Cyber Threats Observatory Workshop
The trend indicates that threat actors could be targeting identity mechanisms
such as authentication, session management, and role-based access systems. The
policy implication for governments translates to a need for more detailed cyber
incident reporting across all critical sectors, the institute recommends. An
issue is the “weakest link” problem. A well-resourced sector like finance might
invest in strong security, but their dependence on, say, a national ID system
means they are still vulnerable if that ID system is weak. The institute
believes this calls for viewing DPI security as a public good. Improvements in
one sector’s security, such as “hardened” digital ID protocols, could benefit
other sectors’ security. Integrating security and development teams is
recommended as is promoting a culture of shared cyber responsibility. Digital
ID, government, healthcare, and finance must advance together on the
cybersecurity maturity curve, the report says, as a weakness in one can
undermine the public’s trust in all. The report also classifies CVEs by attack
vectors: Network, Local, Adjacent Network, and Physical. Remote Network threats
were dominant, particularly affecting finance and digital identity platforms.
But Local and Physical attack surfaces, especially in health and government, are
increasingly relevant due to on-premise systems and biometric interfaces,
according to the Cyber Threat Observatory.
The Advantages Of Machine Learning For Large Restaurant Chains
Machine learning can not only assist in the present activities but contribute to
steering long-term planning and development. Decision-makers can use these
trends to notice opportunities to explore new markets, develop new products, or
redistribute resources when they discover the patterns across the different
locations, customer groups, and product categories. These insights dig deeper
into the superficial data and reveal trends that might not have been apparent by
just manual analysis. The capability to make data-driven decisions becomes even
more significant with the growth of restaurant chains. Machine learning tools
provide scalable insights that can be applied in parallel with the rest of the
business objectives when combined with other technologies like a drive thru
system or cloud-based analytics platforms. The opening of a new venue or the
optimizing of an advertisement campaign, machine learning enables the management
levels to have the information needed to make a decision with assured confidence
and competence. ... Machine learning is transforming how major restaurant chains
run their business, providing an unbeatable mix of accuracy, speed, and
flexibility over their older equivalents.
How Staff+ Engineers Can Develop Strategic Thinking
/articles/staff-plus-strategic-thinking/en/smallimage/thumbnail-1749200507294.jpg)
For risk and innovation, you need to understand what your organization values
the most. Everybody has a culture memo and a set of tenets they follow, but
these are part of unsaid rules, something that every new hire will learn by the
first week of their onboarding, which is not written out loud and clear. In my
experience, there are different kinds of organizations. Some care about
execution, like results above everything, top line, bottom line. Others care
about data-driven decision-making, customer sentiment, and keeping adapting.
There are others who care about storytelling and relationships. What does this
really mean? If you fail to influence, if you fail to tell a story about what
ideas you have, what you're really trying to do, to build trust and
relationships, you may not succeed in that environment, because it's not enough
for you to be smart and knowing it all. You also need to know how to convey your
ideas and influence people. When you talk about innovation, there are companies
that really pride themselves on experimentation, staying ahead of the curve. You
can look at this by how many of them have an R&D department, and how much
funding they put into that. Then, what's their role in the open-source
community, and how much they contribute towards it.
Legal and Policy Responses to Spyware: A Primer
There have been a number of international efforts to combat at least some
aspects of the harms of commercial spyware. These include the US-led Joint
Statement on Efforts to Counter the Proliferation and Misuse of Commercial
Spyware and the Pall Mall Process, an ongoing multistakeholder undertaking
focussed on this issue. So far, principles, norms, and calls for businesses to
comply with the United Nations Guiding Principles on Business and Human Rights
(UNGPs) have emerged, and Costa Rica has called for a full moratorium, but no
well-orchestrated international action has been fully brought to fruition.
However, private companies and individuals, regulators, and national or regional
governments have taken action, employing a wide range of legal and regulatory
tools. Guidelines and proposals have also been articulated by governmental and
non-governmental organizations, but we will focus here on measures that are
existent and, at least in theory, enforceable. While some attempts at combating
spyware, like WhatsApp’s, have been effective, others have not. Analyzing the
strengths and weaknesses of each approach is beyond the scope of this article,
and, considering the international nature of spyware, what fails in one
jurisdiction may be successful in another.
Red Teaming AI: The Build Vs Buy Debate
In order to red team your AI model, you need to have a deep understanding of the
system you are protecting. Today’s models are complex multimodal, multilingual
systems. One model might take in text, images, code, and speech with any single
input having the potential to break something. Attackers know this and can
easily take advantage. For example, a QR code might contain an obfuscated prompt
injection or a roleplay conversation might lead to ethical bypasses. This isn’t
just about keywords, but about understanding how intent hides beneath layers of
tokens, characters, and context. The attack surface isn’t just large, it’s
effectively infinite. ... Building versus buying is an age-old debate.
Fortunately, the AI security space is maturing rapidly, and organizations have a
lot of choices to implement from. After you have some time to evaluate your own
criteria against Microsoft, OWASP and NIST frameworks, you should have a good
idea of what your biggest risks are and key success criteria. After considering
risk mitigation strategies, and assuming you want to keep AI turned on, there
are some open-source deployment options like Promptfoo and Llama Guard, which
provide useful scaffolding for evaluating model safety. Paid platforms like
Lakera, Knostic, Robust Intelligence, Noma, and Aim are pushing the edge on
real-time, content-aware security for AI, each offering slightly different
tradeoffs in how they offer protection.
The Impact of Quantum Decryption
There are two key quantum mechanical phenomena, superposition and entanglement,
that enable qubits to operate fundamentally differently than classical bits.
Superposition allows a qubit to exist in a probabilistic combination of both 0
and 1 states simultaneously, significantly increasing the amount of information
a small number of qubits can hold. ... Quantum decryption of data stolen
using current standards could have pervasive impacts. Government secrets, more
long-term data, and intellectual property remain at significant risk even if
decrypted years after a breach. Decrypted government communications, documents,
or military strategies could compromise national security. An organization’s
competitive advantage could be undermined by trade secrets being exposed.
Meanwhile, data such as credit card information will diminish over time due to
expiration dates and the issuance of new cards. ... For organizations, the
ability of quantum computers to decrypt previously stolen data could result in
substantial financial losses due to data breaches, corporate espionage, and
potential legal liabilities. The exposure of sensitive corporate information,
such as trade secrets and strategic plans, could provide competitors with an
unfair advantage, leading to significant financial harm.
Don't let a crisis of confidence derail your data strategy
In an age of AI, the options that range from on-premise facilities to colocation, or public, private and hybrid clouds, are business-critical decisions. These decisions are so important because such choices impact the compliance, cost efficiency, scalability, security, and agility that can make or break a business. In the face of such high stakes, it is hardly surprising that confidence is the battleground on which deals for digital infrastructure are fought. ... Commercially, Total Cost of Ownership (TCO) has become another key factor. Public cloud was heavily promoted on the basis of lower upfront costs. However, businesses have seen the "pay-as-you-go" model lead to escalating operational expenses. In contrast, businesses have seen the cost of colocation and private cloud become more predictable and attractive for long-term investment. Some reports suggest that at scale, colocation can offer significant savings over public cloud, while private cloud can also reduce costs by eliminating hardware procurement and management. Another shift in confidence has been that public cloud no longer guarantees the easiest path to growth. Public cloud has traditionally excelled in rapid, on-demand scalability. This agility was a key driver for adoption, as businesses sought to expand quickly.The Anti-Metrics Era of Developer Productivity
The need to measure everything truly spiked during COVID when we started working
remotely, and there wasn’t a good way to understand how work was done. Part of
this also stemmed from management’s insecurities about understanding what’s
going on in software engineering. However, when surveyed about the usefulness of
developer productivity metrics, most leaders admit that the metrics they track
are not representative of developer productivity and tend to conflate
productivity with experience. And now that most of the code is written by AI,
measuring productivity the same way makes even less sense. If AI improves
programming effort by 30%, does that mean we get 30% more productivity?” ...
Whether you call it DevEx or platform engineering, the lack of friction equals
happy developers, which equals productive developers. In the same survey, 63% of
developers said developer experience is important for their job satisfaction.
... Instead of building shiny dashboards, engineering leads should focus on
developer experience and automated workflows across the entire software
development life cycle: development, code reviews, builds, tests and
deployments. This means focusing on solving real developer problems instead of
just pointing at the problems.
