Quote for the day:
"Whatever the mind of man can conceive and believe, it can achieve." -- Napoleon Hill
The Seventh Wave: How AI Will Change the Technology Industry
AI presents three threats to the software industry: Cheap code: TuringBots,
using generative AI to create software, threatens the low-code/no-code players.
Cheap replacement: Software systems, be they CRM or ERP, are structured
databases – repositories for client records or financial records. Generative AI,
coupled with agentic AI, holds out the promise of a new way to manage this data,
opening the door to an enterprising generation of tech companies that will offer
AI CRM, AI financials, AI database, AI logistics, etc. ... Better
functionality: AI-native systems will continually learn and flex and adapt
without millions of dollars of consulting and customization. They hold the
promise of being up to date and always ready to take on new business problems
and challenges without rebuilds. When the business and process changes, the tech
will learn and change. ... On one hand, the legacy software systems that PwC,
Deloitte, and others have implemented for decades and that comprise much of
their expertise will be challenged in the short term and shrink in the long
term. Simultaneously, there will be a massive demand for expertise in AI.
Cognizant, Capgemini, and others will be called on to help companies implement
AI computing systems and migrate away from legacy vendors. Forrester believes
that the tech services sector will grow by 3.6% in 2025.Software Security Imperative: Forging a Unified Standard of Care
The debate surrounding liability in the open source ecosystem requires careful
consideration. Imposing direct liability on individual open source maintainers
could stifle the very innovation that drives the industry forward. It risks
dismantling the vast ecosystem that countless developers rely upon. ... The
software bill of materials (SBOM) is rapidly transitioning from a nascent
concept to an undeniable business necessity. As regulatory pressures
intensify, driven by a growing awareness of software supply chain risks, a
robust SBOM strategy is becoming critical for organizational survival in the
tech landscape. But the value of SBOMs extends far beyond a single software
development project. While often considered for open source software, an SBOM
provides visibility across the entire software ecosystem. It illuminates
components from third-party commercial software, helps manage data across
merged projects and validates code from external contributors or
subcontractors — any code integrated into a larger system. ... The path to a
secure digital future requires commitment from all stakeholders. Technology
companies must adopt comprehensive security practices, regulators must craft
thoughtful policies that encourage innovation while holding organizations
accountable and the broader ecosystem must support the collaborative
development of practical and effective standards.The 4 Types of Project Managers
The prophet type is all about taking risks and pushing boundaries. They don’t
play by the rules; they make their own. And they’re not just thinking outside
the box, they’re throwing the box away altogether. It’s like a rebel without a
cause, except this rebel has a cause – growth. These visionaries thrive in
ambiguity and uncertainty, seeing potential where others see only chaos or
impossibility. They often face resistance from more conservative team members
who prefer predictable outcomes and established processes. ... The gambler
type is all about taking chances and making big bets. They’re not afraid to
roll the dice and see what happens. And while they play by the rules of the
game, they don’t have a good business case to back up their bets. It’s like
convincing your boss to let you play video games all day because you just have
a hunch it will improve your productivity. But don’t worry, the gambler type
isn’t just blindly throwing money around. They seek to engage other members of
the organization who are also up for a little risk-taking. ... The expert type
is all about challenging the existing strategy by pursuing growth
opportunities that lie outside the current strategy, but are backed up by
solid quantitative evidence. They’re like the detectives of the business
world, following the clues and gathering the evidence to make their case. And
while the growth opportunities are well-supported and should be feasible, the
challenge is getting other organizational members to listen to their
advice.OpenAI, Google DeepMind and Anthropic sound alarm: ‘We may be losing the ability to understand AI’
The unusual cooperation comes as AI systems develop new abilities to “think
out loud” in human language before answering questions. This creates an
opportunity to peek inside their decision-making processes and catch harmful
intentions before they turn into actions. But the researchers warn this
transparency is fragile and could vanish as AI technology advances. ... “AI
systems that ‘think’ in human language offer a unique opportunity for AI
safety: we can monitor their chains of thought for the intent to misbehave,”
the researchers explain. But they emphasize that this monitoring capability
“may be fragile” and could disappear through various technological
developments. ... When AI models misbehave — exploiting training flaws,
manipulating data, or falling victim to attacks — they often confess in their
reasoning traces. The researchers found examples where models wrote phrases
like “Let’s hack,” “Let’s sabotage,” or “I’m transferring money because the
website instructed me to” in their internal thoughts. Jakub Pachocki,
OpenAI’s chief technology officer and co-author of the paper, described the
importance of this capability in a social media post. “I am extremely excited
about the potential of chain-of-thought faithfulness & interpretability.
It has significantly influenced the design of our reasoning models, starting
with o1-preview,” he wrote.Unmasking AsyncRAT: Navigating the labyrinth of forks
We believe that the groundwork for AsyncRAT was laid earlier by the Quasar
RAT, which has been available on GitHub since 2015 and features a similar
approach. Both are written in C#; however, their codebases differ
fundamentally, suggesting that AsyncRAT was not just a mere fork of Quasar,
but a complete rewrite. A fork, in this context, is a personal copy of someone
else’s repository that one can freely modify without affecting the original
project. The main link that ties them together lies in the custom cryptography
classes used to decrypt the malware configuration settings. ... Ever since it
was released to the public, AsyncRAT has spawned a multitude of new forks that
have built upon its foundation. ... It’s also worth noting that DcRat’s plugin
base builds upon AsyncRAT and further extends its functionality. Among the
added plugins are capabilities such as webcam access, microphone recording,
Discord token theft, and “fun stuff”, a collection of plugins used for joke
purposes like opening and closing the CD tray, blocking keyboard and mouse
input, moving the mouse, turning off the monitor, etc. Notably, DcRat also
introduces a simple ransomware plugin that uses the AES-256 cipher to encrypt
files, with the decryption key distributed only once the plugin has been
requested.Repatriating AI workloads? A hefty data center retrofit awaits
CIOs with in-house AI ambitions need to consider compute and networking, in
addition to power and cooling, Thompson says. “As artificial intelligence
moves from the lab to production, many organizations are discovering that
their legacy data centers simply aren’t built to support the intensity of
modern AI workloads,” he says. “Upgrading these facilities requires far more
than installing a few GPUs.” Rack density is a major consideration, Thompson
adds. Traditional data centers were designed around racks consuming 5 to 10
kilowatts, but AI workloads, particularly model training, push this to 50 to
100 kilowatts per rack. “Legacy facilities often lack the electrical backbone,
cooling systems, and structural readiness to accommodate this jump,” he says.
“As a result, many CIOs are facing a fork in the road: retrofit, rebuild, or
rent.” Cooling is also an important piece of the puzzle because not only does
it enable AI, but upgrades there can help pay for other upgrades, Thompson
says. “By replacing inefficient air-based systems with modern liquid-cooled
infrastructure, operators can reduce parasitic energy loads and improve power
usage effectiveness,” he says. “This frees up electrical capacity for
productive compute use — effectively allowing more business value to be
generated per watt. For facilities nearing capacity, this can delay or
eliminate the need for expensive utility upgrades or even new
construction.”Burnout, budgets and breaches – how can CISOs keep up?
As ever, collaboration in a crisis is critical. Security teams working closely
with backup, resilience and recovery functions are better able to absorb
shocks. When the business is confident in its ability to restore operations,
security professionals face less pressure and uncertainty. This is also true
for communication, especially post-breach. Organisations need to be
transparent about how they’re containing the incident and what’s being done to
prevent recurrence. ... There is also an element of the blame game going on,
with everyone keen to avoid responsibility for an inevitable cyber breach.
It’s much easier to point fingers at the IT team than to look at the wider
implications or causes of a cyber-attack. Even something as simple as a
phishing email can cause widespread problems and is something that individual
employees must be aware of. ... To build and retain a capable cybersecurity
team amid the widening skills gap, CISOs must lead a shift in both mindset and
strategy. By embedding resilience into the core of cyber strategy, CISOs can
reduce the relentless pressure to be perfect and create a healthier, more
sustainable working environment. But resilience isn’t built in isolation. To
truly address burnout and retention, CISOs need C-suite support and cultural
change. Cybersecurity must be treated as a shared business-critical priority,
not just an IT function. We Spend a Lot of Time Thinking Through the Worst - The Christ Hospital Health Network CISO
“We’ve spent a lot of time meeting with our business partners and talking through, ‘Hey, how would this specific part of the organization be able to run if this scenario happened?’” On top of internal preparations, Kobren shares that his team monitors incidents across the industry to draw lessons from real-world events. Given the unique threat landscape, he states, “We do spend a lot of time thinking through those scenarios because we know it’s one of the most attacked industries.” Moving forward, Kobren says that healthcare consistently ranks at the top when it comes to industries frequently targeted by cyberattacks. He elaborates that attackers have recognized the high impact of disrupting hospital services, making ransom demands more effective because organizations are desperate to restore operations. ... To strengthen identity security, Kobren follows a strong, centralized approach to access control. He mentions that the organization aims to manage “all access to all systems,” including remote and cloud-based applications. By integrating services with single sign-on (SSO), the team ensures control over user credentials: “We know that we are in control of your username and password.” This allows them to enforce password complexity, reset credentials when needed, and block accounts if security is compromised. Ultimately, Kobren states, “We want to be in control of as much of that process as possible” when it comes to identity management.AI requires mature choices from companies
According to Felipe Chies of AWS, elasticity is the key to a successful AI
infrastructure. “If you look at how organizations set up their systems, you
see that the computing time when using an LLM can vary greatly. This is
because the model has to break down the task and reason logically before it
can provide an answer. It’s almost impossible to predict this computing time
in advance,” says Chies. This requires an infrastructure that can handle this
unpredictability: one that is quickly scalable, flexible, and doesn’t involve
long waits for new hardware. Nowadays, you can’t afford to wait months for new
GPUs, says Chies. The reverse is also important: being able to scale back. ...
Ruud Zwakenberg of Red Hat also emphasizes that flexibility is essential in a
world that is constantly changing. “We cannot predict the future,” he says.
“What we do know for sure is that the world will be completely different in
ten years. At the same time, nothing fundamental will change; it’s a paradox
we’ve been seeing for a hundred years.” For Zwakenberg, it’s therefore all
about keeping options open and being able to anticipate and respond to
unexpected developments. According to Zwakenberg, this requires an
infrastructural basis that is not rigid, but offers room for curiosity and
innovation. You shouldn’t be afraid of surprises. Embrace surprises,
Zwakenberg explains.
