Quote for the day:
"Whenever you see a successful person you only see the public glories, never the private sacrifices to reach them." -- Vaibhav Shah
Why CIOs see APIs as vital for agentic AI success
API access also goes beyond RAG. It allows agents and their underlying language
models not just to retrieve information, but perform database mutations and
trigger external actions. This shift allows agents to carry out complex,
multi-step workflows that once required multiple human touchpoints. “AI-ready
APIs paired with multi-agentic capabilities can unlock a broad range of use
cases, which have enterprise workflows at their heart,” says Milind Naphade, SVP
of technology and head of AI foundations at Capital One. In addition, APIs are
an important bridge out of previously isolated AI systems. ... AI agents can
make unprecedented optimizations on the fly using APIs. Gartner reports that PC
manufacturer Lenovo uses a suite of autonomous agents to optimize marketing and
boost conversions. With the oversight of a planning agent, these agents call
APIs to access purchase history, product data, and customer profiles, and
trigger downstream applications in the server configuration process. ... But the
bigger wins will likely be increased operational efficiency and cost reduction.
As Fox describes, this stems from a newfound best-of-breed business agility.
“When agentic AI can dynamically reconfigure business processes, using just
what’s needed from the best-value providers, you’ll see streamlined operations,
reduced complexity, and better overall resource allocation,” she says.What we can learn about AI from the ‘dead internet theory’
The ‘dead internet theory,’ or the idea that much of the web is now dominated by
bots and AI-generated content, is largely speculative. However, the concern
behind it is worth taking seriously. The internet is changing, and the content
that once made it a valuable source of knowledge is increasingly diluted by
duplication, misinformation, and synthetic material. For the development of
artificial intelligence, especially large language models (LLMs), this shift
presents an existential problem. ... One emerging model for collecting and
maintaining this kind of data is Knowledge as a Service (KaaS). Rather than
scraping static sources, KaaS creates a living, structured ecosystem of
contributions from real users (often experts in their fields) who continuously
validate and update content. This approach takes inspiration from open-source
communities but remains focused on knowledge creation and maintenance rather
than code. KaaS supports AI development with a sustainable, high-quality stream
of data that reflects current thinking. It’s designed to scale with human input,
rather than in spite of it. ... KaaS helps AI stay relevant by providing fresh,
domain-specific input from real users. Unlike static datasets, KaaS adapts as
conditions change. It also brings greater transparency, illustrating directly
how contributors’ inputs are utilised. This level of attribution represents a
step toward more ethical and accountable AI.The Value of Threat Intelligence in Ensuring DORA Compliance
One of the biggest challenges for security teams today is securing visibility
into third-party providers within their ecosystem due to their volume,
diversity, and the constant monitoring required. Utilising a Threat Intelligence
Platform (TIP) with advanced capabilities can enable a security team to address
this gap by monitoring and triaging threats within third-party systems through
automation. It can flag potential signs of compromise, vulnerabilities, and
risky behaviour, enabling organisations to take pre-emptive action before risks
escalate and impact their systems. ... A major aspect of DORA is implementing a
robust risk management framework. However, to keep pace with global expansion
and new threats and technologies, this framework must be responsive, flexible,
and up-to-date. Sourcing, aggregating, and collating threat intelligence data to
facilitate this is a time-exhaustive task, and unfeasible for many
resource-stretched and siloed security teams. ... From tabletop scenarios to
full-scale simulations, these exercises evaluate how well systems, processes,
and people can withstand and respond to real-world cyber threats. With an
advanced TIP, security teams can leverage customisable workflows to recreate
specific operational stress scenarios. These scenarios can be further enhanced
by feeding real-world data on attacker behaviours, tactics, and trends, ensuring
that simulations reflect actual threats rather than outdated risks.Why your security team feels stuck
The problem starts with complexity. Security stacks have grown dense, and tools
like EDR, SIEM, SOAR, CASB, and DSPM don’t always integrate well. Analysts often
need to jump between multiple dashboards just to confirm whether an alert
matters. Tuning systems properly takes time and resources, which many teams
don’t have. So alerts pile up, and analysts waste energy chasing ghosts. Then
there’s process friction. In many organizations, security actions, especially
the ones that affect production systems, require multiple levels of approval. On
paper, that’s to reduce risk. But these delays can mean missing the window to
contain an incident. When attackers move in minutes, security teams shouldn’t be
stuck waiting for a sign-off. ... “Security culture is having a bit of a
renaissance. Each member of the security team may be in a different place as we
undertake this transformation, which can cause internal friction. In the past,
security was often tasked with setting and enforcing rules in order to secure
the perimeter and ensure folks weren’t doing risky things on their machines.
While that’s still part of the job, security and privacy teams today also need
to support business growth while protecting customer data and company assets. If
business growth is the top priority, then security professionals need new tools
and processes to secure those assets.”Your data privacy is slipping away. Here's why, and what you can do about it
In 2024, the Identity Theft Resource Center reported that companies sent out 1.3
billion notifications to the victims of data breaches. That's more than triple
the notices sent out the year before. It's clear that despite growing efforts,
personal data breaches are not only continuing, but accelerating. What can you
do about this situation? Many people think of the cybersecurity issue as a
technical problem. They're right: Technical controls are an important part of
protecting personal information, but they are not enough. ... Even the best
technology falls short when people make mistakes. Human error played a role in
68% of 2024 data breaches, according to a Verizon report. Organizations can
mitigate this risk through employee training, data minimization—meaning
collecting only the information necessary for a task, then deleting it when it's
no longer needed—and strict access controls. Policies, audits and incident
response plans can help organizations prepare for a possible data breach so they
can stem the damage, see who is responsible and learn from the experience. It's
also important to guard against insider threats and physical intrusion using
physical safeguards such as locking down server rooms. ... Despite years of
discussion, the U.S. still has no comprehensive federal privacy law. Several
proposals have been introduced in Congress, but none have made it across the
finish line. How To Build Smarter Factories With Edge Computing
According to edge computing experts, these are essentially rugged versions of
computers, of any size, purpose-built for their harsh environments. Forget
standard form factors; industrial edge devices come in varied configurations
specific to the application. This means a device shaped to fit precisely where
it’s needed, whether tucked inside a machine or mounted on a factory wall. ...
What makes these tough machines intelligent? It’s the software revolution
happening on factory floors right now. Historically, industrial computing
relied on software specially built to run on bare metal; custom code directly
installed on specific machines. While this approach offered reliability and
consistent, deterministic performance, it came with significant limitations:
slow development cycles, difficult updates and vendor lock-in. ...
Communication between smart devices presents unique challenges in industrial
environments. Traditional networking approaches often fall short when dealing
with thousands of sensors, robots and automated systems. Standard Wi-Fi faces
significant constraints in factories where heavy machinery creates
electromagnetic interference, and critical operations can’t tolerate wireless
dropouts.Fighting in a cloudy arena
“There are a few primary problems. Number one is that the hyperscalers leverage
free credits to get digital startups to build their entire stack on their cloud
services,” Cochrane says, adding that as the startups grow, the technical
requirements from hyperscalers leave them tied to that provider. “The second
thing is also in the relationship they have with enterprises. They say, ‘Hey, we
project you will have a $250 million cloud bill, we are going to give you a
discount.’ Then, because the enterprise has a contractual vehicle, there’s a mad
rush to use as much of the hyperscalers compute as possible because you either
lose it or use it. “At the end of the day, it’s like the roach motel. You can
check in, but you can’t check out,” he sums up. ... "We are exploring our
options to continue to fight against Microsoft’s anti competitive licensing in
order to promote choice, innovation, and the growth of the digital economy in
Europe." Mark Boost, CEO of UK cloud company Civo, said: ”However they position
it, we cannot shy away from what this deal appears to be: a global powerful
company paying for the silence of a trade body, and avoiding having to make
fundamental changes to their software licensing practices on a global basis.” In
the months that followed this decision, things got interesting.How passkeys work: The complete guide to your inevitable passwordless future
Passkeys are often described as a passwordless technology. In order for
passwords to work as a part of the authentication process, the website, app, or
other service -- collectively referred to as the "relying party" -- must keep a
record of that password in its end-user identity management system. This way,
when you submit your password at login time, the relying party can check to see
if the password you provided matches the one it has on record for you. The
process is the same, whether or not the password on record is encrypted. In
other words, with passwords, before you can establish a login, you must first
share your secret with the relying party. From that point forward, every time
you go to login, you must send your secret to the relying party again. In the
world of cybersecurity, passwords are considered shared secrets, and no matter
who you share your secret with, shared secrets are considered risky. ... Many of
the largest and most damaging data breaches in history might not have happened
had a malicious actor not discovered a shared password. In contrast, passkeys
also involve a secret, but that secret is never shared with a relying party.
Passkeys are a form of Zero Knowledge Authentication (ZKA). The relying party
has zero knowledge of your secret, and in order to sign in to a relying party,
all you have to do is prove to the relying party that you have the secret in
your possession.
Crafting a compelling and realistic product roadmap
The most challenging aspect of roadmap creation is often prioritization. Given
finite resources, not everything can be built at once. Effective prioritization
requires a clear framework. Common methods include scoring features based on
business value versus effort, using frameworks like RICE, or focusing on
initiatives that directly address key strategic objectives. Be prepared to say
“no” to good ideas that don’t align with current priorities. Transparency in
this process is vital. Communicate why certain items are prioritized over others
to stakeholders, fostering understanding and buy-in, even when their preferred
feature isn’t immediately on the roadmap. ... A product roadmap is a living
document, not a static contract. The B2B software landscape is constantly
evolving, with new technologies emerging, customer needs shifting, and
competitive pressures mounting. A realistic roadmap acknowledges this dynamism.
While it provides a clear direction, it should also be adaptable. Plan for
regular reviews and updates – quarterly or even monthly – to adjust based on new
insights, validated learnings, and changes in the market or business
environment. Embrace iterative development and be prepared to pivot or adjust
priorities as new information comes to light.
Are software professionals ready for the AI tsunami?
Modern AI assistants can translate plain-English prompts into runnable project
skeletons or even multi-file apps aligned with existing style guides (e.g.,
Replit). This capability accelerates experimentation and learning, especially
when teams are exploring unfamiliar technology stacks. A notable example is
MagicSchool.com, a real-world educational platform created using AI-assisted
coding workflows, showcasing how AI can powerfully convert conceptual prompts
into usable products. These tools enable rapid MVP development that can be
tested directly with customers. Once validated, the MVP can then be scaled
into a full-fledged product. Rapid code generation can lead to fragile or
opaque implementations if teams skip proper reviews, testing, and
documentation. Without guardrails, it risks technical debt and poor
maintainability. To stay reliable, agile teams must pair AI-generated code
with sprint reviews, CI pipelines, automated testing, and strategies to handle
evolving features and business needs. Recognising the importance of this
shift, tech giants like Amazon (CodeWhisperer) and Google (AlphaCode) are
making significant investments in AI development tools, signaling just how
central this approach is becoming to the future of software engineering.
