Diconium

In a recent test, our penetration tester Behnam Yazdanpanah discovered a critical Server-Side Template Injection (SSTI) vulnerability in the Fief-server email template editor. It allowed remote code execution via unsanitized user input processed by the Jinja templating engine. This is a common risk in web applications using dynamic template rendering - and one that can easily go unnoticed. Behnam's analysis covers: ▪️ How user input led to SSTI and potential RCE ▪️ Why Jinja’s default behavior allows dangerous attribute access like __init__ ▪️ How switching to an Immutable Sandboxed Environment mitigates the risk If you’re working with templating engines or building secure backend systems, have a look at our blog. 🔗 https://lnkd.in/eDg4Y4_X

Im August letzten Jahres ist der EU AI Act in Kraft getreten. Ab dem 2. August 2025 gelten die Vorschriften zu Anbieterverpflichtungen, Governance-Strukturen und möglichen Sanktionen im Umgang mit GPAI-Modellen. Und jetzt? 69% der Unternehmen sagen: Wir brauchen Hilfe bei der Umsetzung (Bitkom Research, 2024).    Um KI-Systeme rechtskonform und ethisch verantwortlich zu gestalten, braucht es einen strukturierten Ansatz. Hier sind drei zentrale Bereiche für eine erfolgreiche Umsetzung des EU AI Acts: ◼️ Compliance-Management-System (CMS) als Fundament   Ein CMS integriert regulatorische Anforderungen in die Unternehmensstrategie und definiert klare Verantwortlichkeiten für KI-Compliance.    ◼️ ISO 42001 als operativer Rahmen   Der internationale Standard bietet eine praxisnahe Grundlage für strukturierte KI-Compliance – perfekt für den Aufbau eines robusten CMS.    ◼️ Best Practices für vertrauenswürdige   KI-Transparenz, ethische Leitlinien, regelmäßige Audits und kontinuierliche Weiterentwicklung schaffen das Fundament für compliance-konforme und vertrauenswürdige KI-Systeme.    Sie wollen tiefer in die drei Bereiche einsteigen? Unser Playbook liefert Insights. Darüber hinaus finden Sie alles, was Sie sonst noch zum EU AI Act wissen müssen: Von regulatorischen Anforderungen über strategische Leitlinien bis hin zu praxisnahen Handlungsempfehlungen.    Jetzt kostenlos herunterladen: https://lnkd.in/eKvqYd3p?

Fast 50 % aller EV-Käufer gehören zur Generation der Digital Natives. Ihre Erwartungen an die digitale Customer Journey sind hoch: Intuitiv, flexibel, jederzeit verfügbar. #Webinar Wie gelingt es Herstellern und Händlern, diesen Ansprüchen gerecht zu werden? Antworten liefert unser On-Demand-Webinar "E-Commerce in der Automobilindustrie" – mit Insights, Strategien und konkreten Lösungsansätzen. Unsere Experten Matthias Rüdiger und Thorsten Gramlich erklären unter anderem: ▪️ Welche Erwartungen stellen Digital Natives an den Fahrzeugkauf im Netz? ▪️ Wie lassen sich komplexe Produkte wie Fahrzeuge digital erlebbar machen? ▪️ Welche Rolle spielen Daten, Personalisierung und kanalübergreifende Journeys? ▪️ Was können OEMs von anderen Branchen lernen – und was besser machen? Jetzt kostenfrei und on-demand ansehen: 🔗 https://lnkd.in/gJbdKjq7

CRM can lift sales by 29%, boost productivity by 34%, and improve forecast accuracy by 42%. *   But only if it’s implemented right. The most common pitfall? Too many features, too soon.     Let's break it down for Salesforce. Our CRM expert Harshali Harjani has some tips on how to get your Salesforce CRM up and running from day one:    1️⃣ Use Einstein AI to automate routine tasks like lead scoring, opportunity insights, or case routing, so your team can focus on what matters most.  2️⃣ Train your AI like a new team member. To perform meaningful actions on your behalf, your AI must be equipped with the right knowledge, context, and access.  3️⃣ Build a solid data foundation, enable data access and connect your key data sources to work with your AI effectively.    Watch the full video here: https://lnkd.in/e3kGs9KU *Source: Salesforce

Did you know? You can enable #KASAN in your custom Linux kernel by simply adding CONFIG_KASAN=y - a minimal change that opens the door to powerful memory bug detection. In his blog post, senior penetration tester Vyacheslav Moskvin shows how KASAN can be leveraged to uncover memory corruption vulnerabilities early in the development cycle - a key step in building secure, software-defined vehicles.   What you'll learn:   ▪️ How to integrate KASAN into your development kernel builds ▪️ How to interpret its detailed stack traces and bug reports ▪️ Why KASAN can save you days of manual debugging by giving you a definitive yes/no on whether your PoC triggers a real bug   🔗 https://lnkd.in/ei5jsC-y

Many AI initiatives fail not because of the technology, but due to cultural barriers, unclear responsibilities, and fragmented data. At the Tech Leadership Conference at the Hasso Plattner Institute (#TLC2025), experts explored how organizations can turn AI potential into impact. The key insights: 1️⃣ Regulation as opportunity The EU AI Act is increasingly seen not as a barrier, but as a framework for trustworthy, high-quality AI. 2️⃣ From tools to agents Intelligent agents demand new orchestration models and raise questions around automation, oversight, and accountability. 3️⃣ Talent transformation As automation reduces manual coding, strategic thinking and systems understanding become key skills for tech teams. 4️⃣ Why AI pilots fail More than 85% of AI pilots in Germany never scale. As our managing director Swantje Kowarsch discussed in a panel with other experts: rapid adaptation, continued investment in skills, and creating a culture of trust are proving more decisive than single technology choices. The conversations at TLC2025 made it clear: navigating the AI era requires more than new tools — it demands structural, cultural, and leadership change.

Companies have invested billions in AI. They have launched thousands of pilot projects. Yet, many see minimal business impact. In most cases, the challenge is proper execution. To succeed, organizations need a systematic approach which encompasses strategy, governance, data management, people, processes, and technology. This is where the AI Operating Model comes into play which we've explored in detail in our LinkedIn series over the past weeks. Remember the foundational concept of an AI Operating Model? It's like building a house: ◼️ Roof = strategic vision ◼️ Foundation = governance and robust data management ◼️ Load-bearing walls = people, processes, and technology So, how do you get started? Here are our top 5 best practices to turn AI experiments into real business value: ✅ Treat AI like a business capability, not a tech experiment. ✅ Start small, structure early. ✅ Build trust before scale. ✅ Design for human-AI collaboration from the start. ✅ Balance ambition with operational readiness. In our client work, we often see that organizations with a strong AI Operating Model achieve faster time-to-value and higher pilot-to-production success rates. The better they embed new ways of working across functions, the greater their progress in AI transformation.   What's your key takeaway of our series? What is your current priority in your AI transformation journey? Let us know in the comments. P.S. If you want to catch up on our LinkedIn series, check out the links below. #AIOperatingModel #AITransformation ************* 🟧 Why most AI initiatives fail: https://lnkd.in/ePepYxYA 🟧 What's an AI Operating Model: https://lnkd.in/eKRxUpZ4 🟧 Deep-Dive 'Governance': https://lnkd.in/eyCZmsR8 🟧 Deep-Dive 'Data management': https://lnkd.in/eKezGMsE 🟧 Deep-Dive 'People': https://lnkd.in/eUpscvCt 🟧 Deep-Dive 'Processes': https://lnkd.in/eS-qqhGP 🟧 Deep-Dive 'Technology': https://lnkd.in/eHjx77hG

Requirements engineering will become more important than coding itself. Reflecting on the first Tech Leadership Conference at the Hasso Plattner Institute (#TLC2025), I was truly inspired by the energy and depth of the discussions. It became clear to me that advances in AI are about much more than technology - they’re about how we build, organize, and collaborate for a rapidly changing future.   A narrative I often hear is that regulation, especially frameworks like the EU AI Act, slows innovation. Yet in sessions with Prof Dr Maximilian Kiener and Thora Markert, I was struck by the alternative view: “What if our ethical boundaries are a foundation, not a fence?” Federated learning and privacy-first approaches aren’t just technical workarounds—they’re signals that European AI can lead with trust and quality. Rather than seeing our standards as restrictive, perhaps they enable innovation that is both sustainable and desirable. What’s your perspective?   Another key theme was the “decade of AI agents.” Jonathan Weiss, Amazon, illustrated how we’re moving rapidly beyond traditional tools towards intelligent agents—systems that can interpret intent, adapt, and collaborate in real time. Patrick Löber from Google DeepMind gave a memorable tip: “Move from operator to manager: delegate high-level goals to agents while supervising execution.” In other words, agents are here to handle tasks beyond simple chat— but leadership and human oversight remain essential for success. Are we prepared to lead with intent, not just efficiency?   Perhaps the most fundamental shift discussed was the changing role of developers and engineers. Falk Uebernickel (付云鹏) and Jürgen Döllner argued persuasively that the future isn’t about producing more coders, but fostering problem-solvers and conceptual thinkers. As routine coding is automated, bridging business needs with systems thinking and clear requirements is where real value emerges. I really liked the link to Ludwig Wittgenstein's "Tractatus" and the relationship between language, thought, and reality: "The limits of my language mean the limits of my world".   I was glad to join a panel on business value in AI with Flavia Bleuel, Elisabeth L'Orange, Martin Grund, Thora Markert, and Johann Dornbach. Together, we explored why more than 85% of AI pilots in Germany still fail - often due to cultural resistance and lack of structured data. Most companies are searching for the killer AI application. In reality, it’s organizational adaptability - how quickly you can realign responsibilities, data flows, governance and routines.   Thank you to everyone at Hasso Plattner Institute - as well as all speakers and participants - for challenging assumptions and sharing practical insights!   I’d love to hear: Are you seeing these shifts—rethinking regulation, intelligent AI agents, or evolving tech roles—in your own organization?   #TLC2025 #AI #DigitalTransformation #RequirementsEngineering #SystemsThinking #EthicalAI #AILeadership

Do you speak AI fluently? While 69% of leaders see AI literacy as essential for daily work, nearly half identify skill gaps as the biggest barrier to AI adoption.   It's time to change that.   True AI literacy goes beyond knowing which tools to use – it's about enabling your teams to work with AI strategically, effectively, and ethically.   It means that your teams understand what's possible with AI. It means that they recognize its limitations and potential risks. It means that they apply it with purpose to achieve real outcomes.   The impact? Generative AI can transform work across every department – from automating customer segmentation in marketing to accelerating code reviews in development teams. ⬇️ But moving from paper to practice requires the right skills, mindset, and knowledge-building approach.   Ready to bridge the AI literacy gap in your organization? Explore how we approach AI literacy and organizational enablement to transform how your teams think about and work with AI: https://lnkd.in/e7M4h7ha   #AILiteracy #OrganizationalEnablement

Sie denken, der EU AI Act betrifft nur diejenigen, die KI entwickeln? Falsch gedacht! Jedes Unternehmen, das KI-Systeme nutzt, verkauft oder betreibt, steht im Fokus. Ob Anbieter oder Betreiber – die Einhaltung ist unerlässlich. Wer seine KI-Strategien, -Technologien und -Prozesse nicht rechtzeitig anpasst, riskiert Bußgelder bis zu 35 Millionen Euro bzw. 7 % des gesamten internationalen Jahresumsatzes und gefährdet seine Wettbewerbsfähigkeit. Ab dem 2. August 2025 gelten zusätzliche Regelungen der KI-Verordnung. Also, höchste Zeit zu handeln. Was bedeutet das konkret für Ihr Unternehmen? Welche Regelungen sind relevant? Unser neues Playbook bietet einen umfassenden Überblick: ✅ Anforderungen des EU AI Act einfach erklärt ✅ Strategische Leitlinien für den rechtssicheren KI-Einsatz ✅ Praxisnahe Tipps zur Integration in Ihr Geschäftsmodell ✅ Checkliste mit zentralen Denkanstößen für Ihre KI-Compliance   Jetzt herunterladen: https://lnkd.in/gt8RUVNW #EUAIAct #KIVerordnung