How RPA vendors aim to remain relevant in a world of AI agents
Craig Le Clair, principal analyst at Forrester, sees RPA platforms as being ripe for expansion to support autonomous agents and generative AI as their use cases grow. In fact, he anticipates RPA platforms morphing into all-around toolsets for automation — toolsets that help deploy RPA in addition to related generative AI technologies. “RPA platforms have the architecture to manage thousands of task automations and this bodes well for central management of AI agents,” he said. “Thousands of companies are well established with RPA platforms and will be open to using them for generative AI-infused agents. RPA has grown in part thanks to its ability to integrate easily with existing work patterns, through UI integration, and this will remain valuable for more intelligent agents going forward.” UiPath is already beginning to take steps in this direction with a new capability, Context Grounding, that entered preview earlier in the month. As Enslin explained it to me, Context Grounding is designed to improve the accuracy of generative AI models — both first- and third-party — by converting business data those models might draw on into an “optimized” format that’s easier to index and search.
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software
Producing a detailed list of software components in an application can have offensive implications, Pesce argues. In his presentation, he will show that SBOMs have enough information to allow attackers to search for specific CVEs in a database of SBOMs and find an application that is likely vulnerable. Even better for attackers, SBOMs will also list other components and utilities on the device that the attacker could use for "living off the land" post-compromise, he says. "Once I've compromised a device ... an SBOM can tell me what the device manufacturer left behind on that device that I could potentially use as tools to start probing other networks," he says. The minimum baseline for SBOM data fields include the supplier, the component name and version, dependency relationships, and a timestamp of when the information was last updated, according to the US Department of Commerce guidelines. In fact, a comprehensive database of SBOMs could be used in a manner similar to the Shodan census of the Internet: Defenders could use it to see their exposure, but attackers could use it to determine what applications might be vulnerable to a particular vulnerability, Pesce says.
Computer scientists unveil novel attacks on cybersecurity
In this new study, researchers leverage modern predictors' utilization of a Path
History Register (PHR) to index prediction tables. The PHR records the addresses
and precise order of the last 194 taken branches in recent Intel architectures.
With innovative techniques for capturing the PHR, the researchers demonstrate
the ability to not only capture the most recent outcomes but also every branch
outcome in sequential order. Remarkably, they uncover the global ordering of all
branches. Despite the PHR typically retaining the most recent 194 branches, the
researchers present an advanced technique to recover a significantly longer
history. "We successfully captured sequences of tens of thousands of branches in
precise order, utilizing this method to leak secret images during processing by
the widely used image library, libjpeg," said Hosein Yavarzadeh, a UC San Diego
Computer Science and Engineering Department Ph.D. student and lead author of the
paper. The researchers also introduce an exceptionally precise Spectre-style
poisoning attack, enabling attackers to induce intricate patterns of branch
mispredictions within victim code.
Bank CIO: We don't need AI whizzes, we need critical thinkers to challenge AI
"We realize having fantastic brains and results isn't necessarily as good as
someone that is willing to have critical thinking and give their own
perspectives on what AI and generative AI gives you back in terms of
recommendations," he says. "We want people that have the emotional and
self-awareness to go, 'hmm, this doesn't feel quite right, I'm brave enough to
have a conversation with someone, to make sure there's a human in the loop.'"
... In working closely with AI, Mai discovered an interesting twist in human
nature: People tend to disregard their own judgement and diligence as they
grow dependent on these systems. "As an example, we found that some humans
become lazy -- they prompt something, and then decide, 'ah that sounds like a
really good response,' and send it on." When Mai senses that level of
over-reliance on AI, "I'll march them into my office, saying 'I'm paying you
for your perspective, not a prompt and a response in AI that you're going to
get me to read. Just taking the results and giving it back to me is not what
I'm looking for, I'm expecting your critical thought."
Scientists Uncover Surprising Reversal in Quantum Systems
Things get particularly interesting if, in addition, the particles in such a
system interact, meaning that they attract or repel each other, like electrons
in solids. Studying topology and interactions together in solids, however, is
extremely difficult. A team of researchers at
ETH led by Tilman
Esslinger has now managed to detect topological effects in an artificial
solid, in which the interactions can be switched on or off using magnetic
fields. Their results, which have just been published in the scientific
journal Science, could be used in quantum technologies in the future. ...
Surprisingly, the atoms didn’t simply stop at the wall, but suddenly turned
around. The screw was thus moving backward, although it kept being turned
clockwise. Esslinger and his team explain this return by the two doughnut
topologies that exist in the lattice – one with a clockwise-turning doughnut
and another one that turns in the opposite direction. At the wall, the atoms
can change from one topology to the other, thus inverting their direction of
motion. Now the researchers switched on a repulsive interaction between the
atoms and watched what happened.
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist
Within BEC attacks, adversaries will send phishing emails appearing to be from
a known or reputable source making a valid request, such as updating payroll
direct deposit information. BEC attacks can have many motivations, often
financially driven, aimed at tricking organizations into transferring funds or
sensitive information to malicious actors. BEC offers adversaries the
advantage of impersonating trusted contacts to facilitate internal
spearphishing attacks that can bypass traditional external defenses and
increase the likelihood of deception, widespread malware infections and data
theft. In one engagement, adversaries performed a password-spraying attack and
MFA exhaustion attacks against several employee accounts. There was a lack of
proper MFA implementation across all the impacted accounts, leading to the
adversaries gaining access to at least two accounts using single-factor
authentication. The organization detected and disrupted the attack before
adversaries could further their access or perform additional post-compromise
activities.
Creating a Culture of Belonging: Addressing Workplace Bias in Tech
Paul Wallenberg, senior manager of technology services at technology staffing,
recruiting, and culture firm LaSalle Network, believes the formation of
employee resource groups (ERGs) can help HR departments tackle unconscious
bias and develop educational structures for tackling those issues. "The
challenge with navigating and correcting microaggressions is people that are
doing them often don't know they're doing it," he said. "There's a subtlety
and an indirectness to them that people may not understand." ERGs can help
dismantle the constructs those people have been working within for their
entire careers — but Wallenberg notes there is no "one size fits all"
solution. Hannah Johnson, senior vice president for tech talent programs at
CompTIA, agrees, noting that the important factor is that any DEI efforts must
be nuanced to target what's important to that organization. She urges
leadership to prioritize transparency by openly communicating with their
organization about issues, plans, and anticipated outcomes.
Building AI With MongoDB: Integrating Vector Search And Cohere to Build Frontier Enterprise Apps
It is in the realm of embedding where Cohere has made a host of recent
advances. Described as “AI for language understanding,” Embed is Cohere’s
leading text representation language model. Cohere offers both English and
multilingual embedding models, and gives users the ability to specify the type
of data they are computing an embedding for (e.g., search document, search
query). The result is embeddings that improve the accuracy of search results
for traditional enterprise search or retrieval-augmented generation. One
challenge developers faced using Embed was that documents had to be passed one
by one to the model endpoint, limiting throughput when dealing with larger
data sets. To address that challenge and improve developer experience, Cohere
has recently announced its new Embed Jobs endpoint. Now entire data sets can
be passed in one operation to the model, and embedded outputs can be more
easily ingested back into your storage systems. Additionally, with only a few
lines of code, Rerank 3 can be added at the final stage of search systems to
improve accuracy.
What is a technology audit and why it's important
According to McKinsey, companies pay whopping 40 percent "tech debt tax" due
to delayed digital transformation decisions. It's acceptable of course in some
situations, when such decision is a conscious choice dictated by business
needs, circumstances or regulations. Unfortunately, in many cases business
owners and startup founders even don't realize how much they are paying to
service their technical debt. To reveal such hidden technical debt, a detailed
review of technology aspects of your business is required. When you are
working on a software product for a while, you may start asking yourself
various questions:Are we following all the necessary best practices? Is our
architecture good scalable and secure? Are we missing security
vulnerabilities? Do we really have all the software assets developed by
third-party vendors? Additionally, technical debt can have it's internal
"guardians" who may want to maintain the status quo for various reasons. To
mitigate risks described above and ensure efficient operations, proper
security and optimal usage of cloud services, an external technology audit is
one of the best options.
Steer Between Debt and Delay With Platform Engineering
While EA pros often hear cries of “ivory tower,” “out of touch,” and so forth,
such criticisms overlook the fundamental point: Enterprises put architecture
in place to deliver business value, such as the value of controlling the risks
that emerge from technical debt and sprawl—security breaches, outages,
unsustainable cost structures, and so forth. And so the EA team started to try
to control the morass that distributed computing had gotten itself into
through standardizing product choices (Oracle and SQL Server are OK, but let’s
sunset Informix) and reviewing design choices submitted by project (later
product) teams. The EA reviews started to encompass a broader and wider array
of questions. Lengthy intake forms and checklists became typical, covering
everything from application design patterns to persistence approaches to
monitoring to backup and more. The notorious "Architecture Review Board"
became a requirement for all projects. Review cycles became more protracted
and painful, and more than a few business organizations got fed up and just
went shadow until their shadow systems failed, at which point central IT would
be pressured to take over the mess.
Quote for the day:
"Things turn out best for the people
who make the best of the way things turn out." -- John Wooden
No comments:
Post a Comment