Building AI agents with Semantic Kernel
Microsoft’s Semantic Kernel team is building on OpenAI’s Assistant model to
deliver one kind of intelligent agent, along with a set of tools to manage
calling multiple functions. They’re also providing a way to manage the messages
sent to and from the OpenAI API, and to use plugins to integrate general purpose
chat with grounded data-driven integrations using RAG. The team is starting to
go beyond the original LangChain-like orchestration model with the recent 1.01
release and is now thinking of Semantic Kernel as a runtime for a contextual
conversation. That requires a lot more management of the conversation and prompt
history used. All interactions will go through the chat function, with Semantic
Kernel managing both inputs and outputs. There’s a lot going on here. First,
we’re seeing a movement towards an AI stack. Microsoft’s Copilot model is
perhaps best thought of as an implementation of a modern agent stack, building
on the company’s investment in AI-ready infrastructure (for inference as well as
training), its library of foundation models, all the way up to support for
plugins that work across Microsoft’s and OpenAI’s platforms.
CISOs’ role in identifying tech components and managing supply chains
A big problem today is that security teams are only involved at the end of a
project as part of a “final sign-off” in many organizations. This creates
friction between developers and security engineers; both may see the other as
the root of the problem: “If these developers only wrote secure code, everyone’s
lives would be easier.” and “Oh great, the security team is going to find a
bunch of bugs and delay our launch. Again.” Organizations that involve security
teams with development during the initial stages of design and scoping and have
a few security reviews during the development process allow bugs to be addressed
early in the cycle and provide an opportunity for the security team to educate
developers on standard insecure coding practices. While no solution is perfect,
this approach – adopted by companies like Microsoft in developing HyperV – helps
avoid last-minute delays and animosity between the teams. ... Supply chain
security needs to be a priority early in the development lifecycle. At the very
least, open-source libraries and components should be audited for known
vulnerabilities, and it’s worth looking at the vulnerability history of a
component.
Navigating the Complexities of AI With a Socially Conscious Lens
The rapid spread of AI technology, while offering significant advantages, has
also given rise to several concerning trends. Bias and discrimination inherent
in AI systems can replicate and amplify existing societal prejudices, often at
the expense of marginalized groups. Privacy erosion, another critical issue,
poses risks of surveillance and data misuse. Additionally, the threat of job
displacement due to automation, security vulnerabilities, and the ethical
concerns posed by AI decision-making in sensitive areas are challenges that
require immediate and thoughtful attention. In the context of hiring and
recruiting, AI-driven bias is a significant concern. AI models, when trained on
biased historical data, can inadvertently perpetuate discrimination, making it
harder for certain groups, such as individuals with criminal records, to secure
employment. For example, background checks are normally limited to seven years,
but an AI model may contain data extending beyond that timeframe. Without proper
protections in place, candidates may be flagged for offenses that are older than
can legally be considered. This would not only impact individual lives but also
reinforce systemic inequalities.
Beyond legal compliance: Timing and path for adoption of privacy preserving data processings and collaborations for value creation
We are already witnessing notable strides in standardising the movement and
utilisation of financial and healthcare data through innovations in the
Account Aggregator (AA) framework and the Ayushman Bharat Digital Mission
(ABDM) healthcare data exchange. The systematic approach fostered by AA and
ABDM presents an opportune moment to embed privacy at the heart of system
architecture and design. In these ecosystems, Financial Information Users
(FIUs) and Healthcare Information Users (HIUs) are particularly vulnerable to
risks associated with the handling of users and business data. India stands at
a critical juncture, with the potential to revolutionise how data is
circulated through such aggregator systems. While these institutions access
data streams with user consent, there is a risk of falling into the same
conflicts observed in advanced digital economies. The crux of the issue lies
in the intricate relationship between consent, data exploitation, and the
often opaque interpretation of privacy with consent. Addressing this challenge
is essential to avoid replicating the contentious dynamics seen in more mature
digital markets and to pave the way for a more transparent, user-centric data
ecosystem.
The White House Addresses Responsible AI: AI Safety and Data Privacy
Data privacy advocates in the United States have been working toward
comprehensive privacy legislation since the late 1990s. Unlike some other
regions, such as the European Union with its General Data Protection
Regulation (GDPR), the US lacks a single, overarching law to protect
individuals' privacy rights. Right now, over 55 state and federal laws coexist
in the United States, offering various levels of privacy protections. Not only
is it a nightmare for data breach response and notification, but the
inconsistencies do Americans a disservice when it comes to adequately
protecting data privacy as it leaves gaps in protection for individuals whose
data may be handled differently depending on their location. ... The release
of the “Executive Order on the Safe, Secure, and Trustworthy Development and
Use of Artificial Intelligence,” by the Biden administration underscores the
importance of legislation that unifies the existing patchwork of regulations,
enforcement activities, and penalties under one comprehensive law. As the
White House stated in their fact sheet, "AI not only makes it easier to
extract, identify, and exploit personal data, but it also heightens incentives
to do so because companies use data to train AI systems."
Entrepreneurship is a marathon
Every business model requires the Right to Win approach. So, what I look for
in an entrepreneur is, whether he has this Right to Win attitude. What I look
for next is, whether they are long-term entrepreneurs or opportunistic
entrepreneurs. Many people want to be entrepreneurs today for the glamour and
money in entrepreneurship. Entrepreneurship is not a sprint; it is a marathon
with multiple ups and downs. And you should be able to withstand all that. You
need to have the temperament to run a marathon. Remember, in the model that I
follow now is where I don't run the business; the entrepreneurs run it. I
help, I support, but ultimately, they have to run the business. When I looked
for an entrepreneur for Bluestone.com, I had in my mind was one who can
disrupt the traditional jewellery market with technology. You may wonder what
Gaurav Singh Kushwaha, an IIT-Delhi computer science graduate, is doing in
jewellery business when he is not a jeweller. It was his ability to design
jewellery with the aid of computers and deliver exactly the same thing that
attracted me. There is a lot of technology involved in the business.
The Case for ‘Shifting Right’
When we talk about shifting right, it’s not meant to be in place of shift
left when it comes to ensuring secure software. Shifting right comes more
into focus when you think about deployment. The greatest benefit of shifting
right is the ability to see what software will actually look like once
deployed while developers are still shaping and creating it. ... There are a
myriad of issues that aren’t necessarily caught in the earlier stages of
development, meaning that shifting left doesn’t cover everything. CI/CD
code-checking can be performed earlier, but that doesn’t always create a
full fix for problems. Issues often never even manifest until the software
is actually deployed. So, why wouldn’t we check for that too? ... The phrase
“shifting right” sounds innately counterintuitive to the shift-left
mentality all software developers understand at the offset. But in reality,
and in practice, putting these processes together ensures the best possible
security and quality of your software. It’s critical to test early and find
mistakes under real-world conditions. That way you’re ensuring the same high
levels of quality and you’re protected from later issues by understanding
how software looks at the end of the development cycle.
The Need for Secure Cloud Development Environments
Some of the popular interactive patterns explored by vendors are peer-coding
and the sharing of running applications for review. Peer coding is the
ability to work on the same code at the same time by multiple developers. If
you have used an online text editor such as Google Docs and shared it with
another user for co-editing, peer-coding is the same approach applied to
code development. This allows a user to edit someone else's code in her
environment. When running an application inside a CDE-based coding
environment, it is possible to share the application with any user
immediately. In a classic setting, this will require to pre-emptively deploy
the application to another server, or share a local IP address for the local
device, provided this is possible. This process can be automated with CDEs.
CDEs are delivered using a platform that is typically self-hosted by the
organization in a private cloud or hosted by an online provider. In both
cases, functionalities delivered by these environments are available to the
local devices used to access the service without any installation.
HPE’s corporate emails breached by Russian state-sponsored actor ‘Cozy Bear’
It’s not known if this is part of a coordinated campaign targeting US tech
giants, or if it was separate factions within Midnight Blizzard or Cozy Bear
working on unique missions. “Beginning in late November 2023, the threat
actor used a password spray attack to compromise a legacy non-production
test tenant account and gain a foothold, and then used the account’s
permissions to access a very small percentage of Microsoft corporate email
accounts, including members of our senior leadership team and employees in
our cybersecurity, legal, and other functions, and exfiltrated some emails
and attached documents,” Microsoft said in a blog post disclosing the
attack. Password spraying is a brute-force cyberattack where attackers use a
common password across many accounts to bypass lockout policies. “The recent
Microsoft breach and disclosure brings to the forefront two challenges: no
one is immune (even global organizations) from threat actors, and as an
organization, it will take time to put any fixes in place,” said Ravi
Srinivasan, CEO, of cyber security firm Votiro. “Anytime a threat is
detected, it’s costly and time-consuming to remediate.”
Agent Swarms – an evolutionary leap in intelligent automation
During the rapid evolution of AI, there emerges a concept that promises to
redefine the very essence of automation. Agent Swarms, inspired by the
remarkable collective behaviors of nature’s most efficient creatures, are
poised to revolutionize our approach to complex problem-solving. As AI
accelerates at a breakneck pace, the urgency to harness the potential of
Agent Swarms becomes increasingly apparent. These autonomous software
agents, working collaboratively in a decentralized fashion, are not just a
technological marvel; they are an imperative response to the escalating
complexity of today’s challenges. In a world where healthcare, finance,
urban planning, agriculture, and countless other sectors grapple with ever
more intricate issues, the demand for intelligent automation that can adapt
and excel has never been more pressing. Agent Swarms, with their capacity
for decentralized control and collective intelligence, and their promise of
autonomous decision-making – have emerged as the answer to this urgent call.
We humbly acknowledge our journey as thought leaders and practitioners in
intelligent automation and AI.
Quote for the day:
"Success is nothing more than a few
simple disciplines, practiced every day." -- Jim Rohn
No comments:
Post a Comment