Daily Tech Digest - April 28, 2024

How RPA vendors aim to remain relevant in a world of AI agents

Craig Le Clair, principal analyst at Forrester, sees RPA platforms as being ripe for expansion to support autonomous agents and generative AI as their use cases grow. In fact, he anticipates RPA platforms morphing into all-around toolsets for automation — toolsets that help deploy RPA in addition to related generative AI technologies. “RPA platforms have the architecture to manage thousands of task automations and this bodes well for central management of AI agents,” he said. “Thousands of companies are well established with RPA platforms and will be open to using them for generative AI-infused agents. RPA has grown in part thanks to its ability to integrate easily with existing work patterns, through UI integration, and this will remain valuable for more intelligent agents going forward.” UiPath is already beginning to take steps in this direction with a new capability, Context Grounding, that entered preview earlier in the month. As Enslin explained it to me, Context Grounding is designed to improve the accuracy of generative AI models — both first- and third-party — by converting business data those models might draw on into an “optimized” format that’s easier to index and search.

Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software

Producing a detailed list of software components in an application can have offensive implications, Pesce argues. In his presentation, he will show that SBOMs have enough information to allow attackers to search for specific CVEs in a database of SBOMs and find an application that is likely vulnerable. Even better for attackers, SBOMs will also list other components and utilities on the device that the attacker could use for "living off the land" post-compromise, he says. "Once I've compromised a device ... an SBOM can tell me what the device manufacturer left behind on that device that I could potentially use as tools to start probing other networks," he says. The minimum baseline for SBOM data fields include the supplier, the component name and version, dependency relationships, and a timestamp of when the information was last updated, according to the US Department of Commerce guidelines. In fact, a comprehensive database of SBOMs could be used in a manner similar to the Shodan census of the Internet: Defenders could use it to see their exposure, but attackers could use it to determine what applications might be vulnerable to a particular vulnerability, Pesce says.

Computer scientists unveil novel attacks on cybersecurity

In this new study, researchers leverage modern predictors' utilization of a Path History Register (PHR) to index prediction tables. The PHR records the addresses and precise order of the last 194 taken branches in recent Intel architectures. With innovative techniques for capturing the PHR, the researchers demonstrate the ability to not only capture the most recent outcomes but also every branch outcome in sequential order. Remarkably, they uncover the global ordering of all branches. Despite the PHR typically retaining the most recent 194 branches, the researchers present an advanced technique to recover a significantly longer history. "We successfully captured sequences of tens of thousands of branches in precise order, utilizing this method to leak secret images during processing by the widely used image library, libjpeg," said Hosein Yavarzadeh, a UC San Diego Computer Science and Engineering Department Ph.D. student and lead author of the paper. The researchers also introduce an exceptionally precise Spectre-style poisoning attack, enabling attackers to induce intricate patterns of branch mispredictions within victim code. 

Bank CIO: We don't need AI whizzes, we need critical thinkers to challenge AI

"We realize having fantastic brains and results isn't necessarily as good as someone that is willing to have critical thinking and give their own perspectives on what AI and generative AI gives you back in terms of recommendations," he says. "We want people that have the emotional and self-awareness to go, 'hmm, this doesn't feel quite right, I'm brave enough to have a conversation with someone, to make sure there's a human in the loop.'" ... In working closely with AI, Mai discovered an interesting twist in human nature: People tend to disregard their own judgement and diligence as they grow dependent on these systems. "As an example, we found that some humans become lazy -- they prompt something, and then decide, 'ah that sounds like a really good response,' and send it on." When Mai senses that level of over-reliance on AI, "I'll march them into my office, saying 'I'm paying you for your perspective, not a prompt and a response in AI that you're going to get me to read. Just taking the results and giving it back to me is not what I'm looking for, I'm expecting your critical thought."

Scientists Uncover Surprising Reversal in Quantum Systems

Things get particularly interesting if, in addition, the particles in such a system interact, meaning that they attract or repel each other, like electrons in solids. Studying topology and interactions together in solids, however, is extremely difficult. A team of researchers at ETH led by Tilman Esslinger has now managed to detect topological effects in an artificial solid, in which the interactions can be switched on or off using magnetic fields. Their results, which have just been published in the scientific journal Science, could be used in quantum technologies in the future. ... Surprisingly, the atoms didn’t simply stop at the wall, but suddenly turned around. The screw was thus moving backward, although it kept being turned clockwise. Esslinger and his team explain this return by the two doughnut topologies that exist in the lattice – one with a clockwise-turning doughnut and another one that turns in the opposite direction. At the wall, the atoms can change from one topology to the other, thus inverting their direction of motion. Now the researchers switched on a repulsive interaction between the atoms and watched what happened. 

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information. BEC attacks can have many motivations, often financially driven, aimed at tricking organizations into transferring funds or sensitive information to malicious actors. BEC offers adversaries the advantage of impersonating trusted contacts to facilitate internal spearphishing attacks that can bypass traditional external defenses and increase the likelihood of deception, widespread malware infections and data theft. In one engagement, adversaries performed a password-spraying attack and MFA exhaustion attacks against several employee accounts. There was a lack of proper MFA implementation across all the impacted accounts, leading to the adversaries gaining access to at least two accounts using single-factor authentication. The organization detected and disrupted the attack before adversaries could further their access or perform additional post-compromise activities.

Creating a Culture of Belonging: Addressing Workplace Bias in Tech

Paul Wallenberg, senior manager of technology services at technology staffing, recruiting, and culture firm LaSalle Network, believes the formation of employee resource groups (ERGs) can help HR departments tackle unconscious bias and develop educational structures for tackling those issues. "The challenge with navigating and correcting microaggressions is people that are doing them often don't know they're doing it," he said. "There's a subtlety and an indirectness to them that people may not understand." ERGs can help dismantle the constructs those people have been working within for their entire careers — but Wallenberg notes there is no "one size fits all" solution. Hannah Johnson, senior vice president for tech talent programs at CompTIA, agrees, noting that the important factor is that any DEI efforts must be nuanced to target what's important to that organization. She urges leadership to prioritize transparency by openly communicating with their organization about issues, plans, and anticipated outcomes.

Building AI With MongoDB: Integrating Vector Search And Cohere to Build Frontier Enterprise Apps

It is in the realm of embedding where Cohere has made a host of recent advances. Described as “AI for language understanding,” Embed is Cohere’s leading text representation language model. Cohere offers both English and multilingual embedding models, and gives users the ability to specify the type of data they are computing an embedding for (e.g., search document, search query). The result is embeddings that improve the accuracy of search results for traditional enterprise search or retrieval-augmented generation. One challenge developers faced using Embed was that documents had to be passed one by one to the model endpoint, limiting throughput when dealing with larger data sets. To address that challenge and improve developer experience, Cohere has recently announced its new Embed Jobs endpoint. Now entire data sets can be passed in one operation to the model, and embedded outputs can be more easily ingested back into your storage systems. Additionally, with only a few lines of code, Rerank 3 can be added at the final stage of search systems to improve accuracy. 

What is a technology audit and why it's important

According to McKinsey, companies pay whopping 40 percent "tech debt tax" due to delayed digital transformation decisions. It's acceptable of course in some situations, when such decision is a conscious choice dictated by business needs, circumstances or regulations. Unfortunately, in many cases business owners and startup founders even don't realize how much they are paying to service their technical debt. To reveal such hidden technical debt, a detailed review of technology aspects of your business is required. When you are working on a software product for a while, you may start asking yourself various questions:Are we following all the necessary best practices? Is our architecture good scalable and secure? Are we missing security vulnerabilities? Do we really have all the software assets developed by third-party vendors? Additionally, technical debt can have it's internal "guardians" who may want to maintain the status quo for various reasons. To mitigate risks described above and ensure efficient operations, proper security and optimal usage of cloud services, an external technology audit is one of the best options.

Steer Between Debt and Delay With Platform Engineering

While EA pros often hear cries of “ivory tower,” “out of touch,” and so forth, such criticisms overlook the fundamental point: Enterprises put architecture in place to deliver business value, such as the value of controlling the risks that emerge from technical debt and sprawl—security breaches, outages, unsustainable cost structures, and so forth. And so the EA team started to try to control the morass that distributed computing had gotten itself into through standardizing product choices (Oracle and SQL Server are OK, but let’s sunset Informix) and reviewing design choices submitted by project (later product) teams. The EA reviews started to encompass a broader and wider array of questions. Lengthy intake forms and checklists became typical, covering everything from application design patterns to persistence approaches to monitoring to backup and more. The notorious "Architecture Review Board" became a requirement for all projects. Review cycles became more protracted and painful, and more than a few business organizations got fed up and just went shadow until their shadow systems failed, at which point central IT would be pressured to take over the mess. 

Quote for the day:

"Things turn out best for the people who make the best of the way things turn out." -- John Wooden

No comments:

Post a Comment