AI Governance: Is There Too Much Focus on Data Leakage?
While data leakage is an issue it’s by no means the only one. GenAI stands apart
due to its autonomous nature and its unique ability to create new content from
the information it is exposed to, and this introduces a whole host of new
problems. Data poisoning, for instance, sees a malicious actor intentionally
compromise the data feed of the AI to skew results. This might involve seeding
an LLM with examples of deliberately vulnerable code resulting in issues being
adopted in new code. Without proper checks and balances in place, this could
result in the poisoned data being pulled into organisational codebases via
requests from developers. The code could then end up in production application
and services which would be vulnerable to a zero-day attack. AI hallucinations,
sometimes referred to as confabulations, are another issue. Unlike poisoning,
this is the result of the AI’s autonomy which can see it make incorrect
deductions based on the data its presented with. GenAI can and does make
mistakes, and there are numerous notable examples here too.
12 Key AI Patterns for Improving Data Quality (DQ)
While there are many solutions and options to improve data quality, AI is a
very viable option. AI can significantly enhance data quality in several ways.
Here are 12 key use cases or patterns from four categories where AI can help
in improving the data quality in business enterprises. ... Firstly, as LLMs
such as ChatGPT and Gemini are trained on enormous amounts of public data, it
is nearly impossible to validate the accuracy of this massive data set. This
often results in hallucinations or factually incorrect responses. No business
enterprise would like to be associated with a solution that has even a small
probability of giving an incorrect response. Secondly, data today is a
valuable business asset for every enterprise. Stringent regulations such as
GDPR, HIPAA, and CCPA are forcing companies to protect personal data. Breaches
can lead to severe financial penalties and damage to the company’s reputation
and brand. Overall, organizations want to protect their data by keeping it
private and not sharing it with everyone on the internet. Below are some
examples of hallucinations from popular AI platforms.
Experts Warn of Security Risks in Grid Modernization
Experts recommend requiring comprehensive security assessments on all GETs and
modern grid components. They say malicious actors and foreign adversaries
already possess unauthorized access to many critical infrastructure sectors.
The Cybersecurity and Infrastructure Security Agency has steadily released a
series of alerts in recent months warning of a Chinese state-sponsored hacking
group known as Volt Typhoon. The group is aiming to pre-position itself using
"living off the land" techniques on information technology networks "for
disruptive or destructive cyber activity against U.S. critical infrastructure
in the event of a major crisis or conflict with the United States," according
to CISA. "The Volt Typhoon alerts have said the quiet part out loud," said
Padraic O'Reilly, chief innovation officer for the risk management platform
CyberSaint Security. "The [threat] is in the networks, so new infrastructure
must not allow for lateral movement on OT assets." Biden's federal-state grid
modernization plan emphasizes the need to "speed up adoption and deployment"
of GETs.
Corporations looking at gen AI as a productivity tool are making a mistake
Taking the time to focus on the bigger picture will set up organizations for
more success in the future, Menon said. AI is transformational and requires a
comprehensive reevaluation of current business processes, data strategies,
technology platforms, and people strategies, Pallath said. “Implementing AI
effectively necessitates simplifying and revamping business processes with an
AI-first mindset,” Pallath said. “Effective change management and governance
are crucial to ensure that the entire organization is prepared for and engaged
in this transformation.” What often happens, he said, is that employees worry
more about AI’s impact on their jobs, rather than how they can leverage the
technology to help them work smarter, thereby hindering the necessary changes
in process to make AI successful. Executive leadership and sponsorship are
also critical. “AI initiatives need strong leadership support to overcome
inertia and gain the necessary resources,” Pallath said. “Without a clear
vision from the top, AI projects are more likely to get stalled or diluted.” A
dedicated AI team headed by a chief AI officer can help ensure
success.
Why HTML Actions Are Suddenly a JavaScript Trend
Actions in React look a lot like HTML actions, but they also look similar to
event handlers like onsubmit, or unclick, Clark said. “Despite the
surface-level similarities, though, actions have some important abilities that
set them apart from regular event handlers,” he continued. “One such ability
is support for progressive enhancement. Form actions in React are interactive
before hydration occurs. Believe it or not, this works with all actions, not
just actions defined on the server.” If the user interacts with a client
action before it is finished hydrating, React will cue the action and replay
as soon as it streams it, he said. If the user interacts with a server action,
action can immediately trigger a regular browser navigation, without hydration
or JavaScript. Actions also can handle asynchronous logic, he said. “React
actions have built-in support for UX patterns like optimistic UI and error
handling,” he said. “Actions make these complex UX patterns super simple by
deeply integrating with React features like suspense and transitions.
Indonesia to Create 'Super Apps' to Run Government Services
The government has entrusted state-owned technology company Perum Peruri,
commonly known as Peruri, with developing the new applications, digitizing
government services and implementing the government's Electronic-Based
Government System, which will run modernized applications and digital portals.
... The company said its rich history of developing high-security solutions
makes it the ideal choice to lead the government's digital transformation
program. "Peruri presents a fresh visual identity that illustrates how we are
able to produce quality services to maintain the authenticity of products,
identities and complex digital systems," said President and Director Dwina
Septiani Wijaya. "The transformation process we are undergoing does not only
focus on business and infrastructure, but we also understand the importance of
quality human resources. ... The government's planned integration of
government applications could make it easier for IT security teams to manage
far fewer applications than before, but could also make the new super
applications prime targets for hacking attacks considering the amount of
public data they would process.
Within two years, 90% of organizations will suffer a critical tech skills shortage
Among the challenges organizations face when trying to expand the skills of
their employees is resistance to training. Employees complain that the courses
are too long, the options for learning are too limited, and there isn’t enough
alignment between skills and career goals, according to IDC’s survey. ... IT
leaders need to employ a variety of strategies to encourage a more effective
learning environment within their organization. That includes everything from
classroom training to hackathons, hand-on labs, and games, quests, and
mini-badges. But fostering a positive learning environment in an organization
requires more than just materials, courses, and challenges. Culture change
begins at the top, and leaders need to demonstrate why learning matters to the
organization. “This can be done by aligning employee goals with business
goals, promoting continuous learning throughout the employee’s journey, and
creating a rewards program that recognizes process as well as performance,”
IDC’s report stated. “It also requires the allocation of adequate time, money,
and people resources.”
RIG Model - The Puzzle of Designing Guaranteed Data-Consistent Microservice Systems
The RIG model sets the foundation for the saga design. It is founded in the
CAP theorem and the work of Bromose and Laursen. The theoretical work results
in a set of microservice categories and rules that the sagaS must comply with
if we are to guarantee data consistency. The RIG model divides microservices
behavior within a saga into three categories:Guaranteed microservices: Local
transactions will always be successful. No business constraints will
invalidate the transaction. Reversible microservices: Local transactions can
always be undone and successfully rolled back with the help of compensating
transactions. Irreversible microservices: Local transactions cannot be undone.
... A reversible microservice must include support for a compensating
transaction and be able to handle an incoming "cancel transaction" message.
When receiving a "cancel transaction" request, the microservice must "roll
back" to the state before the saga. Handling compensating transactions in a
reversible microservice must behave as a "Guaranteed" service.
3 reasons users can’t stop making security mistakes — unless you address them
People are naturally inclined to find the fastest possible route at work, and
that often translates into taking shortcuts that compromise security for the
sake of convenience. Even tech employees are not immune when, for example,
importing libraries from public repositories assuming these are safe, as they
continue to be used to distribute malware and steal passwords. To avoid these
shortcuts that can threaten systems, CISOs can put automated MFA prompts in
place to avoid risks due to compromised passwords and restrict access to
services that could put data at risk, including generative AI or downloadable
libraries of code. ... Users should use out-of-band communication for
verification to deter attacks and scams. Contacting those businesses through a
phone number or email previously established as legitimate is a good way to
ascertain whether or not the message is authorized by the entity it claims.
While CISOs can’t eliminate all human risk, they can significantly reduce
incidents and promote a cyber-aware culture with a strategy that addresses the
psychological drivers behind poor decisions.
Elevating Defense Precision With AI-Powered Threat Triage in Proactive Dynamic Security
AI-powered threat triage operates on the principle of predictive analytics,
leveraging machine learning algorithms to sift through massive datasets and
identify patterns indicative of potential security threats. By continuously
analyzing historical data and monitoring network activity, AI systems can
detect subtle anomalies and deviations from normal behavior that may signify
an impending attack. Moreover, AI algorithms can adapt and learn from new
data, enabling them to evolve and improve their threat detection capabilities
over time. In the perpetual battle against an ever-expanding array of cyber
threats, organizations are increasingly turning to innovative technologies to
bolster their defenses and stay ahead of potential attacks. ... At the
forefront of this technological revolution is the integration of Artificial
Intelligence (AI) into threat triage processes, and the intricate dynamics of
advanced algorithms and machine learning capabilities ushering in a new era of
proactive defenses that explores the transformation of traditional
cybersecurity strategies.
Quote for the day:
"A leadership disposition guides you
to take the path of most resistance and turn it into the path of least
resistance." -- Dov Seidman
No comments:
Post a Comment