Daily Tech Digest - June 01, 2024

AI Governance: Is There Too Much Focus on Data Leakage?

While data leakage is an issue it’s by no means the only one. GenAI stands apart due to its autonomous nature and its unique ability to create new content from the information it is exposed to, and this introduces a whole host of new problems. Data poisoning, for instance, sees a malicious actor intentionally compromise the data feed of the AI to skew results. This might involve seeding an LLM with examples of deliberately vulnerable code resulting in issues being adopted in new code. Without proper checks and balances in place, this could result in the poisoned data being pulled into organisational codebases via requests from developers. The code could then end up in production application and services which would be vulnerable to a zero-day attack. AI hallucinations, sometimes referred to as confabulations, are another issue. Unlike poisoning, this is the result of the AI’s autonomy which can see it make incorrect deductions based on the data its presented with. GenAI can and does make mistakes, and there are numerous notable examples here too. 

12 Key AI Patterns for Improving Data Quality (DQ)

While there are many solutions and options to improve data quality, AI is a very viable option. AI can significantly enhance data quality in several ways. Here are 12 key use cases or patterns from four categories where AI can help in improving the data quality in business enterprises. ... Firstly, as LLMs such as ChatGPT and Gemini are trained on enormous amounts of public data, it is nearly impossible to validate the accuracy of this massive data set. This often results in hallucinations or factually incorrect responses. No business enterprise would like to be associated with a solution that has even a small probability of giving an incorrect response. Secondly, data today is a valuable business asset for every enterprise. Stringent regulations such as GDPR, HIPAA, and CCPA are forcing companies to protect personal data. Breaches can lead to severe financial penalties and damage to the company’s reputation and brand. Overall, organizations want to protect their data by keeping it private and not sharing it with everyone on the internet. Below are some examples of hallucinations from popular AI platforms.

Experts Warn of Security Risks in Grid Modernization

Experts recommend requiring comprehensive security assessments on all GETs and modern grid components. They say malicious actors and foreign adversaries already possess unauthorized access to many critical infrastructure sectors. The Cybersecurity and Infrastructure Security Agency has steadily released a series of alerts in recent months warning of a Chinese state-sponsored hacking group known as Volt Typhoon. The group is aiming to pre-position itself using "living off the land" techniques on information technology networks "for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States," according to CISA. "The Volt Typhoon alerts have said the quiet part out loud," said Padraic O'Reilly, chief innovation officer for the risk management platform CyberSaint Security. "The [threat] is in the networks, so new infrastructure must not allow for lateral movement on OT assets." Biden's federal-state grid modernization plan emphasizes the need to "speed up adoption and deployment" of GETs. 

Corporations looking at gen AI as a productivity tool are making a mistake

Taking the time to focus on the bigger picture will set up organizations for more success in the future, Menon said. AI is transformational and requires a comprehensive reevaluation of current business processes, data strategies, technology platforms, and people strategies, Pallath said. “Implementing AI effectively necessitates simplifying and revamping business processes with an AI-first mindset,” Pallath said. “Effective change management and governance are crucial to ensure that the entire organization is prepared for and engaged in this transformation.” What often happens, he said, is that employees worry more about AI’s impact on their jobs, rather than how they can leverage the technology to help them work smarter, thereby hindering the necessary changes in process to make AI successful. Executive leadership and sponsorship are also critical. “AI initiatives need strong leadership support to overcome inertia and gain the necessary resources,” Pallath said. “Without a clear vision from the top, AI projects are more likely to get stalled or diluted.” A dedicated AI team headed by a chief AI officer can help ensure success. 

Why HTML Actions Are Suddenly a JavaScript Trend

Actions in React look a lot like HTML actions, but they also look similar to event handlers like onsubmit, or unclick, Clark said. “Despite the surface-level similarities, though, actions have some important abilities that set them apart from regular event handlers,” he continued. “One such ability is support for progressive enhancement. Form actions in React are interactive before hydration occurs. Believe it or not, this works with all actions, not just actions defined on the server.” If the user interacts with a client action before it is finished hydrating, React will cue the action and replay as soon as it streams it, he said. If the user interacts with a server action, action can immediately trigger a regular browser navigation, without hydration or JavaScript. Actions also can handle asynchronous logic, he said. “React actions have built-in support for UX patterns like optimistic UI and error handling,” he said. “Actions make these complex UX patterns super simple by deeply integrating with React features like suspense and transitions.

Indonesia to Create 'Super Apps' to Run Government Services

The government has entrusted state-owned technology company Perum Peruri, commonly known as Peruri, with developing the new applications, digitizing government services and implementing the government's Electronic-Based Government System, which will run modernized applications and digital portals. ... The company said its rich history of developing high-security solutions makes it the ideal choice to lead the government's digital transformation program. "Peruri presents a fresh visual identity that illustrates how we are able to produce quality services to maintain the authenticity of products, identities and complex digital systems," said President and Director Dwina Septiani Wijaya. "The transformation process we are undergoing does not only focus on business and infrastructure, but we also understand the importance of quality human resources. ... The government's planned integration of government applications could make it easier for IT security teams to manage far fewer applications than before, but could also make the new super applications prime targets for hacking attacks considering the amount of public data they would process.

Within two years, 90% of organizations will suffer a critical tech skills shortage

Among the challenges organizations face when trying to expand the skills of their employees is resistance to training. Employees complain that the courses are too long, the options for learning are too limited, and there isn’t enough alignment between skills and career goals, according to IDC’s survey. ... IT leaders need to employ a variety of strategies to encourage a more effective learning environment within their organization. That includes everything from classroom training to hackathons, hand-on labs, and games, quests, and mini-badges. But fostering a positive learning environment in an organization requires more than just materials, courses, and challenges. Culture change begins at the top, and leaders need to demonstrate why learning matters to the organization. “This can be done by aligning employee goals with business goals, promoting continuous learning throughout the employee’s journey, and creating a rewards program that recognizes process as well as performance,” IDC’s report stated. “It also requires the allocation of adequate time, money, and people resources.”

RIG Model - The Puzzle of Designing Guaranteed Data-Consistent Microservice Systems

The RIG model sets the foundation for the saga design. It is founded in the CAP theorem and the work of Bromose and Laursen. The theoretical work results in a set of microservice categories and rules that the sagaS must comply with if we are to guarantee data consistency. The RIG model divides microservices behavior within a saga into three categories:Guaranteed microservices: Local transactions will always be successful. No business constraints will invalidate the transaction. Reversible microservices: Local transactions can always be undone and successfully rolled back with the help of compensating transactions. Irreversible microservices: Local transactions cannot be undone. ... A reversible microservice must include support for a compensating transaction and be able to handle an incoming "cancel transaction" message. When receiving a "cancel transaction" request, the microservice must "roll back" to the state before the saga. Handling compensating transactions in a reversible microservice must behave as a "Guaranteed" service. 

3 reasons users can’t stop making security mistakes — unless you address them

People are naturally inclined to find the fastest possible route at work, and that often translates into taking shortcuts that compromise security for the sake of convenience. Even tech employees are not immune when, for example, importing libraries from public repositories assuming these are safe, as they continue to be used to distribute malware and steal passwords. To avoid these shortcuts that can threaten systems, CISOs can put automated MFA prompts in place to avoid risks due to compromised passwords and restrict access to services that could put data at risk, including generative AI or downloadable libraries of code. ... Users should use out-of-band communication for verification to deter attacks and scams. Contacting those businesses through a phone number or email previously established as legitimate is a good way to ascertain whether or not the message is authorized by the entity it claims. While CISOs can’t eliminate all human risk, they can significantly reduce incidents and promote a cyber-aware culture with a strategy that addresses the psychological drivers behind poor decisions.

Elevating Defense Precision With AI-Powered Threat Triage in Proactive Dynamic Security

AI-powered threat triage operates on the principle of predictive analytics, leveraging machine learning algorithms to sift through massive datasets and identify patterns indicative of potential security threats. By continuously analyzing historical data and monitoring network activity, AI systems can detect subtle anomalies and deviations from normal behavior that may signify an impending attack. Moreover, AI algorithms can adapt and learn from new data, enabling them to evolve and improve their threat detection capabilities over time. In the perpetual battle against an ever-expanding array of cyber threats, organizations are increasingly turning to innovative technologies to bolster their defenses and stay ahead of potential attacks. ... At the forefront of this technological revolution is the integration of Artificial Intelligence (AI) into threat triage processes, and the intricate dynamics of advanced algorithms and machine learning capabilities ushering in a new era of proactive defenses that explores the transformation of traditional cybersecurity strategies.

Quote for the day:

"A leadership disposition guides you to take the path of most resistance and turn it into the path of least resistance." -- Dov Seidman

No comments:

Post a Comment