Daily Tech Digest - September 30, 2024

What Will Be the Next Big Thing in AI?

The next big thing in AI will likely be advanced multimodal models that can seamlessly integrate and process different types of data, including text, images, audio, and video, in more human-like ways, says Dinesh Puppala, regulatory affairs lead at Google. "We're moving beyond models that specialize in one type of data toward AI systems that can understand and generate across multiple modalities simultaneously, much like humans do," he notes. Advanced multimodal models will enable more natural and context-aware human-AI interactions. "They'll be better at understanding nuanced queries, interpreting visual and auditory cues, and providing more holistic and relevant responses," Puppala predicts. ... Metacognition in AI -- systems that can think about the way they think -- is on the mind of Isak Nti Asare, co-director of the cybersecurity and global policy program at Indiana University. "This capability, often described as AI self-awareness, is a necessary frontier to cross if we are to build trustworthy systems that can explain their decisions." Current AI systems, while advanced, often operate as "black boxes" where even their creators cannot fully explain their outputs. 


Best Practices for Sunsetting Mainframe Applications

The first crucial step in migrating from a mainframe to the cloud is the discovery phase. During this phase, organizations must conduct a thorough assessment of their current mainframe environment, including architecture, applications, data, dependencies, and workflows. This comprehensive understanding helps in identifying potential risks and planning the migration process effectively. The insights gained are crucial for setting the stage for the subsequent cost-benefit analysis (CBA), ensuring all stakeholders are on board with the proposed changes. A detailed CBA is essential to evaluate the financial feasibility and potential returns of the migration project. This analysis should account for all costs associated with the migration, including software licensing, cloud storage fees, and ongoing maintenance costs. It should also highlight the benefits, such as improved operational efficiency and reduced downtime, which are crucial for gaining stakeholder support. ... Effective risk management is crucial for a successful migration. This involves ensuring the availability of subject matter experts, comprehensive planning, and addressing potential issues with legacy systems. 


Security spending signals major role change for CISOs and their teams

“Expected to do more with less,” CISOs are shifting their focus, Kalinov adds. “Instead of beefing up their internal teams, they’re focusing on risk management, regulatory compliance, and keeping C-suite executives aware of the evolving security landscape,” Kalinov says. James Neilson, SVP of international sales at cybersecurity vendor OPSWAT, believes the increasing allocation of security budgets toward software and services rather than staff reflects the CISO’s evolving role from managing internal teams toward becoming a more strategic, technology-driven leader. “This trend also indicates that they’re taking on a more prominent role in risk management, ensuring that outsourced services complement internal capabilities while maintaining agility in response to evolving threats,” Neilson says. As a result, security organizations are also undergoing a shift from traditionally siloed, in-house approaches toward a more integrated, outsourced, and technology-driven model, Neilson argues. ... “Organizations increasingly rely on elements of external managed services and advanced automation tools to manage cybersecurity, focusing internal resources on understanding the business and its risks, defining higher-level strategy, oversight, and risk management,” Neilson contends.


Shadow AI, Data Exposure Plague Workplace Chatbot Use

The issue is that most of the most prevalent chatbots capture whatever information users put into prompts, which could be things like proprietary earnings data, top-secret design plans, sensitive emails, customer data, and more — and send it back to the large language models (LLMs), where it's used to train the next generation of GenAI. ... ChatGPT’s creator, OpenAI, warns in its user guide, "We are not able to delete specific prompts from your history. Please don't share any sensitive information in your conversations." But it's hard for the average worker to constantly be thinking about data exposure. Lisa Plaggemier, executive director of NCA, notes one case that illustrates how the risk can easily translate into real-world attacks. "A financial services firm integrated a GenAI chatbot to assist with customer inquiries," Plaggemier tells Dark Reading. "Employees inadvertently input client financial information for context, which the chatbot then stored in an unsecured manner. This not only led to a significant data breach, but also enabled attackers to access sensitive client information, demonstrating how easily confidential data can be compromised through the improper use of these tools."


Can AWS hit its sustainability targets and win the AI race?

“Once we achieve that goal, we're looking at what's next beyond that?,” Walker says. “As you look beyond just wind and solar, we need to look at what else is in our tool belt, especially looking further ahead to 2040 and how we're going to reach those ultimate goals, and carbon-free energy sources are the next evolution of that.” When asked whether carbon-free energy to the company means nuclear, geothermal, or something else, Walker says the company is open. “We're not limiting the options; we're looking beyond the traditional renewable sources and seeing what else there is. Carbon-free energy sources are going to be one of the tools that we're going to double down on and start looking at.” ... When asked if AWS will look to acquire more data centers close to nuclear plants or merely sign more PPAs that involve nuclear power, Walker says the company is looking at “all of the above.” “We haven't limited our options in terms of capacity. Depending on where we're building and at the rate we need to scale, [it's] certainly going to be part of the conversation.” Longer term, fusion energy could perhaps power the company’s data centers. Microsoft and OpenAI have invested in Helion, which is promising to crack the elusive technology before 2030. Google has invested in Tae Technologies.


6 ways to apply automation in devsecops

Securing continuous development processes is an extension of collaboration security. In most organizations today, multiple individuals on multiple teams write code every day — fixing bugs, adding new features, improving performance, etc. Consider an enterprise with three different teams contributing to the application code. Each is responsible for its own area. Once Team 1 checks in updated code, the build manager needs to ensure that this new code is compatible with code already contributed by Teams 2 and 3. The build manager creates a new build and scans it to ensure there are no vulnerabilities. With so much code being contributed, automation is critical. Only by automating the build creation, compatibility, and approval cycle can a business ensure that each step is always taken and done in a consistent manner. ... For larger enterprises, which may have thousands of developers checking in code daily, automation is a matter of survival. Even smaller companies must begin putting automated processes in place if they want to keep their developers productive while ensuring the security of their code.


AI, AI Everywhere! But are we Truly Prepared?

AI models are reflections of the massive database they feed on and the entire internet is on its plate. Every time a user runs a query or prompts the model for a certain search requirement, the AI runs it through the maximum accessible data in its capacity, figures out relevant touchpoints, and frames the responses as demanded by the user using its intelligent capabilities. However, not surprising that the ever-learning and self-evolving capabilities of AI models suck in more power than its search and response process. The volume of users due to the soaring popularity of the technology further adds to the power consumption. ... The exercise lights up a directional path for the artificially intelligent technology to learn and evolve in accordance. This entire process of training an AI model can range anywhere from a few minutes to several months. And, throughout the process, GPUs powering the machines keep running daylong eating into large volumes of power. On the bright side, experts have pointed out that specialised AI models are significantly more efficient in power consumption than generic models. 


Ransomware attackers hop from on-premises systems to cloud

“Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’ on-premises environment to cloud environments. They stole credentials and used them to gain control of the network, eventually creating persistent backdoor access to the cloud environment and deploying ransomware to the on-premises,” Microsoft shared last week. ... “Microsoft Entra Connect Sync is a component of Microsoft Entra Connect that synchronizes identity data between on-premises environments and Microsoft Entra ID,” Microsoft explained. “We can assess with high confidence that in the recent Storm-0501 campaign, the threat actor specifically located Microsoft Entra Connect Sync servers and managed to extract the plain text credentials of the Microsoft Entra Connect cloud and on-premises sync accounts. The compromise of the Microsoft Entra Connect Sync account presents a high risk to the target, as it can allow the threat actor to set or change Microsoft Entra ID passwords of any hybrid account.” The second approach – hijacking a Domain Admin user account that has a respective user account in Microsoft Entra ID – is also possible.


How AI is transforming business today

“We’re seeing lots of efficiencies where back, middle, and front-end workflows are being automated. So, yes, you can automate your existing processes, and that’s good and you can get a 20% [improvement in efficiency]. But the real gain is to reimagine the process itself,” she says. In fact, the gains AI can bring when used to reimagine processes is so significant that she says AI challenges the very concept of “process” itself. That’s because organizations can use AI to devise ways to reach specific desired outcomes without having a bias toward keeping and improving existing workflows. “Say you want to increase customer satisfaction by 35%. That’s the input. It’s less about how the process works. The process itself becomes almost irrelevant,” she explains. “The technology is good at achieving an object, a goal, and the concept of process itself, the sequence itself, is blown away. That is conceptually a big shift when you think of the enterprise, which is built on three things: people, process, and technology, and here’s a technology — AI — that doesn’t care about a process but is instead focused on outcome. That is truly disruptive.”


California Gov. Newsom Vetoes Hotly Debated AI Safety Bill

Newsom said he had asked generative AI experts, including Dr. Li, Tino Cuéllar of the National Academy of Sciences Committee on Social and Ethical Implications of Computing Research, and Jennifer Tour Chayes from the College of Computing, Data Science, and Society at UC Berkeley, to help California develop "workable guardrails" that focused on "developing an empirical, science-based trajectory analysis." He also asked state agencies to expand their assessment of AI risks from potential catastrophic events related to AI use. "We have a responsibility to protect Californians from potentially catastrophic risks of GenAI deployment. We will thoughtfully - and swiftly - work toward a solution that is adaptable to this fast-moving technology and harnesses its potential to advance the public good," he said. Among the AI bills Newsom has signed are SB 896, which requires California's Office of Emergency Services to expand its work assessing AI's potential threat to critical infrastructure. The governor also directed the agency to undertake the same risk assessment with water infrastructure providers and the communications sector.



Quote for the day:

"Have the dogged determination to follow through to achieve your goal, regardless of circumstances or whatever other people say, think, or do." -- Paul Meyer

No comments:

Post a Comment