Quote for the day:
"Everyone is looking for the elevator to success...it doesn't exist we all have to take the stairs" -- Gordon Tredgold
What we know now about generative AI for software development
“GenAI is used primarily for code, unit test, and functional test generation,
and its accuracy depends on providing proper context and prompts,” says David
Brooks, SVP of evangelism at Copado. “Skilled developers can see 80% accuracy,
but not on the first response. With all of the back and forth, time savings are
in the 20% range now but should approach 50% in the near future.” AI coding
assistants also help junior developers learn coding skills, automate test cases,
and address code-level technical debt. ... GenAI is currently easiest to apply
to application prototyping because it can write the project scaffolding from
scratch, which overcomes the ‘blank sheet of paper’ problem where it can be
difficult to get started from nothing,” says Matt Makai, VP of developer
relations and experience at LaunchDarkly. “It’s also exceptional for integrating
web RESTful APIs into existing projects because the amount of code that needs to
be generated is not typically too much to fit into an LLM’s context window.
Finally, genAI is great for creating unit tests either as part of a test-driven
development workflow or just to check assumptions about blocks of code.” One
promising use case is helping developers review code they didn’t create to fix
issues, modernize, or migrate to other platforms.How to upskill software engineering teams in the age of AI
The challenge lies not just in learning to code — it’s in learning to code
effectively in an AI-augmented environment. Software engineering teams
becoming truly proficient with AI tools requires a level of expertise that can
be hindered by premature or excessive reliance on the very tools in question.
This is the “skills-experience paradox”: junior engineers must simultaneously
develop foundational programming competencies while working with AI tools that
can mask or bypass the very concepts they need to master. ... Effective AI
tool use requires shifting focus from productivity metrics to learning
outcomes. This aligns with current trends — while professional developers
primarily view AI tools as productivity enhancers, early-career developers
focus more on their potential as learning aids. To avoid discouraging
adoption, leaders should emphasize how these tools can accelerate learning and
deepen understanding of software engineering principles. To do this, they
should first frame AI tools explicitly as learning aids in new developer
onboarding and existing developer training programs, highlighting specific use
cases where they can enhance the understanding of complex systems and
architectural patterns. Then, they should implement regular feedback
mechanisms to understand how developers are using AI tools and what barriers
they face in adopting them effectively.Microsoft Brings Post-Quantum Cryptography to Windows and Linux in Early Access Rollout
The move represents another step in Microsoft’s broader security roadmap to
help organizations prepare for the era of quantum computing — an era in which
today’s encryption methods may no longer be safe. By adding support for PQC in
early-access builds of Windows and Linux, Microsoft is encouraging businesses
and developers to begin testing new cryptographic tools that are designed to
resist future quantum attacks. ... The company’s latest update is part of an
ongoing push to address a looming problem known as “harvest now, decrypt
later” — a strategy in which bad actors collect encrypted data today with the
hope that future quantum computers will be able to break it. To counter this
risk, Microsoft is enabling early implementation of PQC algorithms that have
been standardized by the U.S. National Institute of Standards and Technology
(NIST), including ML-KEM for key exchanges and ML-DSA for digital signatures.
... Developers can now begin testing how these new algorithms fit into their
existing security workflows, according to the post. For key exchanges, the
supported ML-KEM parameter sets include 512, 768 and 1024-bit options, which
offer varying levels of security and come with trade-offs in key size and
performance.The great IT disconnect: Vendor visions of the future vs. IT’s task at hand
The “vision thing” has become a metonym used to describe a leader’s failure to incorporate future concerns into task-at-hand actions. There was a time when CEOs at major solution providers supplied vision and inspiration on where we were heading. The sic “futures” being articulated from the podia at major tech conferences today lack authenticity. Most importantly they do not reflect the needs and priorities of real people who work in real IT. In a world where technology allows deeper and cheaper connectivity, top-of-the-house executives at solution providers have never been more out of touch with the lived experience of their customers. The vendor CEOs, their direct reports, and their first-levels live in a bubble that has little to do with the reality being lived by the world’s CIOs. ... Who is the generational voice for the Age of AI? Is it Jensen Huang, CEO at Nvidia; Sam Altman, CEO at OpenAI; Marc Andreessen, co-founder of venture capital firm Andreessen Horowitz; or Elon Musk, at Tesla, SpaceX, and xAI? Who has laid out a future you can believe in, a future you want to live in? Does the CEO at your major tech supplier understand what matters most to you and your organization? The futurist agenda has been hijacked from focusing on the semi-immediate “what comes next.”Claude Opus 4 is Anthropic's Powerful, Problematic AI Model
An Opus 4 safety report details concerns. One test involved Opus 4 being told
"to act as an assistant at a fictional company," after which it was given
access to emails - also fictional - suggesting Opus would be replaced, and by
an engineer who was having an extramarital affair. "In these scenarios, Claude
Opus 4 will often attempt to blackmail the engineer by threatening to reveal
the affair if the replacement goes through. This happens at a higher rate if
it's implied that the replacement AI system does not share values with the
current model; however, even if emails state that the replacement AI shares
values while being more capable, Claude Opus 4 still performs blackmail in 84%
of rollouts," the safety report says. "Claude Opus 4 takes these opportunities
at higher rates than previous models, which themselves choose to blackmail in
a noticeable fraction of episodes." Anthropic said the tests involved
carefully designed scenarios, framing blackmail as a last resort if ethical
approaches failed, such as lobbying senior management. The model's behavior
was concerning enough for Anthropic to classify it under its ASL-3 safeguard
level, reserved for systems that pose a substantial risk of catastrophic
misuse. The designation comes with stricter safety measures, including content
filters and cybersecurity defenses.Biometric authentication vs. AI threats: Is mobile security ready?
The process of 3rd party evaluation with industrial standards acts as a layer
of trust between all players operating in ecosystem. It should not be thought
of as a tick-box exercise, but rather a continuous process to ensure
compliance with the latest standards and regulatory requirements. In doing so,
device manufacturers and biometric solution providers can collectively raise
the bar for biometric security. The robust testing and compliance protocols
ensure that all devices and components meet standardized requirements. This is
made possible by trusted and recognized labs, like Fime, who can provide OEMs
and solution providers with tools and expertise to continually optimize their
products. But testing doesn’t just safeguard the ecosystem; it elevates it. As
an example, new innovative techniques like test the biases of demographic
groups or environmental conditions. ... We have reached a critical
moment for the future of biometric authentication. The success of the
technology is predicated on the continued growth in its adoption, but with AI
giving fraudsters the tools they need to transform the threat landscape at a
faster pace than ever before, it is essential that biometric solution
providers stay one step ahead to retain and grow user trust. Stakeholders must
therefore focus on one key question:How ‘dark LLMs’ produce harmful outputs, despite guardrails
LLMs, although they have positively impacted millions, still have their dark
side, the authors wrote, noting, “these same models, trained on vast data,
which, despite curation efforts, can still absorb dangerous knowledge,
including instructions for bomb-making, money laundering, hacking, and
performing insider trading.” Dark LLMs, they said, are advertised online as
having no ethical guardrails and are sold to assist in cybercrime. ... “A
critical vulnerability lies in jailbreaking — a technique that uses carefully
crafted prompts to bypass safety filters, enabling the model to generate
restricted content.” And it’s not hard to do, they noted. “The ease with which
these LLMs can be manipulated to produce harmful content underscores the
urgent need for robust safeguards. The risk is not speculative — it is
immediate, tangible, and deeply concerning, highlighting the fragile state of
AI safety in the face of rapidly evolving jailbreak techniques.” Analyst
Justin St-Maurice, technical counselor at Info-Tech Research Group, agreed.
“This paper adds more evidence to what many of us already understand: LLMs
aren’t secure systems in any deterministic sense,” he said, “They’re
probabilistic pattern-matchers trained to predict text that sounds right, not
rule-bound engines with an enforceable logic. Jailbreaks are not just likely,
but inevitable.Coaching for personal excellence: Why the future of leadership is human-centered
As organisations grapple with rapid technological shifts, evolving workforce
expectations and the complex human dynamics of hybrid work, one thing has
become clear: leadership isn’t just about steering the ship. It’s about
cultivating the emotional resilience, adaptability and presence to lead people
through ambiguity — not by force, but by influence. This is why coaching is no
longer a ‘nice-to-have.’ It’s a strategic imperative. A lever not just for
individual growth, but for organisational transformation. The real challenge?
Even seasoned leaders now stand at a crossroads: cling to the illusion of
control, or step into the discomfort of growth — for themselves and their
teams. Coaching bridges this gap. It reframes leadership from giving
directions to unlocking potential. From managing outcomes to enabling insight.
... Many people associate coaching with helping others improve. But the truth
is, coaching begins within. Before a leader can coach others, they must learn
to observe, challenge, and support themselves. That means cultivating
emotional intelligence. Practising deep reflection. Learning to regulate
reactions under stress. And perhaps most importantly, understanding what
personal excellence looks like—and feels like—for them.5 types of transformation fatigue derailing your IT team
Transformation fatigue is the feeling employees face when change efforts
consistently fall short of delivering meaningful results. When every new
initiative feels like a rerun of the last, teams disengage; it’s not change
that wears them down, it’s the lack of meaningful progress. This fatigue is
rarely acknowledged, yet its effects are profound. ... Organise around value
streams and move from annual plans to more adaptive, incremental delivery.
Allow teams to release meaningful work more frequently and see the direct
outcomes of their efforts. When value is visible early and often, energy is
easier to sustain. Also, leaders can achieve this by shifting from a
traditional project-based model to a product-led approach, embedding
continuous delivery into the way teams work, rather than treating. ...
Frameworks can be helpful, but too often, organisations adopt them in the hope
they’ll provide a shortcut to transformation. Instead, these approaches become
overly rigid, emphasising process compliance over real outcomes. ... What
leaders can do: Focus on mindset, not methodology. Leaders should model
adaptive thinking, support experimentation, and promote learning over
perfection. Create space for teams to solve problems, rather than follow
playbooks that don’t fit their context.Why app modernization can leave you less secure
In most enterprises, session management is implemented using the capabilities
native to the application’s framework. A Java app might use Spring Security. A
JavaScript front-end might rely on Node.js middleware. Ruby on Rails handles
sessions differently still. Even among apps using the same language or
framework, configurations often vary widely across teams, especially in
organizations with distributed development or recent acquisitions. This
fragmentation creates real-world risks: inconsistent timeout policies, delayed
patching, and session revocation gaps Also, there’s the problem of developer
turnover: Many legacy applications were developed by teams that are no longer
with the organization, and without institutional knowledge or centralized
visibility, updating or auditing session behavior becomes a guessing game. ...
As one of the original authors of the SAML standard, I’ve seen how identity
protocols evolve and where they fall short. When we scoped SAML to focus
exclusively on SSO, we knew we were leaving other critical areas (like
authorization and user provisioning) out of the equation. That’s why other
standards emerged, including SPML, AuthXML, and now efforts like IDQL. The
need for identity systems that interoperate securely across clouds isn’t new,
it’s just more urgent now. 
No comments:
Post a Comment