Quote for the day:
"Successful leaders see the opportunities in every difficulty rather than the difficulty in every opportunity" -- Reed Markham
Chief AI role gains traction as firms seek to turn pilots into profits
CAIOs understand the strategic importance of their role, with 72% saying their
organizations risk falling behind without AI impact measurement. Nevertheless,
68% said they initiate AI projects even if they can’t assess their impact,
acknowledging that the most promising AI opportunities are often the most
difficult to measure. Also, some of the most difficult AI-related tasks an
organization must tackle rated low on CAIOs’ priority lists, including measuring
the success of AI investments, obtaining funding and ensuring compliance with AI
ethics and governance. The study’s authors didn’t suggest a reason for this
disconnect. ... Though CEO sponsorship is critical, the authors also stressed
the importance of close collaboration across the C-suite. Chief operating
officers need to redesign workflows to integrate AI into operations while
managing risk and ensuring quality. Tech leaders need to ensure that the
technical stack is AI-ready, build modern data architectures and co-create
governance frameworks. Chief human resource officers need to integrate AI into
HR processes, foster AI literacy, redesign roles and foster an innovation
culture. The study found that the factors that separate high-performing CAIOs
from their peers are measurement, teamwork and authority. Successful projects
address high-impact areas like revenue growth, profit, customer satisfaction and
employee productivity.Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture
“Executives typically rely on high-level reports and dashboards, whereas
frontline practitioners see the day-to-day challenges, such as limitations in
coverage, legacy systems, and alert fatigue — issues that rarely make it into
boardroom discussions,” she says. “This disconnect can lead to a false sense of
security at the top, causing underinvestment in areas such as secure
development, threat modeling, or technical skills.” ... Moreover, the
CISO’s rise in prominence and repositioning for business leadership may also be
adding to the disconnect, according to Adam Seamons, information security
manager at GRC International Group. “Many CISOs have shifted from being
technical leads to business leaders. The problem is that in doing so, they can
become distanced from the operational detail,” Seamons says. “This creates a
kind of ‘translation gap’ between what executives think is happening and what’s
actually going on at the coalface.” ... Without a consistent, shared view of
risk and posture, strategy becomes fragmented, leading to a slowdown in
decision-making or over- or under-investment in specific areas, which in turn
create blind spots that adversaries can exploit. “Bridging this gap starts with
improving the way security data is communicated and contextualized,” Forescout’s
Ferguson advises.
7 tips for a more effective multicloud strategy
For enterprises using dozens of cloud services from multiple providers, the
level of complexity can quickly get out of hand, leading to chaos, runaway
costs, and other issues. Managing this complexity needs to be a key part of any
multicloud strategy. “Managing multiple clouds is inherently complex, so unified
management and governance are crucial,” says Randy Armknecht, a managing
director and global cloud practice leader at business advisory firm Protiviti.
“Standardizing processes and tools across providers prevents chaos and maintains
consistency,” Armknecht says. Cloud-native application protection platforms
(CNAPP) — comprehensive security solutions that protect cloud-native
applications from development to runtime — “provide foundational control
enforcement and observability across providers,” he says. ... Protecting
data in multicloud environments involves managing disparate APIs,
configurations, and compliance requirements across vendors, Gibbons says.
“Unlike single-cloud environments, multicloud increases the attack surface and
requires abstraction layers [to] harmonize controls and visibility across
platforms,” he says. Security needs to be uniform across all cloud services in
use, Armknecht adds. “Centralizing identity and access management and enforcing
strong data protection policies are essential to close gaps that attackers or
compliance auditors could exploit,” he says.Building Reproducible ML Systems with Apache Iceberg and SparkSQL: Open Source Foundations
/articles/reproducible-ml-iceberg/en/smallimage/reproducible-ml-iceberg-thumbnail-1753341474504.jpg)
Data lakes were designed for a world where analytics required running batch
reports and maybe some ETL jobs. The emphasis was on storage scalability, not
transactional integrity. That worked fine when your biggest concern was
generating quarterly reports. But ML is different. ... Poor data foundations
create costs that don't show up in any budget line item. Your data scientists
spend most of their time wrestling with data instead of improving models. I've
seen studies suggesting sixty to eighty percent of their time goes to data
wrangling. That's... not optimal. When something goes wrong in production –
and it will – debugging becomes an archaeology expedition. Which data version
was the model trained on? What changed between then and now? Was there a
schema modification that nobody documented? These questions can take weeks to
answer, assuming you can answer them at all. ... Iceberg's hidden partitioning
is particularly nice because it maintains partition structures automatically
without requiring explicit partition columns in your queries. Write simpler
SQL, get the same performance benefits. But don't go crazy with partitioning.
I've seen teams create thousands of tiny partitions thinking it will improve
performance, only to discover that metadata overhead kills query planning.
Keep partitions reasonably sized (think hundreds of megabytes to gigabytes)
and monitor your partition statistics.The Creativity Paradox of Generative AI
Before talking about AI creation ability, we need to understand a simple
linguistic limitation: despite the data used for these compositions having
human meanings initially, i.e., being seen as information, after being de- and
recomposed in a new, unknown way, these compositions do not have human
interpretation, at least for a while, i.e., they do not form information.
Moreover, these combinations cannot define new needs but rather offer
previously unknown propositions to the specified tasks. ... Propagandists of
know-it-all AI have a theoretical basis defined in the ethical principles that
such an AI should realise and promote. Regardless of how progressive they
sound, their core is about neo-Marxist concepts of plurality and solidarity.
Plurality states that the majority of people – all versus you – is always
right (while in human history it is usually wrong), i.e., if an AI tells you
that your need is already resolved in the way that the AI articulated, you
have to agree with it. Solidarity is, in essence, a prohibition of individual
opinions and disagreements, even just slight ones, with the opinion of others;
i.e., everyone must demonstrate solidarity with all. ... The know-it-all AI
continuously challenges a necessity in the people’s creativity. The Big AI
Brothers think for them, decide for them, and resolve all needs; the only
thing that is required in return is to obey the Big AI Brother directives.Doing More With Your Existing Kafka
The transformation into a real-time business isn’t just a technical shift, it’s
a strategic one. According to MIT’s Center for Information Systems Research
(CISR), companies in the top quartile of real-time business maturity report 62%
higher revenue growth and 97% higher profit margins than those in the bottom
quartile. These organizations use real-time data not only to power systems but
to inform decisions, personalize customer experiences and streamline operations.
... When event streams are discoverable, secure and easy to consume, they are
more likely to become strategic assets. For example, a Kafka topic tracking
payment events could be exposed as a self-service API for internal analytics
teams, customer-facing dashboards or third-party partners. This unlocks faster
time to value for new applications, enables better reuse of existing data
infrastructure, boosts developer productivity and helps organizations meet
compliance requirements more easily. ... Event gateways offer a practical
and powerful way to close the gap between infrastructure and innovation. They
make it possible for developers and business teams alike to build on top of
real-time data, securely, efficiently and at scale. As more organizations move
toward AI-driven and event-based architectures, turning Kafka into an accessible
and governable part of your API strategy may be one of the highest-leverage
steps you can take, not just for IT, but for the entire business.
Meta-Learning: The Key to Models That Can "Learn to Learn"
US govt, Big Tech unite to build one stop national health data platform
Under this framework, applications must support identity-proofing standards,
consent management protocols, and Fast Healthcare Interoperability Resources
(FHIR)-based APIs that allow for real-time retrieval of medical data across
participating systems. The goal, according to CMS Administrator Chiquita
Brooks-LaSure, is to create a “unified digital front door” to a patient’s health
records that are accessible from any location, through any participating app, at
any time. This unprecedented public-private initiative builds on rules first
established under the 2016 21st Century Cures Act and expanded by the CMS
Interoperability and Patient Access Final Rule. This rule mandates that
CMS-regulated payers such as Medicare Advantage organizations, Medicaid
programs, and Affordable Care Act (ACA)-qualified health plans make their
claims, encounter data, lab results, provider remittances, and explanations of
benefits accessible through patient-authorized APIs. ... ID.me, another key
identity verification provider participating in the CMS initiative, has also
positioned itself as foundational to the interoperability framework. The company
touts its IAL2/AAL2-compliant digital identity wallet as a gateway to
streamlined healthcare access. Through one-time verification, users can access a
range of services across providers and government agencies without repeatedly
proving their identity.What Is Data Literacy and Why Does It Matter?
Building data literacy in an organization is a long-term project, often
spearheaded by the chief data officer (CDO) or another executive who has a
vision for instilling a culture of data in their company. In a report from the
MIT Sloan School of Management, experts noted that to establish data literacy in
a company, it’s important to first establish a common language so everyone
understands and agrees on the definition of commonly used terms. Second,
management should build a culture of learning and offer a variety of modes of
training to suit different learning styles, such as workshops and self-led
courses. Finally, the report noted that it’s critical to reward curiosity – if
employees feel they’ll get punished if their data analysis reveals a weakness in
the company’s business strategy, they’ll be more likely to hide data or just
ignore it. Donna Burbank, an industry thought leader and the managing director
of Global Data Strategy, discussed different ways to build data literacy at
DATAVERSITY’s Data Architecture Online conference in 2021. ... Focusing on
data literacy will help organizations empower their employees, giving them the
knowledge and skills necessary to feel confident that they can use data to drive
business decisions. As MIT senior lecturer Miro Kazakoff said in 2021: “In a
world of more data, the companies with more data-literate people are the ones
that are going to win.”
LLMs' AI-Generated Code Remains Wildly Insecure
In the past two years, developers' use of LLMs for code generation has exploded,
with two surveys finding that nearly three-quarters of developers have used AI
code generation for open source projects, and 97% of developers in Brazil,
Germany, and India are using LLMs as well. And when non-developers use LLMs to
generate code without having expertise — so-called "vibe coding" — the danger of
security vulnerabilities surviving into production code dramatically increases.
Companies need to figure out how to secure their code because AI-assisted
development will only become more popular, says Casey Ellis, founder at
Bugcrowd, a provider of crowdsourced security services. ... Veracode created an
analysis pipeline for the most popular LLMs (declining to specify in the report
which ones they tested), evaluating each version to gain data on how their
ability to create code has evolved over time. More than 80 coding tasks were
given to each AI chatbot, and the subsequent code was analyzed. While the
earliest LLMs tested — versions released in the first half of 2023 — produced
code that did not compile, 95% of the updated versions released in the past year
produced code that passed syntax checking. On the other hand, the security of
the code has not improved much at all, with about half of the code generated by
LLMs having a detectable OWASP Top-10 security vulnerability, according to
Veracode.
