Quote for the day:
“Identify your problems but give your power and energy to solutions.” -- Tony Robbins
AI Agents: Elevating Cyber Threat Intelligence to Autonomous Response
Embedded across the security stack, AI agents can ingest vast volumes of
threat data, triage alerts, correlate intelligence, and distribute insights in
real time. For instance, agents can automate threat triage by filtering out
false positives and flagging high-priority threats based on severity and
relevance, thereby refining threat intelligence. They also enrich threat
intelligence by cross-referencing multiple data sources to add meaningful
context and track Indicators of Behavior (IoBs) that might otherwise go
unnoticed. ... A major challenge for security teams is the inherent complexity
they face. Often, the issue isn’t a lack of data or tools, but rather a lack
of understanding the relevancy, coordination, collaboration and contextual
actioning. Threat intelligence is frequently fragmented across systems, teams,
and workflows, creating blind spots, unknowns and delays that attackers can
exploit. ... As enterprises evolve, they can transform from leveraging one
model to another. Both approaches have value, but striking the right balance
between integrating smarter tools and securing cyber threat intelligence
depends on clearly defining responsibilities. For most, a hybrid model will be
the best fit, allowing AI agents to scale routine tasks while keeping humans
in control of complex, high-stakes decisions within the framework of smarter
cyber threat intelligence. The Future Of Leadership Is Human: Why Empathy Outweighs Authority
When employees feel understood and valued, their brains operate in a state
conducive to creativity and problem-solving. Conversely, when they perceive
threat or indifference from leadership, their cognitive resources shift to
self-preservation, limiting their capacity for innovation and collaboration.
... Developing empathetic leadership requires intentional systems and cultural
changes. At our company, we've implemented several practices that have
transformed our leadership culture, drawing inspiration from organizations
that are leading this shift. ... Skeptics often question whether empathetic
leadership can coexist with aggressive business goals and competitive markets,
but evidence suggests the opposite. Empathetic leadership enables more
aggressive goals because it unlocks human potential in ways that authority
alone cannot. When people feel genuinely valued and understood, they
contribute discretionary effort, share innovative ideas and advocate for the
organization in ways that drive measurable business results. ... These results
didn't happen overnight; they required genuine commitment to changing how we
interact with our team members daily. I've personally shifted from viewing my
role as "providing answers" to "asking better questions." Instead of dictating
solutions in meetings, I now spend more time understanding the challenges my
team faces and creating space for them to develop solutions. Why password controls still matter in cybersecurity
Despite all the advanced authentication technologies, passwords continue to be
the primary way attackers move through corporate networks. That makes it more
important than ever to ensure your organization employs robust password
controls. Today's IT environments are a tangled web of systems that defy simple
security solutions. On-premises servers, cloud platforms, and remote work setups
each add another layer of complexity to password management. ... Legacy accounts
are like forgotten spare keys hidden under old doormats, just waiting for
someone to find them. Windows Active Directory domains, standalone systems, and
specialized application accounts have become the digital equivalent of unlocked
side doors that nobody remembers to check. These forgotten entry points are a
hacker's dream, offering easy access to networks that think they're buttoned up
tight. ... Risk-based authentication takes this a step further, dynamically
assessing each password change request based on context like device, location,
and user behavior. It's like having a digital bouncer that knows exactly who
should and shouldn't get past the velvet rope. ... Passwords aren't going
anywhere. They remain the fallback for even the most advanced authentication
methods. By implementing intelligent, dynamic password controls, your
organization can turn them from a constant security challenge into a resilient
defense mechanism.
What most companies get wrong about AI—and how to fix it, explains Ahead’s CPO
Despite the hype, Supancich is realistic about where most companies stand in their AI journey. Many, she says, know they need to "do something" with AI but lack clarity on what that should be. For Supancich, the priority is mapping processes, identifying the best use cases, and going deep in targeted areas to build real capability, rather than spreading efforts too thin. At Ahead, this means investing in both internal transformation and external consulting capabilities. The company has made AI training mandatory for all employees, equipping them with practical skills and demystifying the technology. The response, she reports, has been overwhelmingly positive, with employees discovering new ways to enhance their work and add value. Supancich is also alert to the data and privacy implications of AI, working closely with the CIO to ensure that the organisation’s approach is both innovative and secure. ... Throughout the conversation, one theme recurs: the centrality of leadership in navigating the future of work. Supancich sees the CPO as both guardian and architect of culture, a strategic partner who must be deeply involved in every aspect of the business. The future belongs to those who can blend technical fluency with emotional intelligence, strategic acumen with a passion for people.Bake Ruthless Compliance Into CI/CD Without Slowing Releases
Compliance breaks when we glue it onto the end of a release, or when it’s
someone’s “side job” to assemble evidence after the fact. The fix is to treat
controls as non-functional requirements with acceptance criteria, put those
criteria into policy-as-code, and make pipelines refuse to ship when the
criteria aren’t met. A second source of breakage is ambiguity about shared
responsibility. We push to managed services, assume the provider “has it,” and
then discover that logging, encryption, or key rotation was our part of the
dance. Map what belongs to us versus the platform, and turn that into explicit
checks. The third killer is evidence debt. If we can’t answer “who approved
what, when, with what config and tests” in under five minutes, the debt
collectors will arrive during audit season. ... Compliance isn’t a meeting; it’s
a pipeline step. Our CI/CD pipelines generate the evidence we need while doing
the work we already do: building, testing, signing, scanning, and shipping. We
don’t rely on optional post-build scanners or a “security stage” we can skip
under pressure. Instead, we make the happy path compliant by default and fail
fast when something’s off. That means SBOMs built with every image,
vulnerability scanning with defined SLAs, provenance signed and attached to
artifacts, and deployment gates that verify attestations.
Inside AstraZeneca’s AI Strategy: CDO Brian Dummann on Innovation, Governance and Speed
“One of our core values as a company is innovation. Our business is wired to be curious — to push the boundaries of science. And to be pioneers in science, we’ve got to be pioneers in technology.” That curiosity has created a healthy tension between demand and delivery. “I’ve got a company full of employees outside of the IT organization who are thirsty to get their hands on data and AI tools,” he says. “It’s a blessing and a challenge. They want new models, new platforms, and they want them now. It’s never fast enough.” ... Empowering employees to innovate is one thing; enabling them to do it safely and quickly is another. That’s where AstraZeneca’s AI Accelerator comes in — a cross-functional initiative designed to shorten the time between idea and implementation. “The ultimate goal is to accelerate how we can experiment with AI and use it to innovate across all areas of our business,” he says. “We’ve built an AI Accelerator whose sole purpose is to work through how to accelerate the introduction of new technologies or quickly review use cases.” Legacy processes, once measured in weeks or months, now need to operate in hours or days. The AI Accelerator brings together technology, legal, compliance, and governance teams to streamline assessments and approvals. ... “We’re now putting a lot more decision-making in the hands of our employees and empowering them,” he says. “With great power comes greater responsibility.”8 ways to help your teams build lasting responsible AI
"For tech leaders and managers, making sure AI is responsible starts with how
it's built," Rohan Sen, principal for cyber, data, and tech risk with PwC US and
co-author of the survey report, told ZDNET. "To build trust and scale AI safely,
focus on embedding responsible AI into every stage of the AI development
lifecycle, and involve key functions like cyber, data governance, privacy, and
regulatory compliance," said Sen. "Embed governance early and continuously. ...
"Start with a value statement around ethical use," said Logan. "From here,
prioritize periodic audits and consider a steering committee that spans privacy,
security, legal, IT, and procurement. Ongoing transparency and open
communication are paramount so users know what's approved, what's pending, and
what's prohibited. Additionally, investing in training can help reinforce
compliance and ethical usage." ... "A new AI capability will be so exciting that
projects will charge ahead to use it in production. The result is often a
spectacular demo. Then things break when real users start to rely on it. Maybe
there's the wrong kind of transparency gap. Maybe it's not clear who's
accountable if you return something illegal. Take extra time for a risk map or
check model explainability. The business loss from missing the initial deadline
is nothing compared to correcting a broken rollout."
Rising Identity Crime Losses Take a Growing Emotional Toll
What is changing now is how easily attackers can operationalize personal information data, observed Henrique Teixeira, a senior vice president for strategy at Saviynt, an identity governance and access management company in El Segundo, Calif. “In a recent attack I personally experienced, a criminal logged into one of my accounts using stolen credentials and then launched a subscription bombing campaign, flooding my inbox with hundreds of fake mailing list signups to bury legitimate fraud alerts,” he told TechNewsWorld. ... Kevin Lee, senior vice president for trust and safety at Sift, a fraud-prevention company for digital businesses, in San Francisco, called the suicide numbers “stark and concerning.” “Part of what’s driving this is probably the sheer magnitude of the losses,” he told TechNewsWorld. “When people are losing $100,000 or even $1 million due to identity theft, they’re losing years of savings they’ve built up. The financial devastation is compounded by feelings of shame and embarrassment, which keep people from seeking help.” There’s also the repeat victimization factor, he added. “When someone gets hit once and then targeted again, it creates this sense of helplessness,” he explained. “They feel like they can’t protect themselves, and that vulnerability is deeply traumatic.” “The report shows that victims who reach out to the ITRC have lower rates of suicidal thoughts, which tells us that having support and resources makes a real difference,” he said.The Learning Gap in Generative AI Deployment
The learning gap is best understood as the space between what organisations
experiment with and what they are able to deploy and scale effectively. It is an
organisational phenomenon, as much about culture, governance, and leadership as
about technology. ... Beyond training, the learning gap is perpetuated by
structural and organisational barriers. One critical factor is the absence of
effective feedback mechanisms. Generative AI tools are most valuable when they
evolve in response to human inputs, errors, and changing contexts. Without
monitoring systems and structured feedback loops, AI deployments remain static,
brittle, and context-blind. Organisations that do not track performance, error
rates, or user corrections fail to create a continuous learning cycle, leaving
both humans and machines in a state of stagnation. ... Closing the learning gap
requires a shift in focus from technology to organisation. Pilots must be
anchored in real business problems, with measurable objectives that align with
workflow needs. Incremental, context-sensitive deployment allows organisations
to refine AI applications in situ, providing both employees and AI systems the
feedback necessary to improve over time. Small-scale success builds confidence,
generates data for iteration, and lays the groundwork for broader adoption.
Equally important is the creation of structured learning opportunities within
operational contexts.
/articles/generative-testing/en/smallimage/generative-testing-thumbnail-1761644839641.jpg)
