Quote for the day:
“If your ship doesn’t come in, swim out to meet it!” -- Jonathan Winters
Delivering resilience and continuity for AI
Think of it as technical debt, suggests IDC group VP Daniel Saroff as most
enterprises underestimate the strain AI puts on connectivity and compute.
Siloed infrastructure won’t deliver what AI needs and CIOs need to think about
these and other things in a more integrated way to make AI successful. “You
have to look at your GPU infrastructure, bandwidth, network availability, and
connectivity between respective applications,” he says. “If you have
environments not set up for highly transactional, GPU-intensive environments,
you’re going to have a problem,” Saroff warns. “And having very fragmented
infrastructure means you need to pull data and integrate multiple different
systems, especially when you start to look at agentic AI.” ... Making AI scale
will almost certainly mean taking a hard look at your data architecture. Every
database adds features for AI. And lakehouses promise you can bring
operational data and analytics together without affecting the SLAs of
production workloads. Or you can go further with data platforms like Azure
Fabric that bring in streaming and time series data to use for AI
applications. If you’ve already tried different approaches, you likely need to
rearchitect your data layer to get away from the operational sprawl of
fragmented microservices, where every data hand-off between separate vector
stores, graph databases, and document silos introduces latency and governance
gaps. Too many points of failure make it hard to deliver high availability
guarantees.Technological Disruption: Strategic Inflection Points From 2026 - 2036
From a defensive standpoint, AI-driven security solutions will provide
continuous surveillance, automated remediation, and predictive threat modeling
at a scale unattainable by human analysts. Simultaneously, attackers will
utilize AI to create polymorphic malware, execute influence operations, and
exploit holes at machine speed. The outcome will be an environment where cyber
war progresses more rapidly than conventional command-and-control systems can
regulate. As we approach 2036, the primary concern will be AI governance
rather than AI capacity. ... From 2026 to 2030, enterprises will increasingly
recognize that cryptographic agility is vital. The move to post-quantum
cryptography standards means that old systems, especially those in critical
infrastructure, financial services, and government networks, need to be fully
inventoried, evaluated, and upgraded. By the early 2030s, quantum innovation
will transcend cryptography, impacting optimization, materials science,
logistics, and national security applications. ... In the forthcoming decade,
supply chain security will transition from compliance-based evaluations to
ongoing risk intelligence. Transparency methods, including software bills of
materials, hardware traceability, and real-time vendor risk assessment, will
evolve into standard expectations rather than just best practices. Supply
chain resilience will strategically impact national competitiveness.
True agentic AI is years away - here's why and how we get there
We're not there yet. We're not even close. Today's bots are limited to chat
interactions and often fail outside that narrow operating context. For
example, what Microsoft calls an "agent" in the Microsoft 365 productivity
suite, probably the best-known instance of an agent, is simply a way to
automatically generate a Word document. Market data shows that agents haven't
taken off. ... Simple automations can certainly bring about benefits, such as
assisting a call center operator or rapidly handling numerous invoices.
However, a growing body of scholarly and technical reports has highlighted the
limitations of today's agents, which have failed to advance beyond these basic
automations. ... Before agents can live up to the "fully autonomous code" hype
of Microsoft and others, they must overcome two primary technological
shortcomings. Ongoing research across the industry is focused on these two
challenges: Developing a reinforcement learning approach to designing agents;
and Re-engineering AI's use of memory -- not just memory chips such as
DRAM, but the whole phenomenon of storing and retrieving information.
Reinforcement learning, which has been around for decades, has demonstrated
striking results in enabling AI to carry out tasks over a very long time
horizon. ... On the horizon looms a significant shift in reinforcement
learning itself, which could be a boon or further complicate matters. Can AI
do a better job of designing reinforcement learning than humans?Why Developer Experience Matters More Than Ever in Banking
Effective AI assistance, in fact, meets developers where they are—or where
they work. Some prefer a command-line interface, others live inside an IDE,
and still others rely heavily on sample code and language-specific SDKs. A
strong DX strategy supports all of these modes, using AI to surface accurate,
context-aware guidance without forcing developers into a single workflow. When
AI reinforces clarity, it becomes a force multiplier. ... As AI-assisted
development becomes more common, the quality of documentation takes on new
importance. Because it is no longer read only by humans, documentation
increasingly serves as the knowledge base that enables AI agents that help
developers search, generate, and validate code. When documentation is vague or
poorly structured, it introduces confusion, often in ways that actively
undermine developer confidence. ... In highly regulated environments,
developers want, and expect, guardrails—but not at the expense of speed and
consistency. One of the most effective ways to balance those demands is by
codifying business rules and compliance requirements directly into the
platform, rather than relying on manual, human-driven review at key
milestones. Talluri describes this approach as “policy as code”: embedding
rules, validations, and regional requirements into the system so developers
receive immediate, actionable prompts and feedback as they work. ... The
business case for exceptional developer experience rests on a simple truth:
trust drives productivity.AI-powered testing for strategic leadership
Nearly
half
of teams still release untested code due to time pressure, creating fragile
systems and widening risk exposure. Legacy architectures further compound this,
making modernisation difficult and slowing down automated validation,” he said.
AI-generated code also introduces new vulnerabilities. Without strong validation
pipelines, testing quickly becomes the bottleneck of transformation. Developers
often view testing as tedious, and with modern codebases spanning multiple
interconnected applications, the challenge intensifies. At the same time,
misalignment between leadership and engineering teams leads to unclear
priorities and rushed decisions. While the pace of development already feels
fast, it is only set to accelerate. To overcome barriers, CIOs can adopt
model-based, codeless AI testing that reduces dependence on fragile code-level
automation and cuts ongoing maintenance. This approach can reduce manual effort
by 80%–90% and enables non-technical experts to participate through
natural-language and visual test generation. For Wong, strong governance is
vital. This entails domain-trained, testing-specific AI that avoids
hallucinations and supports safe, transparent validation. Instead of becoming
autonomous, AI can act as a co-pilot working alongside developers. “By aligning
teams, modernising toolchains, and embedding guardrails, CIOs can shift from
reactive firefighting to proactive, AI-driven quality engineering,” he said.
The Architect’s Dilemma: Choose a Proven Path or Pave Your Own Way?
/articles/architects-dilemma/en/smallimage/architect-dillema-choose-path-or-pave-your-own-way-thumb-1767021546327.jpg)
Platforms and frameworks are like paved roads that may help a team progress
faster on their journey, with well-defined "exit ramps" or extension points
where a team can extend the platform to meet their needs, but they come with
side-effects that may make them undesirable. Teams need to decide when, if ever,
they need to leave the path others have paved and find their own way by
developing extensions to the platform or framework, or by developing new
platforms or frameworks. The challenge teams face when they use platforms or
frameworks as the basis for their software architectures is to choose the "paved
road" (platform or framework) that gets them closest to their desired
destination with minimal diversions or new construction. ... Many platform
decisions are innocuous and can be accepted and ignored when they don’t affect
the QARs that the team needs to meet. The only way to know whether the decisions
are harmful is through experiments that expose when the platform is failing to
meet the goals of the system. Since the decisions made by the platform
developers are often undocumented and/or unknowable, it’s imperative that teams
be able to test their system (including the platforms on which they are built)
to make sure that their architectural goals (i.e. QARs) are being met. ... Using
the "paved road" metaphor, the LLM provides a proven path but it does not take
the team where they need to go. When this happens, they have no choice but to
either start extending the platform (if they can), finding a different platform,
or building their own platform.Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025
By compromising a single target with a large number of downstream users—say a
cloud service or maintainers or developers of widely used open source or
proprietary software—attackers can infect potentially millions of the target’s
downstream users. ... Another significant security story cast both Meta and
Yandex as the villains. Both companies were caught exploiting an Android
weakness that allowed them to de-anonymize visitors so years of their browsing
histories could be tracked. The covert tracking—implemented in the Meta Pixel
and Yandex Metrica trackers—allowed Meta and Yandex to bypass core security and
privacy protections provided by both the Android operating system and browsers
that run on it. ... The outage with the biggest impact came in October, when a
single point of failure inside Amazon’s sprawling network took out vital
services worldwide. It lasted 15 hours and 32 minutes. The root cause that
kicked off a chain of events was a software bug in the software that monitors
the stability of load balances by, among other things, periodically creating new
DNS configurations for endpoints within the Amazon Web Services network. A race
condition—a type of bug that makes a process dependent on the timing or sequence
of events that are variable and outside the developers’ control—caused a key
component inside the network to experience “unusually high delays needing to
retry its update on several of the DNS endpoint,” Amazon said in a post-mortem.
The Evolving Cybersecurity Challenge for Critical Infrastructure
Convergence between OT, IT and the cloud is providing cybercriminal groups with the opportunity to target critical infrastructure. Operators, and regulators, are wrestling with new technology and new manufacturers, outside the traditional OT/ICS supply chain. “With the geopolitical tensions and the way that the world will look in maybe a few years, they're starting to scratch their heads and think, ‘okay, is it secure? Is it safe? How was it developed? Is there any remote access? How is it being configured?’ There are things that are being done now, that will have an effect in a few years’ time,” cautioned Daniel dos Santos, head of security research at Forescout's Vedere Labs. Given the lifespans of operational technology, installing insecure equipment now can have long-term consequences. Meanwhile, CISOs face dealing with older hardware that was not designed for modern threats. Even where vendors release patches, CNI operators do not always apply them, either because of concerns about business interruption, or a lack of visibility. ... Threats to CNI are not likely to abate in 2026. Legislators are putting more emphasis on cyber resilience and directives, such as the EU’s Cyber Resilience Act, will improve the security of connected devices. But these upgrades take time. “Threats from criminal groups continue to grow exponentially,” said Phil Tonkin, CTO at OT security specialists Dragos.The changing role of the MSP: What does this mean for security?
MSPs hold a unique position within the IT ecosystem, as they are often
responsible for managing and supporting the IT infrastructures, cloud services,
and cybersecurity of many different organizations. These trusted partners often
have privileged access to the inner workings of the organizations they support,
including access to the critical systems, sensitive information, and
intellectual property of their clients. ... Research shows that over half of MSP
leaders globally believe that their customers are at more risk today than this
time last year when it comes to cyber threats, with AI-based attack vectors,
ransomware/malware, and insider threats the most commonly faced threats. As a
result of this uptick in threats, more organizations than ever are leaning on
MSPs for cyber support. In fact, in 2025, 84% of MSPs managed either their
clients’ cyber infrastructure or their cyber and IT estates combined. This
increased significantly, from 64% the previous year. What this shows is that
SMEs are realising that they cannot handle cybersecurity alone, turning to MSPs
for additional help. Cybersecurity is no longer an optional extra or add-on;
it’s becoming a core, expected service for MSPs. MSP leaders are transitioning
from general IT support to becoming essential cybersecurity guardians. ... MSPs
that adapt by investing in specialized cybersecurity expertise, advanced
technologies, and a proactive security posture will thrive, becoming
indispensable partners to businesses navigating the complex world of cyber
risk. 
/filters:no_upscale()/articles/agentic-ai-architecture-framework/en/resources/96figure-2-1752043185139.jpg)
