Quote for the day:
“Become the kind of leader that people would follow voluntarily, even if you had no title or position.” -- Brian Tracy
Critical Thinking In The Age Of AI-Generated Code
Besides understanding our code, code reviewing AI-generated code is an
invaluable skill nowadays. Tools like GitHub's Copilot and DeepCode can
code-review better than a junior software developer. Depending on the
complexity of the codebase, they can save us time in code reviewing and
pinpoint cases that we may have missed, but, after all, they are not flawless.
We still need to verify that the AI assistant's code review did not provide
any false positives or false negatives. We need to verify that the code review
did not miss anything important and that the AI assistant got the context
correctly. The hybrid approach seems to be the most effective one: let AI
handle the grunt work and rely on developers for the critical analysis. ...
After all, code reviewing AI-generated code is an excellent opportunity to
educate ourselves while improving our code-reviewing skills. Keep in mind
that, to date, AI-generated code optimizes for patterns in its training data.
This may not be aligned with coding first principles. AI-generated code may
follow templated solutions rather than custom designs. It may include
unnecessary defensive code or overly generic implementations. We need to check
that it has chosen the most appropriate solution for each code block
generated. Another common problem is that LLMs may hallucinate.
DeepCoder: Revolutionizing Software Development with Open-Source AI
One of the DeepCoder project’s most significant contributions is the
introduction of verl-pipeline, an optimized extension of the very open-source
RLHF library. The team identified sampling, the generation of long token
sequences as the primary bottleneck in training and developed “one-off
pipelining” to address this challenge. This technique overlaps sampling,
reward calculation and training, reducing end-to-end training times by up to
2.5x. This optimization is game-changing for coding tasks requiring thousands
of unit tests per reinforcement learning iteration, making previously
prohibitive training runs accessible to smaller research teams and independent
developers. For DevOps professionals, DeepCoder represents an opportunity to
integrate advanced code generation directly into CI/CD pipelines without
dependency on API-gated services. Teams can fine-tune the model on their
codebase, creating customized assistants that understand their specific
architecture and coding patterns. ... DeepCoder’s open-source nature aligns
with the DevOps collaboration and shared improvement philosophy. As more
organizations adopt and contribute to the model, we can expect to see
specialized versions emerge for different programming languages and problem
domains.
Transforming Software Development
AI assistants are getting smarter, moving beyond prompt-based interactions to
anticipate developers’ needs and proactively offer suggestions. This evolution
is driven by the rise of AI agents, which can independently execute tasks,
learn from their experiences and even collaborate with other agents. Next
year, these agents will serve as a central hub for code assistance,
streamlining the entire software development lifecycle. AI agents will
autonomously write unit tests, refactor code for efficiency and even suggest
architectural improvements. Developers’ roles will need to evolve
alongside these advancements. AI will not replace them. Far from it; proactive
AI assistants and their underlying agents will help developers build new
skills and free up their time to focus on higher-value, more strategic tasks.
... AI models are more powerful when trained on internal company data, which
allows them to generate insights specific to an organization’s unique
operations and objectives. However, this often requires running models on
premises for security and compliance reasons. With open source models rapidly
closing the performance gap with commercial offerings, more businesses will
deploy models on premises in 2025. This will allow organizations to fine-tune
models with their own data and deploy AI applications at a fraction of the
cost.
Cybercriminal groups embrace corporate structures to scale, sustain operations
We have seen cross collaboration between groups that specialize in specific
activities. For example, one group specializes in social engineering, while
another focuses on scaling malware and botnets to uncover open servers that
yield database breaches. They, in turn, can sell access to those who focus on
ransomware attacks. Recently, we have seen collaboration between AL/ML
developers who scrape public records to build Org Charts, as well as lists of
real estate holdings. This data is then used en masse with situational and
location data to populate PDF attachments in emails that look like real
invoices, with executives’ names in fake prior email responses, as part of the
thread. ... the recent development in hackers organizing into larger groups
has allowed the stakes to get even higher. Look at the Lazarus Group, who
pulled off one of the largest heists ever by targeting Bybit and stealing $1.5
billion in Ethereum, as well as subsequently converting $300 million in
unrecoverable funds. This group is likely state-sponsored and funding North
Korean military programs. Therefore, understanding North Korean national
interests will hint at future targets. The increasing scale of their attacks
likely reflects greater resources allocated by North Korea, more sophisticated
tooling and capabilities, lessons learned from previous operations, and a
growing number of personnel trained in cyber operations.
Agentic AI might soon get into cryptocurrency trading — what could possibly go wrong?
Not everyone is bullish on the intersection of Web3, agentic AI and
blockchain. Forrester Research vice president and principal analyst Martha
Bennett is among those who are skeptical. In 2023, she co-authored an online
post critical of Worldcoin, now the World project, and her opinion hasn’t
changed in several regards. World project still faces major challenges,
including privacy issues and concerns about its iris biometric technology, she
said. And Agentic AI is still in its early stages and not yet capable of
supporting Web3 transactions. Most current generative AI (genAI) tools,
including LLMs, lack the autonomy defined as “agentic AI.” “There’s no AI
technology today that would be able automate Web3 transactions in a reliable
and secure manner,” she said. Given the risks and the potential for
exploitation, it’s too soon to rely on AI systems with high autonomy for Web3
transactions. She did note, however, that Web3 already uses automation through
smart contracts — self-executing electronic contracts with the terms of the
agreement directly written into code. “Will Web3 go mainstream in 2025?
My overall answer is no, but there are nuances,” she said. “If mainstream
means mass consumer adoption, it’s a definite no. There’s simply not enough
utility there for consumers.” Web3, Bennett said, is largely a self-contained
financial ecosystem, and efforts to boost adoption through Decentralized
Physical Infrastructure Networks (DePIN), such as Tools for Humanity’s,
haven’t led to major breakthroughs.
Artificial Intelligence fuels rise of hard-to-detect bots
“The surge in AI-driven bot creation has serious implications for businesses
worldwide,” said Tim Chang, General Manager of Application Security at Thales.
“As automated traffic accounts for more than half of all web activity,
organisations face heightened risks from bad bots, which are becoming more
prolific every day.” ... “This year’s report sheds light on the evolving
tactics and techniques utilised by bot attackers. What were once deemed
advanced evasion methods have now become standard practice for many malicious
bots,” Chang said. “In this rapidly changing environment, businesses must
evolve their strategies. It’s crucial to adopt an adaptive and proactive
approach, leveraging sophisticated bot detection tools and comprehensive
cybersecurity management solutions to build a resilient defense against the
ever-shifting landscape of bot-related threats.” ... Analysis in the report
reveals a deliberate strategy by cyber attackers to exploit API endpoints that
manage sensitive and high-value data. Implications of this trend are
especially impactful for industries that rely on APIs for their critical
operations and transactions. Financial services, healthcare, and e-commerce
sectors are bearing the brunt of these sophisticated bot attacks, making them
prime targets for malicious actors seeking to breach sensitive information.
Humans at the helm of an AI-driven grid
A growing number of utilities are turning to AI-based tools to process vast data
streams and streamline tasks once managed by manual calculation. For instance,
algorithms can analyse weather patterns, historical consumption, and real-time
sensor readings to make more accurate power demand and renewable energy
generation forecasts. This supports more efficient balancing of supply and
demand, reducing the likelihood of overloaded transformers or unexpected
brownouts. Some utilities are also exploring AI-driven alarm management, which
can filter the flood of alerts triggered by a network issue. Instead of
operators sifting through hundreds of notifications, AI tools can be used to
identify and highlight the most critical issues in real time. Another AI
application is with congestion management, detecting trouble spots on the grid
where demand might exceed capacity and even propose rerouting strategies to keep
electricity flowing reliably. While still in their early stages, AI tools hold
promise for driving operational efficiency in many daily scenarios. ... Even the
smartest algorithm, however, lacks the broader perspective and accountability
that people bring to grid management. Power and Utility companies are tasked
with a public service mandate: they must ensure safety, affordability, and
equitable access to electricity.
CISO Conversations: Maarten Van Horenbeeck, SVP & CSO at Adobe
The digital divide is simple to understand but complex to solve. Fundamentally,
it separates those who have access to cyber and cyber knowledge from those who
do not. There are areas of the world and socio-economic groups or demographics
who have little or very limited access to the internet, and consequently very
little awareness of cybersecurity. But cyber and cyber threats are worldwide;
and technology is increasingly integrated and interconnected globally. “Cyber
issues emanating from the digital divide don’t just play out far away from our
homes – they play out very close to our homes as well,” warns Van Horenbeeck.
“There’s a huge divide between people who know, for example, not to reuse
passwords, to use multi factor authentication, and those individuals that have
none of that experience at all.” In effect the digital divide creates a largely
invisible and unseen threat surface for the long-connected world. He believes
that technology companies can play a part in solving this problem by making
cybersecurity features easy to understand and use. and cites two examples of the
Adobe approach. “We invested, for example, in support for passkeys because we
feel it’s a more effective and easier method of authentication that is also more
secure.”
How AI, Robotics and Automation Transform Supply Chains
Enterprises designing robots to augment the human workforce need to take design
thinking and ergonomic approaches into consideration. Designers must think about
how robots comprehend and understand their physical surroundings without
tripping over cables or objects on the floor, obstructing movement or causing
human injuries. These robots are created with the aim to collaborate with humans
for repetitive tasks and lift heavy loads. Last year, OT.today featured stories
on how humanoid robots augmented the human workforce at Amazon, Mercedes, NASA
and the Piaggio Group. In 2017, Alibaba invested in AI labs and the DAMO
Academy. At its flagship Computing Conference in 2018, held in Hangzhou, China,
Alibaba showcased a range of robots designed for warehouses, autonomous
deliveries and other sectors, including hospitality and pharmaceuticals. More
recently, Alibaba invested in LimX Dynamics, a company specializing in humanoid
and robotic technology. Japanese automobile manufacturers have been using
industrial robots since the early 1980s. Chip manufacturing companies in Taiwan
and other countries also use them. Robots assist in surgeries in the healthcare
sector. But none of those early manufacturing robots resembled humanoids or even
had advanced AI seen in today's robots.
CIOs are overspending on the cloud — but still think it’s worth it
CIOs should also embrace DevOps practices tied to cost reduction when consuming
cloud resources, Sellers says. One pitfall that doesn’t get enough attention:
Many organizations don’t educate developers on the cost of cloud services,
despite the glut of developer services large cloud providers make trivial to
call. “I’ve lost track of how many services Amazon provides that developers can
just use, and some of those can be quite expensive, but a developer doesn’t
really know that,” Sellers says. “They’re like, ‘Instead of writing my own
solution to this, I can just call this service that Amazon already provides, and
boom, my job is done.’” The disconnect between developers and financial factors
in the cloud is a real problem that leads to increased cloud costs, adds Nick
Durkin, field CTO at Harness, provider of an AI-driven software development
platform. Without knowing the costs of accessing a cloud-based GPU or CPU, for
example, a developer is like a home builder who doesn’t know the cost of wood or
brick, Durkin says. “If you’re not giving your smartest engineers access to the
information about services that they can optimize on, how would you expect them
to do it?” he says. “Then, finance comes back a month later with a beating
stick.”
