Quote for the day:
“Cybersecurity is not about avoiding risk; it’s about managing it.” -- Admiral Mike Rogers
🎧 Listen to this digest on YouTube Music
▶ Play Audio DigestDuration: 23 mins • Perfect for listening on the go.
Why developers are over the cloud
While cloud computing remains massive, software developers are fundamentally
shifting their initial focus away from choosing a specific cloud provider and
instead prioritizing tools that offer the fastest development workflow. In the
past, the "first mile" of building an application usually started with
selecting foundational infrastructure from major vendors like AWS or Azure.
Today, developers increasingly start their projects in AI-assisted coding
environments and utilize streamlined platforms like Vercel, Cloudflare, or
Supabase. These modern developer experience platforms effectively abstract
away complex backend infrastructure, allowing engineering teams to focus
entirely on their core application logic rather than managing servers,
databases, or networking components. However, traditional cloud providers
still dominate the "second mile" of software development—the crucial
transition from a working prototype to enterprise-grade production. This stage
requires robust security, compliance, cost management, and identity controls.
To maintain their relevance, major cloud infrastructure providers must adapt
by integrating directly into modern coding workflows rather than expecting
users to navigate complex cloud consoles. Ultimately, developers are flocking
toward platforms that deliver immediate application outcomes, challenging
legacy cloud giants to make the leap to production feel like a natural,
seamless upgrade rather than a difficult administrative burden.The token economy: The state of AI mid-2026
By mid-2026, the artificial intelligence industry has firmly moved past its
experimental phase and matured into a tangible, large-scale economy. The
primary focus has shifted from software laboratories to expansive physical
infrastructure. Companies are now constructing gigawatt-scale computing
facilities to meet intense processing demands. These sprawling centers require
unprecedented amounts of electricity, making power generation just as critical
to the industry as the technology itself. The underlying currency of this
working economy is the token. Inference platforms are processing tens of
trillions of tokens daily, driven largely by independent software programs
that perform complex tasks like coding and internet research without human
oversight. As software increasingly interacts directly with other software,
the main competitive battleground is no longer just about creating smarter
models, but about systematically lowering the processing cost for each token.
This technological shift is also altering global priorities. Recognizing the
strategic importance of these computing systems, nations are heavily funding
independent AI initiatives. Governments are securing local infrastructure and
building proprietary knowledge bases to ensure they retain direct control over
their hardware, data, and economic resources rather than depending on foreign
tech providers.
The problem with AI model routing
As organizations move away from simply maximizing artificial intelligence
usage, many are adopting a new strategy called model routing. The idea is
quite straightforward: send complex questions to advanced, expensive models
and route simpler, everyday requests to cheaper alternatives. While this
approach seems like a highly practical way to manage rising costs, it carries
significant technical flaws. The fundamental problem is that modern language
models rely heavily on keeping recent data in a ready memory state—such as
remembering recent conversation history and caching details—to operate
efficiently. When organizations route requests across different models from
various providers, they throw away these essential, built-in efficiencies.
Every switch causes a system cold start, forcing the platform to reprocess the
entire context completely from scratch. This wasted effort ultimately raises
the overall cost for everyone involved, effectively negating the expected
financial savings. Consequently, rather than relying on third-party routing
systems that create disjointed workflows, the industry will likely shift
toward built-in routing managed directly by the major providers. By handling
the routing internally, these providers can preserve system efficiency and
lower costs, which will ultimately lead to deeper reliance on a single
ecosystem.
Delegated authentication: A security essential plus strategic data asset
The rapid shift from physical cards to mobile transactions has introduced
significant security and compliance challenges, often resulting in clunky
customer experiences. Older verification methods required shoppers to use
static passwords during checkout, which frequently caused them to abandon
their carts out of frustration. To solve this problem, delegated
authentication allows merchants to verify a customer’s identity—often through
familiar methods like fingerprint or facial recognition—and seamlessly pass
that proof directly to the card issuer. This smoother process reduces purchase
friction while still meeting strict security regulations. Modern payment
systems now treat this authentication data as a practical tool rather than a
simple compliance checklist. By sharing clear transaction context, banks can
safely reduce false card declines and approve more legitimate purchases.
Furthermore, as automated commerce expands and digital assistants begin making
purchases on behalf of users, these systems adapt by establishing pre-approved
spending boundaries. By combining secure data handling with clear customer
permissions, financial institutions can accurately verify both human shoppers
and their automated representatives. Ultimately, this collaborative approach
aligns business operations with firm security standards, ensuring that
everyday payments remain safe and dependably convenient.
Single points of failure fail. The SaaS layer is not an exception
Higher education institutions have heavily consolidated their core operations
into a small number of massive software platforms, turning these systems into
critical single points of failure. Recent major disruptions, including severe
ransomware attacks and extended platform outages during crucial times like
finals week, have highlighted the danger of this dependency. When these
platforms go dark, entire academic operations halt, leaving students and
faculty stranded without access to coursework, rosters, or grades. The risk is
compounded by the fact that the education sector has a history of paying
ransoms, which actively incentivizes further attacks. To address this
vulnerability, information technology leaders must stop treating external
software as an exception to standard disaster recovery practices. Service
level agreements and compliance checklists are not sufficient to keep classes
running during a crisis. Instead, institutions need an independent contingency
plan. Building a secure, independent data repository that regularly
synchronizes information from primary systems ensures that schools maintain
access to vital records during an outage. Just as modern infrastructure
requires redundant network connections and backup power, securing academic
operations demands building reliable workarounds for when primary platforms
inevitably fail.Operational Resilience Starts with Risk-Intelligent Microsegmentation
In a highly connected world, protecting critical infrastructure like manufacturing plants and water treatment facilities has become more challenging. If operational technology systems fail, the entire business halts. Recognizing this threat, ColorTokens has partnered with Claroty to improve security for these vital environments. The collaboration combines Claroty’s ability to deeply monitor and catalog physical and digital assets with ColorTokens’ expertise in controlling how those systems communicate. Because modern cyber threats can spread rapidly, simply detecting an intrusion is no longer enough. Organizations must prevent attackers from moving freely across their networks. This approach uses risk-aware network separation to block harmful activity without interrupting essential business functions. By integrating with existing monitoring and defense tools, the joint solution allows security teams to identify vulnerabilities and apply protective rules without installing complex software on older machinery. Ultimately, it is impossible to prevent every attack. However, by understanding which systems carry the most risk and limiting their exposure, companies can ensure that a minor breach does not become a major crisis. This strategy focuses on practical readiness, giving organizations the reliable control they need to maintain continuous operations and safeguard both production and human safety.Zebra CIO warns of 'AI bloat' risk in enterprise adoption push
As companies rush to adopt artificial intelligence, they risk creating "AI
bloat" by deploying tools without a solid strategy, warns Matt Ausman, Chief
Information Officer at Zebra Technologies. Much like the software subscription
bloat of the past, disorganized AI integration leads to over-engineering,
clutter, and inefficiency. The core issue is that corporate ambition is
currently outpacing workforce readiness. Deep, effective AI adoption is a
multi-year effort where change management and employee training often lag far
behind the initial technology rollout. To prevent this scattered approach,
Ausman outlines a structured five-step blueprint for success. Organizations
should establish cross-functional governance, appoint a dedicated executive to
lead the transformation, clearly define their strategy, heavily invest in
training for all staff, and launch a comprehensive change management program
with steady feedback loops. Zebra itself is modeling this disciplined approach
by focusing on standard, widely deployed tools rather than chasing every new
release. The company actively uses AI to assist frontline workers, automating
routine tasks like pallet scanning while keeping a close eye on employee
well-being to prevent burnout. Ultimately, success requires technical leaders
to shift from simply managing systems to actively championing thoughtful,
strategic business transformation.Spite-Driven Engineering: A New Blueprint for Cloud Security in the AI Native Era
In a recent InfoQ podcast, Alex Zenla discusses a fresh approach to securing
cloud infrastructure, built around the concept of "spite-driven development."
This philosophy encourages engineers to tackle fundamental technical
frustrations head-on rather than simply layering quick fixes over deeply
flawed systems. Zenla points out that much of our current infrastructure
relies on fragile foundations, particularly highlighting how shared memory in
standard operating system cores fails to provide true security when running
multiple applications side-by-side. Instead of accepting these risks, teams
need stronger separation methods for their workloads. The conversation also
explores the practical realities of using artificial intelligence in
development. While AI tools are helpful for building early prototypes, blindly
trusting them can introduce dangerous technical debt. Developers still need a
deep understanding of the underlying systems to fix issues when things
inevitably break. Furthermore, forcing standard graphics processors to handle
secure AI tasks is both inefficient and risky, pointing to a need for more
specialized hardware. Ultimately, Zenla argues that engineers should stop
viewing security and regulation as simple compliance checklists. By taking
ownership and building resilient architecture from the ground up, companies
can turn strong security into a genuine competitive advantage.
IPv6-only vs IPv6-mostly: Appropriate use cases
As organizations transition their network infrastructures, the terms
"IPv6-only" and "IPv6-mostly" are frequently confused, despite serving
different environments. Properly defining the scope of these concepts is
essential to prevent scalability issues. Describing a full network as
"IPv6-only" is rarely accurate today, since many applications still need IPv4
connectivity. Instead, it is more precise to refer to an "IPv6-only access
network" paired with an IPv4 transition mechanism. This approach works well
for unmanaged environments like mobile and residential networks, allowing the
wide area network to operate on IPv6 while maintaining dual-protocol
functionality for users. In contrast, the "IPv6-mostly" model was explicitly
designed for managed corporate networks. It allows devices to signal they do
not need an IPv4 address, reducing reliance on older infrastructure without
requiring dedicated network segments. However, applying this approach to
residential networks introduces severe communication barriers. Devices would
be completely unable to interact with local legacy hardware, such as printers
or cameras, without manual configurations. Choosing the appropriate deployment
model based on your specific network context is fundamentally critical to
ensuring a smooth and functional transition.6 new rules of IT leadership - and what they replace
The role of the CIO is undergoing a significant transformation, largely driven
by the impact of artificial intelligence on the modern business landscape.
Rather than merely taking direction from the CEO, today's IT leaders are
expected to collaborate directly with top executives to define the company's
future vision and architect a completely new, AI-driven organization. This
means embracing uncertainty and creating a culture where employees feel safe
enough to learn from failure, replacing the outdated "fail fast" mentality
with a focus on sustainable growth and psychological safety. Furthermore, IT
chiefs can no longer rely solely on business counterparts for operational
insights; they must possess a panoramic understanding of all business
operations, much like a COO. The financial demands on CIOs have also
intensified, requiring them to act more like CFOs by rigorously calculating
the total cost of ownership and return on investment for cloud and AI
initiatives. Finally, modern IT leadership requires abandoning a
one-size-fits-all management style in favor of adapting to the diverse,
global, and often remote needs of individual team members, ensuring that
everyone can thrive in a rapidly changing environment.