Quote for the day:
"Success is the progressive realization of predetermined, worthwhile, personal goals." -- Paul J. Meyer
To counter AI cheating, companies bring back in-person job interviews
Google, Cisco and McKinsey & Co. have all re-instituted in-person
interviews for some job candidates over the past year. “Remote work and
advancements in AI have made it easier than ever for fake candidates to
infiltrate the hiring process,” said Scott McGuckin, vice president of global
talent acquisition at Cisco. “Identifying these threats is our priority, which
is why we are adapting our hiring process to include increased verification
steps and enhanced background checks that may involve an in-person component.
... AI has proven benefits for both job seekers and hiring
managers/recruiters. Its use in the job search process grew 6.4% over the past
year, while use in core tasks surged even higher, according to online
employment marketplace ZipRecruiter. The share of job seekers using AI to
draft and refine resumes jumped 39% over last year, while AI-assisted cover
letter writing climbed 41%, and AI-based interview prep rose 44%, according to
the firm. ... HR and hiring managers should insist on well-lit video
interviews, watch for delays or mismatches, ask follow-up questions to spot AI
use and verify resume details with background checks and geolocation data.
“Some assessment or interview platforms can look at geolocation data, use this
to ensure consistency with the resume and application,” Chiba said. How procedural memory can cut the cost and complexity of AI agents
Memories are built from an agent’s past experiences, or “trajectories.” The
researchers explored storing these memories in two formats: verbatim,
step-by-step actions; or distilling these actions into higher-level,
script-like abstractions. For retrieval, the agent searches its memory for the
most relevant past experience when given a new task. The team experimented
with different methods, such vector search, to match the new task’s
description to past queries or extracting keywords to find the best fit. The
most critical component is the update mechanism. Memp introduces several
strategies to ensure the agent’s memory evolves. ... One of the most
significant findings for enterprise applications is that procedural memory is
transferable. In one experiment, procedural memory generated by the powerful
GPT-4o was given to a much smaller model, Qwen2.5-14B. The smaller model saw a
significant boost in performance, improving its success rate and reducing the
steps needed to complete tasks. According to Fang, this works because smaller
models often handle simple, single-step actions well but falter when it comes
to long-horizon planning and reasoning. The procedural memory from the larger
model effectively fills this capability gap. This suggests that knowledge can
be acquired using a state-of-the-art model, then deployed on smaller, more
cost-effective models without losing the benefits of that experience.AI Summaries a New Vector for Malware
The attack uses what researchers call "prompt overdose," a technique in which
malicious instructions are repeated dozens of times within invisible HTML
styled with properties such as zero opacity, white-on-white text, microscopic
font sizes and off-screen positioning. When AI summarizers process this
content, the repeated hidden text dominates the model's attention mechanisms,
pushing legitimate visible content aside. "When processed by a summarizer, the
repeated instructions typically dominate the model's context, causing them to
appear prominently - and often exclusively - in the generated summary." ...
Cybercriminals have been quick to adapt the technique to fool large language
models rather than humans. The attack's effectiveness stems from user reliance
on AI-generated summaries for quick content triage, often replacing manual
review of original materials. Testing showed that the technique works across
AI platforms, including commercial services like Sider.ai and custom-built
browser extensions. Researchers also identified factors amplifying the
attack's potential impact. Summarizers integrated into widely-used
applications could enable mass distribution of social engineering lures across
millions of users. The technique could lower technical barriers for ransomware
deployment by providing non-technical victims with detailed execution
instructions disguised as legitimate troubleshooting advice.A scalable framework for evaluating health language models
While auto-eval techniques are well equipped to handle the increased volume of
evaluation criteria, the completion of the proposed Precise Boolean rubrics by
human annotators was prohibitively resource intensive. To mitigate such
burden, we refined the Precise Boolean approach to dynamically filter the
extensive set of rubric questions, retaining only the most pertinent criteria,
conditioned on the specific data being evaluated. This data-driven adaptation,
referred to as the Adaptive Precise Boolean rubric, enabled a reduction in the
number of evaluations required for each LLM response. ... Current evaluation
of LLMs in health often uses Likert scales. We compared this baseline to our
data-driven Precise Boolean rubrics. Our results showed significantly higher
inter-rater reliability using Precise Boolean rubrics, measured by intra-class
correlation coefficients (ICC), compared to traditional Likert rubrics. A key
advantage of our approach is its efficiency. The Adaptive Precise Boolean
rubrics resulted in high inter-rater agreement of the full Precise Boolean
rubric while reducing evaluation time by over 50%. This efficiency gain makes
our method faster than even Likert scale evaluations, enhancing the
scalability of LLM assessment. The fact that this also provides higher
inter-rater reliability supports the argument that this simpler scoring also
provides a higher quality signal.
Financial institutions get stuck in a reactive cycle, responding to breaches
after the fact and relying heavily on network alerts and reissuing cards en
masse to mitigate damage. That’s problematic on all fronts. It’s expensive,
increases call center volume and fails to address the root problem. Beyond
that, it disrupts the cardholder experience, putting the institution at risk
of losing a cardholder’s trust and business. After experiencing a fraudulent
attack, cardholders adjust their payment behaviors, regardless of whether the
fraudster was successful or not. This could mean they stop using the affected
card altogether, switch to a competitor’s product or close their account
entirely. ... The tables are turned on the scammer. Instead of detecting
fraud as it occurs, financial institutions now have up to 180 days’ lead time
to identify a fraud pattern, take action and contain it. This strategic lead
time enables early intervention, giving teams the ability to identify emerging
fraud typologies, disrupt bad actor behavior patterns and contain the spread
before widespread damage occurs. It shifts the institution’s playbook from
defense to offense. It also eliminates the need to reissue thousands of cards
preemptively, instead identifying small subsets of cardholders most likely to
be impacted. Reissues happen only when absolutely necessary, which saves on
cost and reputation management.
Outdated Fraud Defenses Are a Green Light for Scammers Everywhere
Financial institutions get stuck in a reactive cycle, responding to breaches
after the fact and relying heavily on network alerts and reissuing cards en
masse to mitigate damage. That’s problematic on all fronts. It’s expensive,
increases call center volume and fails to address the root problem. Beyond
that, it disrupts the cardholder experience, putting the institution at risk
of losing a cardholder’s trust and business. After experiencing a fraudulent
attack, cardholders adjust their payment behaviors, regardless of whether the
fraudster was successful or not. This could mean they stop using the affected
card altogether, switch to a competitor’s product or close their account
entirely. ... The tables are turned on the scammer. Instead of detecting
fraud as it occurs, financial institutions now have up to 180 days’ lead time
to identify a fraud pattern, take action and contain it. This strategic lead
time enables early intervention, giving teams the ability to identify emerging
fraud typologies, disrupt bad actor behavior patterns and contain the spread
before widespread damage occurs. It shifts the institution’s playbook from
defense to offense. It also eliminates the need to reissue thousands of cards
preemptively, instead identifying small subsets of cardholders most likely to
be impacted. Reissues happen only when absolutely necessary, which saves on
cost and reputation management. SysAdmins: The First Responders of the Digital World
Unlike employees in other departments like sales, finance, marketing, and HR,
who can typically log off at 5 p.m. and check out of work until the next
morning, IT professionals carry the unique burden of having to be “always on.”
For technology vendors in particular, this is especially prevalent; when
situations arise that compromise the integrity of key systems and networks, both
employees and users can face disruptions to cost organizations revenue and
reputational damage. Whether it’s hardware or software issues, the system
administrator is there to jump in and patch the issue. ... IT departments are
increasingly viewed as “profit protectors,” critical to the bottom line by
preventing unplanned expenses and customer churn. As demonstrated by the
anecdotes above, system administrators ensure the daily functionality and
operational resilience of their organizations, enabling every other team to do
their job efficiently. Without system administrators’ constant attention to
ensuring things behind the scenes are running smoothly, employees would struggle
to fulfill their daily tasks every time an incident occurs. ... Business leaders
can show appreciation for these employees by prioritizing mental health
initiatives, ensuring IT teams are sufficiently staffed to prevent burnout, and
promoting workload balance with generous time-off packages.
A wake-up call for identity security in devops
The GitHub incident exposed what security teams already suspect—that devops is
running headlong into an identity sprawl problem. Identities (human and
non-human) are multiplying, permissions are stacking up, and third-party apps
are the new soft underbelly. This is where identity security posture management
(ISPM) steps in. ISPM takes the principles of cloud security posture management
(CSPM)—continuous monitoring, posture scoring, risk-based controls—and applies
them to identity. It doesn’t stop at who can log in; it extends into who has
access, why they have it, what they can do, and how that access is granted,
including via OAuth. ... Modern identity security platforms are stepping in to
close this gap. The leading solutions give you deep visibility into the web of
permissions spanning developers, service accounts, and third-party OAuth apps.
It’s no longer enough to know that a token exists. Teams need full context: who
issued the token, what scopes it has, what systems it touches, and how those
privileges compare across environments. ... Developers aren’t asking for more
security tools, policies, or friction. What they want is clarity, especially if
it helps them stay out of the next breach postmortem. That’s why
visibility-first approaches work. When security teams show developers exactly
what access exists, and why it matters, the conversation shifts from “Why are
you blocking me?” to “Thanks for the heads-up.”"Think Big to Achieve Big": A CEO's advice to today's HR leaders
The traditional perception of HR as an administrative function is obsolete. Today's CHRO is a key driver of organisational transformation, working in close collaboration with the CEO to formulate and achieve overarching goals. This partnership is essential for ensuring that HR initiatives are not just about hiring, but about building a future-ready organisation. This involves enabling talent with the latest technologies, skills, and continuous learning opportunities. Goyal's own collaboration with his CHRO is a model of this integrated approach. They work together to ensure that HR initiatives are fully aligned with the Group's long-term objectives, a dynamic that goes far beyond traditional HR functions. This partnership is what drives sustainable growth and navigates complex challenges. The modern workplace presents a unique set of challenges, from heightened uncertainty to the distinct expectations of Gen Z. Goyal's response to this is a philosophy of active adaptation. To attract and retain young talent, he believes companies must be open to revisiting policies, embracing flexible working hours, and promoting a culture of continuous learning. He emphasises the need for leaders to have an open mindset toward the new generation, just as they would for their own children.Inside a quantum data center
Quantum-focused measures that might need to be considered include vibrations,
electromagnetic sensitivity, and potentially even the speed of the elevators
moving hardware between floors. Whether or not there would be one standard
encompassing the different types of quantum computers – supercooled, rack-based,
optical-tabled etc – or multiple standards to suit all comers is unclear at this
stage. ... IBM does also host some dedicated quantum systems at its facilities
for customers who don’t want their QPUs on-site, but on-premise enterprise
deployments are rare beyond the likes of IBM’s agreement with Cleveland Clinic.
They will likely be the exception rather than the norm for enterprises for some
time to come, IQM’s Goetz says. “Corporate enterprise customers are not yet
buying full systems,” says Goetz. “They are usually accessing the systems
through the cloud because they are still ramping up their internal capabilities
with the goal to be ready once the quantum computers really have the full
commercial value.” Quite what the geography of a world with commercially-useful
quantum computers will look like is unclear. Will enterprises be happy with a
few centralized ‘quantum cloud’ regions, demand in-country capacity in multiple
jurisdictions, or go so far as demanding systems be placed in on-premise or
colocated facilities?Simpler models can outperform deep learning at climate prediction
The researchers see their work as a “cautionary tale” about the risk of
deploying large AI models for climate science. While deep-learning models have
shown incredible success in domains such as natural language, climate science
contains a proven set of physical laws and approximations, and the challenge
becomes how to incorporate those into AI models. “We are trying to develop
models that are going to be useful and relevant for the kinds of things that
decision-makers need going forward when making climate policy choices. While it
might be attractive to use the latest, big-picture machine-learning model on a
climate problem, what this study shows is that stepping back and really thinking
about the problem fundamentals is important and useful,” says study senior
author Noelle Selin ... “Large AI methods are very appealing to scientists, but
they rarely solve a completely new problem, so implementing an existing solution
first is necessary to find out whether the complex machine-learning approach
actually improves upon it,” says Lütjens. Some initial results seemed to fly in
the face of the researchers’ domain knowledge. The powerful deep-learning model
should have been more accurate when making predictions about precipitation,
since those data don’t follow a linear pattern.
/dq/media/media_files/2024/12/22/lXrVMrRWHwD2UFtZR5Ws.png)
