Quote for the day:
"When you say my team is no good, all I hear is that I failed as a leader." -- Gordon Tredgold
Everyone works with AI agents, but who controls the agents?
Over the past year, there has been a lot of talk about MCP and A2A, protocols
that allow agents to communicate with each other. But more and more agents that
are now becoming available support and use them. Agents will soon be able to
easily exchange information and transfer tasks to each other to achieve much
better results. Currently, 50 percent of AI agents in organizations still work
as a silo. This means that no context or data from external systems is added.
The need for context is now clear to many organizations. 96 percent of IT
decision-makers understand that success depends on seamless integration. This
puts renewed pressure on data silos and integrations. ... For IT decision-makers
wondering what they really need to do in 2026, doing nothing is definitely not
the right answer, as your competitors who do invest in AI will quickly overtake
you. On the other hand, you don’t have to go all-in and blow your entire IT
budget on it. ... You need to start now, so start small. Putting the three or
five most frequently asked questions to your customer service or HR team into an
AI agent can take a huge workload off those teams. There are now several case
studies showing that this has reduced the number of tickets by as much as 50-60
percent. AI can also be used for sales reports or planning, which currently
takes employees many hours each week.Mobile privacy audits are getting harder
Many privacy reviews begin with static analysis of an Android app package (APK).
This can reveal permissions requested by the app and identify embedded
third-party libraries such as advertising SDKs, telemetry tools, or analytics
components. Requested permissions are often treated as indicators of risk
because they can imply access to contacts, photos, location, camera, or device
identifiers. Library detection can also show whether an app includes known
trackers. Yet, static results are only partial. Permissions may never be used in
runtime code paths, and libraries can be present without being invoked. Static
analysis also misses cases where data is accessed indirectly or through system
behavior that does not require explicit permissions. ... Apps increasingly
defend against MITM using certificate pinning, which causes the app to reject
traffic interception even if a root certificate is installed. Analysts may
respond by patching the APK or using dynamic instrumentation to bypass the
pinning logic at runtime. Both approaches can fail depending on the app’s
implementation. Mopri’s design treats these obstacles as expected operating
conditions. The framework includes multiple traffic capture approaches so
investigators can switch methods when an app resists a specific setup. ... Raw
network logs are difficult to interpret without enrichment. Mopri adds
contextual information to recorded traffic in two areas: identifying who
received the data, and identifying what sensitive information may have been
transmitted.When the AI goes dark: Building enterprise resilience for the age of agentic AI
Instead of merely storing data, AI accumulates intelligence. When we talk about
AI “state,” we’re describing something fundamentally different from a database
that can be rolled back. ... Lose this state, and you haven’t just lost data.
You’ve lost the organizational intelligence that took hundreds of human days of
annotation, iteration and refinement to create. You can’t simply re-enter it
from memory. Worse, a corrupted AI state doesn’t announce itself the way a
crashed server does. ... This challenge is compounded by the immaturity of the
AI vendor landscape. Hyperscale cloud providers may advertise “four nines” of
uptime (99.99% availability, which translates to roughly 52 minutes of downtime
per year), but many AI providers, particularly the startups emerging rapidly in
this space, cannot yet offer these enterprise-grade service guarantees. ... When
AI agents handle customer interactions, manage supply chains, execute financial
processes and coordinate operations, a sustained AI outage isn’t an
inconvenience. It’s an existential threat. ... Humans are not just a fallback
option. They are an integral component of a resilient AI-native enterprise.
Motivated, trained and prepared teams can bridge gaps when AI fails, ensuring
continuity of both systems and operations. When you continually reduce your
workforce to appease your shareholders, will your human employees remain
motivated, trained and prepared?
The blind spot every CISO must see: Loyalty
The insider who once seemed beyond reproach becomes the very vector through
which sensitive data, intellectual property, or operational integrity is
compromised. These are not isolated failures of vetting or technology; they are
failures to recognize that loyalty is relational and conditional, not absolute.
... Organizations have long operated under the belief that loyalty, once
demonstrated, becomes a durable shield against insider risk. Extended tenure is
rewarded with escalating access privileges, high performers are granted broader
system rights without commensurate behavioral review, and verbal affirmations of
commitment are taken at face value. Yet time and again patterns repeat. What
begins as mutual confidence weakens not through dramatic betrayal but through
subtle realignments in personal commitment. An employee who once identified
strongly with the mission may begin to feel undervalued, overlooked for
advancement, or weighed down by outside pressures. ... Positions with access to
crown jewels — sensitive data, financial systems, or personnel records — or
executive ranks inherently require proportionately more oversight, as regulated
sectors have shown. Professionals in these roles accept this as part of the
terrain, with history demonstrating minimal talent loss when frameworks are
transparent and supportive.
Researchers Warn: WiFi Could Become an Invisible Mass Surveillance System
Researchers at the Karlsruhe Institute of Technology (KIT) have shown that
people can be recognized solely by recording WiFi communication in their
surroundings, a capability they warn poses a serious threat to personal privacy.
The method does not require individuals to carry any electronic devices, nor
does it rely on specialized hardware. Instead, it makes use of ordinary WiFi
devices already communicating with each other nearby. ... “This technology
turns every router into a potential means for surveillance,” warns Julian Todt
from KASTEL. “If you regularly pass by a cafĂ© that operates a WiFi network, you
could be identified there without noticing it and be recognized later, for
example by public authorities or companies.” Felix Morsbach notes that
intelligence agencies or cybercriminals currently have simpler ways to monitor
people, such as accessing CCTV systems or video doorbells. “However, the
omnipresent wireless networks might become a nearly comprehensive surveillance
infrastructure with one concerning property: they are invisible and raise no
suspicion.” ... Unlike attacks that rely on LIDAR sensors or earlier WiFi-based
techniques that use channel state information (CSI), meaning measurements of how
radio signals change when they reflect off walls, furniture, or people, this
approach does not require specialized equipment. Instead, it can be carried out
using a standard WiFi device.Is software optimization a lost art?
Almost all of us have noticed apps getting larger, slower, and buggier. We've
all had a Chrome window that's taking up a baffling amount of system memory, for
example. While performance challenges can vary by organization, application and
technical stacks, it appears the worst performance bottlenecks have migrated to
the ‘last mile’ of the user experience, says Jim Mercer ... “While architectural
decisions and developer skills remain critical, they’re too often compromised by
the need to integrate AI and new features at an exponential pace. So, a lack of
due diligence when we should know better.” ... The somewhat concerning part is
that AI bloat is structurally different from traditional technical debt, she
points out. Rather than accumulated cruft over time, it usually manifests as
systematic over-engineering from day one. ... Software optimization has become
even more important due to the recent RAM price crisis, driven by surging demand
for hardware to meet AI and data center buildout. Though the price increases may
be levelling out, RAM is now much more expensive than it was mere months
ago. This is likely to shift practices and behavior, Brock ... Security will
play a role too, particularly with the growing data sovereignty debate and
concerns about bad actors, she notes. Leaner, neater, shorter software is simply
easier to maintain – especially when you discover a vulnerability and are faced
with working through a massive codebase.
The ‘Super Bowl’ standard: Architecting distributed systems for massive concurrency
In the world of streaming, the “Super Bowl” isn’t just a game. It is a
distributed systems stress test that happens in real-time before tens of
millions of people. ... It is the same nightmare that keeps e-commerce CTOs
awake before Black Friday or financial systems architects up during a market
crash. The fundamental problem is always the same: How do you survive when
demand exceeds capacity by an order of magnitude? ... We implement load shedding
based on business priority. It is better to serve 100,000 users perfectly and
tell 20,000 users to “please wait” than to crash the site for all 120,000. ...
In an e-commerce context, your “Inventory Service” and your “User Reviews
Service” should never share the same database connection pool. If the Reviews
service gets hammered by bots scraping data, it should not consume the resources
needed to look up product availability. ... When a cache miss occurs, the first
request goes to the database to fetch the data. The system identifies that
49,999 other people are asking for the same key. Instead of sending them to the
database, it holds them in a wait state. Once the first request returns, the
system populates the cache and serves all 50,000 users with that single result.
This pattern is critical for “flash sale” scenarios in retail. When a million
users refresh the page to see if a product is in stock, you cannot do a million
database lookups. ... You cannot buy “resilience” from AWS or Azure. You cannot
solve these problems just by switching to Kubernetes or adding more nodes.Cloud-native observability enters a new phase as the market pivots from volume to value
“The secret in the industry is that … all of the existing solutions are
motivated to get people to produce as much data as possible,” said Martin Mao,
co-founder and chief executive officer of Chronosphere, during an interview with
theCUBE. “What we’re doing differently with logs is that we actually provide the
ability to see what data is useful, what data is useless and help you optimize …
so you only keep and pay for the valuable data.” ... Widespread digital
modernization is driving open-source adoption, which in turn demands more
sophisticated observability tools, according to Nashawaty. “That urgency is why
vendor innovations like Chronosphere’s Logs 2.0, which shift teams from hoarding
raw telemetry to keeping only high-value signals, are resonating so strongly
within the open-source community,” he said. ... Rather than treating logs as an
add-on, Logs 2.0 integrates them directly into the same platform that handles
metrics, traces and events. The architecture rests on three pillars. First, logs
are ingested natively and correlated with other telemetry types in a shared
backend and user interface. Second, usage analytics quantify which logs are
actually referenced in dashboards, alerts and investigations. Third, governance
recommendations guide teams toward sampling rules, log-to-metric conversion or
archival strategies based on real usage patterns.How recruitment fraud turned cloud IAM into a $2 billion attack surface
The attack chain is quickly becoming known as the identity and access management
(IAM) pivot, and it represents a fundamental gap in how enterprises monitor
identity-based attacks. CrowdStrike Intelligence research published on January
29 documents how adversary groups operationalized this attack chain at an
industrial scale. Threat actors are cloaking the delivery of trojanized Python
and npm packages through recruitment fraud, then pivoting from stolen developer
credentials to full cloud IAM compromise. ... Adversaries are shifting entry
vectors in real-time. Trojanized packages aren’t arriving through typosquatting
as in the past — they’re hand-delivered via personal messaging channels and
social platforms that corporate email gateways don’t touch. CrowdStrike
documented adversaries tailoring employment-themed lures to specific industries
and roles, and observed deployments of specialized malware at FinTech firms as
recently as June 2025. ... AI gateways excel at validating authentication. They
check whether the identity requesting access to a model endpoint or training
pipeline holds the right token and has privileges for the timeframe defined by
administrators and governance policies. They don’t check whether that identity
is behaving consistently with its historical pattern or is randomly probing
across infrastructure.
