Quote for the day:
“Most new jobs won’t come from our biggest employers. They will come from our smallest. We’ve got to do everything we can to make entrepreneurial dreams a reality.” -- Ross Perot
7 key strategies for MLops success
Like many things in life, in order to successfully integrate and manage AI and
ML into business operations, organisations first need to have a clear
understanding of the foundations. The first fundamental of MLops today is
understanding the differences between generative AI models and traditional ML
models. Cost is another major differentiator. The calculations of generative AI
models are more complex resulting in higher latency, demand for more computer
power, and higher operational expenses. Traditional models, on the other hand,
often utilise pre-trained architectures or lightweight training processes,
making them more affordable for many organisations. ... Creating scalable and
efficient MLops architectures requires careful attention to components like
embeddings, prompts, and vector stores. Fine-tuning models for specific
languages, geographies, or use cases ensures tailored performance. An MLops
architecture that supports fine-tuning is more complicated and organisations
should prioritise A/B testing across various building blocks to optimise
outcomes and refine their solutions. Aligning model outcomes with business
objectives is essential. Metrics like customer satisfaction and click-through
rates can measure real-world impact, helping organisations understand whether
their models are delivering meaningful results.
If we want a passwordless future, let's get our passkey story straight
When passkeys work, which is not always the case, they can offer a nearly
automagical experience compared to the typical user ID and password workflow.
Some passkey proponents like to say that passkeys will be the death of
passwords. More realistically, however, at least for the next decade, they'll
mean the death of some passwords -- perhaps many passwords. We'll see. Even
so, the idea of killing passwords is a very worthy objective. ... With
passkeys, the device that the end user is using – for example, their desktop
computer or smartphone -- is the one that's responsible for generating the
public/private key pair as a part of an initial passkey registration process.
After doing so, it shares the public key – the one that isn't a secret – with
the website or app that the user wants to login to. The private key -- the
secret -- is never shared with that relying party. This is where the tech
article above has it backward. It's not "the site" that "spits out two pieces
of code" saving one on the server and the other on your device. ... Passkeys
have a long way to go before they realize their potential. Some of the current
implementations are so alarmingly bad that it could delay their adoption. But
adoption of passkeys is exactly what's needed to finally curtail a
decades-long crime spree that has plagued the internet.
AI: More Buzzword Than Breakthrough
While Artificial Intelligence focuses on creating systems that simulate human
intelligence, Intelligent Automation leverages these AI capabilities to
automate end-to-end business processes. In essence, AI is the brain that
provides cognitive functions, while Intelligent Automation is the body that
executes tasks using AI’s intelligence. This distinction is critical; although
Artificial Intelligence is a component of Intelligent Automation, not all AI
applications result in automation, and not all automation requires advanced
Artificial Intelligence. ... Intelligent Automation automates and optimizes
business processes by combining AI with automation tools. This integration
results in increased efficiency and reduced operating costs. For instance,
Intelligent Automation can streamline supply chain operations by automating
inventory management, order fulfillment, and logistics, resulting in faster
turnaround times and fewer errors. ... In recent years, the term “AI” has been
widely used as a marketing buzzword, often applied to technologies that do not
have true AI capabilities. This phenomenon, sometimes referred to as “AI
washing,” involves branding traditional automation or data processing systems
as AI in order to capitalize on the term’s popularity. Such practices can
mislead consumers and businesses, leading to inflated expectations and
potential disillusionment with the technology.
Introduction to API Management
API gateways are pivotal in managing both traffic and security for APIs. They
act as the frontline interface between APIs and the users, handling incoming
requests and directing them to the appropriate services. API gateways enforce
policies such as rate limiting and authentication, ensuring secure and
controlled access to API functions. Furthermore, they can transform and route
requests, collect analytics data and provide caching capabilities. ... With
API governance, businesses get the most out of their investment. The purpose
of API governance is to make sure that APIs are standardized so that they are
complete, compliant and consistent. Effective API governance enables
organizations to identify and mitigate API-related risks, including
performance concerns, compliance issues and security vulnerabilities. API
governance is complex and involves security, technology, compliance,
utilization, monitoring, performance and education. Organizations can make
their APIs secure, efficient, compliant and valuable to users by following
best practices in these areas. ... Security is paramount in API management.
Advanced security features include authentication mechanisms like OAuth, API
keys and JWT (JSON Web Tokens) to control access. Encryption, both in transit
and at rest, ensures data integrity and confidentiality.
Sustainability starts within: Flipkart & Furlenco on building a climate-conscious culture
Based on the insights from Flipkart and Furlenco, here are six actionable steps
for leaders seeking to embed climate goals into their company culture: Lead with
intent: Make climate goals a strategic priority, not just a CSR initiative.
Signal top-level commitment and allocate leadership roles accordingly.
Operationalise sustainability: Move beyond policies into process design — from
green supply chains to net-zero buildings and water reuse systems. Make It
measurable: Integrate climate-related KPIs into team goals, performance reviews,
and business dashboards. Empower employees: Create space for staff to lead
climate initiatives, volunteer, learn, and innovate. Build purpose into daily
roles. Foster dialogue and storytelling: Share wins, losses, and journeys. Use
Earth Day campaigns, internal newsletters, and learning modules to bring
sustainability to life. Measure Culture, Not Just Carbon: Assess how employees
feel about their role in climate action — through surveys, pulse checks, and
feedback loops. ... Beyond the company walls, this cultural approach to climate
leadership has ripple effects. Customers are increasingly drawn to brands with
strong environmental values, investors are rewarding companies with robust ESG
cultures, and regulators are moving from voluntary frameworks to mandatory
disclosures.
Proof-of-concept bypass shows weakness in Linux security tools
An Israeli vendor was able to evade several leading Linux runtime security tools
using a new proof-of-concept (PoC) rootkit that it claims reveals the
limitations of many products in this space. The work of cloud and Kubernetes
security company Armo, the PoC is called ‘Curing’, a portmanteau word that
combines the idea of a ‘cure’ with the io_uring Linux kernel interface that the
company used in its bypass PoC. Using Curing, Armo found it was possible to
evade three Linux security tools to varying degrees: Falco (created by Sysdig
but now a Cloud Native Computing Foundation graduated project), Tetragon from
Isovalent (now part of Cisco), and Microsoft Defender. ... Armo said it was
motivated to create the rootkit to draw attention to two issues. The first was
that, despite the io_uring technique being well documented for at least two
years, vendors in the Linux security space had yet to react to the danger. The
second purpose was to draw attention to deeper architectural challenges in the
design of the Linux security tools that large numbers of customers rely on to
protect themselves: “We wanted to highlight the lack of proper attention in
designing monitoring solutions that are forward-compatible. Specifically, these
solutions should be compatible with new features in the Linux kernel and address
new techniques,” said Schendel.
Insider threats could increase amid a chaotic cybersecurity environment
Most organisations have security plans and policies in place to decrease the
potential for insider threats. No policy will guarantee immunity to data
breaches and IT asset theft but CISOs can make sure their policies are being
executed through routine oversight and audits. Best practices include access
control and least privilege, which ensures employees, contractors and all
internal users only have access to the data and systems necessary for their
specific roles. Regular employee training and awareness programmes are also
critical. Training sessions are an effective means to educate employees on
security best practices such as how to recognise phishing attempts, social
engineering attacks and the risks associated with sharing sensitive information.
Employees should be trained in how to report suspicious activities – and there
should be a defined process for managing these reports. Beyond the security
controls noted above, those that govern the IT asset chain of custody are
crucial to mitigating the fallout of a breach should assets be stolen by
employees, former employees or third parties. The IT asset chain of custody
refers to the process that tracks and documents the physical possession,
handling and movement of IT assets throughout their lifecycle. A sound programme
ensures that there is a clear, auditable trail of who has access to and controls
the asset at any given time.
Distributed Cloud Computing: Enhancing Privacy with AI-Driven Solutions
AI has the potential to play a game-changing role in distributed cloud computing
and PETs. By enabling intelligent decision-making and automation, AI algorithms
can help us optimize data processing workflows, detect anomalies, and predict
potential security threats. AI has been instrumental in helping us identify
patterns and trends in complex data sets. We're excited to see how it will
continue to evolve in the context of distributed cloud computing. For instance,
homomorphic encryption allows computations to be performed on encrypted data
without decrypting it first. This means that AI models can process and analyze
encrypted data without accessing the underlying sensitive information.
Similarly, AI can be used to implement differential privacy, a technique that
adds noise to the data to protect individual records while still allowing for
aggregate analysis. In anomaly detection, AI can identify unusual patterns or
outliers in data without requiring direct access to individual records, ensuring
that sensitive information remains protected. While AI offers powerful
capabilities within distributed cloud environments, the core value proposition
of integrating PETs remains in the direct advantages they provide for data
collaboration, security, and compliance. Let's delve deeper into these key
benefits, challenges and limitations of PETs in distributed cloud computing.
Mobile Applications: A Cesspool of Security Issues
"What people don't realize is you ship your entire mobile app and all your code
to this public store where any attacker can download it and reverse it," Hoog
says. "That's vastly different than how you develop a Web app or an API, which
sit behind a WAF and a firewall and servers." Mobile platforms are difficult for
security researchers to analyze, Hoog says. One problem is that developers rely
too much on the scanning conducted by Apple and Google on their app stores. When
a developer loads an application, either company will conduct specific scans to
detect policy violations and to make malicious code more difficult to upload to
the repositories. However, developers often believe the scanning is looking for
security issues, but it should not be considered a security control, Hoog says.
"Everybody thinks Apple and Google have tested the apps — they have not," he
says. "They're testing apps for compliance with their rules. They're looking for
malicious malware and just egregious things. They are not testing your
application or the apps that you use in the way that people think." ... In
addition, security issues on mobile devices tend to have a much shorter
lifetime, because of the closed ecosystems and the relative rarity of
jailbreaking. When NowSecure finds a problem, there is no guarantee that it will
last beyond the next iOS or Android update, he says.
The future of testing in compliance-heavy industries
In today’s fast-evolving technology landscape, being an engineering leader in
compliance-heavy industries can be a struggle. Managing risks and ensuring data
integrity are paramount, but the dangers are constant when working with large
data sources and systems. Traditional integration testing within the context of
stringent regulatory requirements is more challenging to manage at scale. This
leads to gaps, such as insufficient test coverage across interconnected systems,
a lack of visibility into data flows, inadequate logging, and missed edge case
conditions, particularly in third-party interactions. Due to these weaknesses,
security vulnerabilities can pop up and incident response can be delayed,
ultimately exposing organizations to violations and operational risk. ... API
contract testing is a modern approach used to validate the expectations between
different systems, making sure that any changes in APIs don’t break expectations
or contracts. Changes might include removing or renaming a field and altering
data types or response structures. These seemingly small updates can cause
downstream systems to crash or behave incorrectly if they are not properly
communicated or validated ahead of time. ... The shifting left practice has a
lesser-known cousin: shifting right. Shifting right focuses on post-deployment
validation using concepts such as observability and real-time monitoring
techniques.
