How to build employee trust as AI gains ground
Most experts agree, however, that newer AI tools are less about replacing people
and more about eliminating mundane, manual, or number-crunching tasks that most
employees already hate. In fact, the technology will mostly help free up workers
to tackle more important tasks such as project management, data science research
and, perhaps most importantly, creative thinking and problem solving. "There is
no example today of an AI system that can perform data science totally
independent of people," said Erick Brethenoux, a distinguished vice president
analyst at research firm Gartner. A lot of the uncertainty and fear workers feel
about generative AI tools is based on ignorance, experts say. AI, in its many
forms, has been around for more than 50 years, but many people simply don’t
recognize it’s been beside them all this time. “People have always been afraid
of AI because the vision they have of it is science fiction; it’s a Hollywood
vision of it,” Brethenoux said. “There’s a lot of hype around it."
Red Hat rivals form Open Enterprise Linux Association
At the heart of the new organization is a disagreement over the way Red Hat,
long the dominant force in enterprise Linux, provides access to its source code.
For years, the company supported the development of a Red Hat Enterprise Linux
clone called CentOS, with the idea of providing a free alternative for testing
and development purposes, given that paid support would be unnecessary for that
purpose. However, increasingly, users began to implement CentOS instead of RHEL
in production environments as well, with other companies, including CIQ,
springing up to provide enterprise support. Accordingly, Red Hat stopped
supporting CentOS in its previous form two years ago, in favor of an alternative
called CentOS Stream. That, however, is an upstream distribution, meaning that
it’s updated much more frequently, making it less suitable for production work.
And earlier this summer, Red Hat made its source code less accessible,
restricting access to paying Red Hat customers and obscuring some details of the
way the code is put together to create the final distribution.
How FraudGPT presages the future of weaponized AI
FraudGPT signals the start of a new, more dangerous and democratized era of
weaponized generative AI tools and apps. The current iteration doesn’t reflect
the advanced tradecraft that nation-state attack teams and large-scale
operations like the North Korean Army’s elite Reconnaissance General Bureau’s
cyberwarfare arm, Department 121, are creating and using. But what FraudGPT and
the like lack in generative AI depth, they more than make up for in ability to
train the next generation of attackers. With its subscription model, in months
FraudGPT could have more users than the most advanced nation-state cyberattack
armies, including the likes of Department 121, which alone has approximately
6,800 cyberwarriors, according to the New York
Times — 1,700 hackers in seven different units and 5,100 technical support
personnel. While FraudGPT may not pose as imminent a threat as the larger, more
sophisticated nation-state groups, its accessibility to novice attackers will
translate into an exponential increase in intrusion and breach attempts,
starting with the softest targets, such as in education, healthcare and
manufacturing.
Application Rationalization: Is Complexity Avoidable?
Removing the clutter from your application portfolio is its own reward.
Simplifying your software means: easier maintenance; greater agility; lower
training requirements; reduced costs; faster rationalization in
future. This is, indeed, all possible to achieve. With unlimited budget,
and a willingness to both make tough choices about stripping back applications
and be strict with your colleagues, you could of course remove all complexity
from your portfolio. The question remains, however: should you? Fully optimizing
your application portfolio is costly, time-consuming, and will likely cause a
lot of frustration for software users along the way. True application
rationalization involves a balancing act between technical debt and
optimization, meaning some complexity will likely need to be tolerated. If your
team communicates via Slack, for example, it would be easier to remove email and
Zoom licenses. However, if your external stakeholders don't use Slack Connect,
you could cripple your company's ability to function by doing so.
How to take action against AI bias
With AI adoption increasing rapidly, it’s critical that guardrails and new
processes be put in place. Such guidelines establish a process for developers,
data scientists, and anyone else involved in the AI production process to avoid
potential harm to businesses and their customers. One practice enterprises can
introduce before releasing any AI-enabled service is the red team versus blue
team exercise used in the security field. For AI, enterprises can pair a red
team and a blue team to expose bias and correct it before bringing a product to
market. It’s important to then make this process an ongoing effort to continue
to work against the inclusion of bias in data and algorithms. Organizations
should be committed to testing the data before deploying any model, and to
testing the model after it is deployed. Data scientists must acknowledge that
the scope of AI biases is vast and there can be unintended consequences, despite
their best intentions. Therefore, they must become greater experts in their
domain and understand their own limitations to help them become more responsible
in their data and algorithm curation.
3 Ways Enterprise Architects Can Bridge the Socio-Technical Gap
Software architecture is often a series of trade-offs. However, for people not
involved in the original decision, it is often no longer clear what the
trade-off was or how that trade-off led to the decision. One approach to
capturing these decisions is Architecture Decision Records (ADRs). Note that
ADRs are not some kind of technical rule, they are essentially a document. But
having such a document can be a useful communication device, as it creates a
history that allows people to keep track of trade-offs made in the past. The
code and architecture themselves can only communicate the current state, but not
how that current state came to be. Note that recording decisions doesn’t make
them permanent or immutable. ... Capturing the rationale behind architectural
decisions through methods like Architecture Decision Records ensures a clear
understanding of trade-offs made over time. Additionally, addressing
architecture incrementally, akin to code-level refinements, offers a practical
way to manage risk and avoid conflicting priorities.
Broken Promises of the Low-Code Approach
The reality is that many low-code solutions present a fundamental
misunderstanding of software development: They conflate the challenge of
understanding a programming language’s syntax with the challenge of designing
effective application logic. Programming languages are just tools; their syntax
is merely a means of expressing solutions. The true heart of software
development lies in problem-solving, in crafting algorithms, data structures and
interfaces that efficiently fulfill the application’s needs. By aiming to
simplify software development through a graphical user interface (GUI), low-code
solutions replace syntax without necessarily simplifying the fundamental
challenge of designing robust applications. This approach can introduce multiple
drawbacks while failing to alleviate the true complexities of software creation,
ultimately having a negative impact on your team’s ability to deliver real
value. ... Low-code solutions frequently grapple with limited customization,
often failing to meet specific, complex or unique business requirements. The
risk of vendor lock-in is another significant downside, potentially leaving
users high and dry if there are changes in pricing, feature offerings or if the
vendor closes shop.
Micro transformation: Driving big business benefit through quick IT wins
While it’s still early days to determine the success of the micro
transformation, the initial customer feedback has been encouraging, Aird says.
“There’s something intrinsically rewarding when you hear directly from customers
about how much they’re enjoying the new tool, how it’s adding value to their
purchasing experience, and how it makes the process of creating their own neon
signs easier and more fun and exciting.” This is critical because Custom Neon
operates in a “highly saturated e-commerce niche,’’ he adds, and micro
transformations such as upgrading the website tool “subtly, but surely redefine
the customer experience, contributing to our continued growth and
competitiveness.” This kind of micro transformation underscores the power of
agile methodology, enabling IT to identify bottlenecks, implement targeted
improvements, and quickly see the effects, Aird says. “Moreover, they allow us
to enhance our KPIs, notably in customer satisfaction and operational
efficiency.”
Cybersecurity hiring gap: Time to rethink who can contribute
Ford sees the "cybersecurity talent shortage" as misidentified, he refers to the
situation as an "experience shortage." As we all know, the only way to garner
experience is by doing. He opened doors to "overlooked" talent, with the
creation of their Cybersecurity Career Reboot Program. The program's key factor
probably broke every HR sorting tool, as they sought out individuals who had
been passed over because the "lack the experience required to land entry-level
jobs." ... They then used their Professional Rotation Experience Program (PREP),
which took recent grads and put them in "two-year rotational program that
includes global exposure to all our cybersecurity functions. PREP participants
gain experience with the foundations of cybersecurity through hands-on project
work, exposure to a variety of experiences, and innovative training and
development, rotating through the different teams within cybersecurity every six
months during the program." While the focus of homegrown talent programs is on
the new and eager employees, CISOs must also keep an eye on retaining and
improving the talent already in place.
Generative AI – What Are the Legal Issues?
The pace of the development of AI far outstrips the legal, regulatory and
ethical frameworks which need to be put in place to ensure that the benefits
of AI are carefully considered. For anyone looking at adopting or developing
AI technologies, risk assessments should be conducted to identify and mitigate
the impact on individuals. ... Considering the dataset used to teach the
algorithm will potentially identify areas of risk. For example, an AI designed
to sift CVs and provide hiring recommendations might inherit any unconscious
hiring biases from the underlying dataset of ‘successful applicant’ and
‘unsuccessful applicant’ CVs. Not all algorithms are born equal and
consideration should be given to the sophistication and development of any
product before use given the potential impact on individuals. ... As Gen AI
can create new content, who will own the intellectual property in any new
work, media, image or music? There may be IP issues if the Gen AI creator did
not have sufficient rights to the information used in the training dataset and
any contract should clearly set out IP ownership where possible.
Quote for the day:
"It is the responsibility of
leadership to provide opportunity, and the responsibility of individuals to
contribute." -- William Pollard
