Kategorie

Under-the-hood AI changes and efficiency improvements at the OS layer across Apple’s platforms are certainly the highlights at WWDC 2026. But there have also been significant changes IT admins will need to prepare for, particularly around Declarative Device Management (DDM). 

The Intel age is over

Apple warned us this was coming, but macOS 27 will not support Intel at all. The company will deliver three more years of security updates for those devices, and you will still be able to use Rosetta to get Intel app binaries to run legacy apps on Apple Silicon. But if you still rely on any Intel apps or Macs, it really is time to plan your upgrade.

DDM becomes the present

It was the future once, but when it comes to Declarative Device Management (DDM) that future is now. Apple is removing all its legacy MDM mechanisms to replace them with DDM. “For IT admins, WWDC 2026 is a migration year,” wrote Fleet. “Apple is removing legacy MDM mechanisms and replacing them with Declarative Device Management (DDM). Some of it is urgent. Some of it just needs a plan.”

It’s a great step, though IT admins will need to ensure they aren’t relying on legacy MDM to handle any of their device fleets. That’s a particular issue around software and security update management. In most cases, your MDM provider has probably already introduced DDM support. But if you aren’t certain, now is the time to find out before your systems fail.

Apple has also added new DDM tools across various systems, apps, identities and more. Some of the highlights include:

• VPN and Network configurations can be provisioned using DDM; they also become credential-reliant, which should make management more streamlined.
• Apple Intelligence, Siri, and keyboard settings can also be configured via DDM, and admins can manage individual Apple Intelligence tools. 
• Web content filter and content caching both become controllable with DDM.
• A new privacy key lets IT manage things like camera or microphone access.
• Apple has added a device system health reporting function to verify that hardware components on iPhone and iPad are genuine.
• IT will be able to detect whether a device is in Lockdown Mode.

“One of the new features I’m most excited about is the ability to set permission defaults for managed apps and websites viewed in Safari,” said Adam Henry, senior product manager at Iru. “While the user is still prompted to allow these permissions, we can now present those requests as a unified prompt immediately upon app launch, along with a custom explanation as to why those permissions are important — think a teleconferencing app or website that always needs access to camera and microphone.

“Overall, I think this is a much more user-friendly solution that will likely increase permission compliance.”

Siri and AI

Although, Apple has introduced new management tools for AI, it’s important to remember some advice from Joel Rennich, senior vice president for product management at JumpCloud: “Traditional IAM models assume users directly interact with applications, but agentic systems change that assumption. AI intermediaries can now retrieve data, execute workflows, and make decisions across systems. Enterprises will need identity frameworks that govern both human and non-human actors consistently.”

He also noted: “The separation between where data lives and where it is used becomes increasingly invisible to the user. Intent becomes the primary input, not app selection.”

At the same time, the evolution of AI on Apple’s devices promises a lot for enterprise users. Matt Vlasach, Jamf senior vice president, enterprise products and solutions engineering, told me: “Most notable for me was Siri AI and the push towards on-device and more capable models that can do more with user context. While obvious for consumer use cases as illustrated in the keynote, the opportunity to evolve this to the work context using a more advanced Apple Intelligence framework is an exciting evolution.”

Farewell AFP

Apple has finally eradicated Apple Filing Protocol (AFP) in macOS. This will be an issue for any business that uses legacy Time Capsule or NAS storage devices, though in most cases those products are already obsolete and should be replaced. This is unlikely to be a huge challenge for most, given that Apple began using SMB as its primary file sharing protocol back in 2013 and support for AFP server disappeared in 2020. (Time Capsule fans might want to take a look at the TimeCapsuleSMB open-source project.)

Hello AppleCare log collection

Apple will introduce a new remote log collection capability that integrates directly with the company’s support infrastructure. So, when AppleCare support engages with an organization’s IT team, they can provide an enhanced logging token which can be shared to get the device to collect diagnostic logs to upload to AppleCare. You just know this will expedite remedy.

Single Sign-On improvements

As I noted here, there are some significant Single Sign-On (SSO) updates; two that caught my eye include:

• IT can now insist on biometric as well as password ID on managed devices.
• Authenticated Guest Mode with Platform SSO allows users to quickly and securely login to a shared Mac in a temporary session.
• Platform SSO on macOS 27 adds web-based authentication.

Network and more

Another change affects the system processes used in device management at a network level. Apple now requires that you use TLS 1.2 or later. If you or your MDM systems are not doing so, get ready for things to break. (Apple has published a support article to help IT test their network environments in preparation for this change.)

Apple also announced that IT admins will be able to purchase and manage app subscriptions directly in Apple School Manager and Apple Business Manager. And it introduced a managed migration feature that should help migrate data, while preserving device management enrollment and settings. 

More information

I’ve really only offered a flavor of some of the IT improvements introduced at WWDC. To find out more, watch the Apple sessions on “What’s new in managing Apple devices” and take a look at the Apple Platform Deployment guide; it should be updated before the new operating systems ship this fall 

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon and subscribe to The Core.

Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]

AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]

Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody reads about. Companies that raise the [email protected]

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished this all looks now. Mule networks run like SaaS. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

​​The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. [...]

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of [email protected]

When it comes to AI deployments, IT leaders are often caught in an awkward middle space, trying to reconcile conflicting directives from senior management with constantly changing AI models, capabilities, and costs; data governance and security needs; and the limitations of their own team.

“Very few real benefits can be attained by simply purchasing an AI product and giving it to employees. Vendors have been overselling that fallacy for the past three years,” said Nader Henein, a Gartner VP analyst.

“The reality is that strong AI value and consistent ROI are almost always a result of deep and intentional integration of AI capabilities into existing workflows. For that you need specialized teams, which do not come cheap, and organizations have been recruiting those teams in a variety of ways,” Heinen said.

Among the options available to IT leaders looking for help with AI deployments are traditional IT consultancies, AI-specific consultancies, and independent contractors. Large enterprises with deep pockets can consider acquiring an AI firm and integrating its technology and expert staff. The use of open source to reduce vendor lock-in is a strategy that can sit on top of those others, an approach that Capital One has used. 

But the option that has been getting the most attention recently is bringing in forward-deployed engineers (FDEs), teams of experts from AI vendors that embed with a customer’s in-house engineers to oversee AI rollouts within the enterprise environment. Both OpenAI and Anthropic have recently announced FDE offerings, for example, and Microsoft is partnering with consulting giant EY in a new FDE program for agentic AI deployments.

Engineering teams employed by AI vendors have key strengths, such as understanding their models better than anyone else, having experience integrating those models into different types of enterprise environments, and knowing about upcoming model capabilities before they’re announced. But they also have the obvious drawback of vendor lock-in. Even if future rollouts are not within their contracted deliverables, those vendor employees could subtly influence a client’s future AI efforts. 

Flavio Villanustre, CISO for LexisNexis Risk Solutions, cautions IT executives to move into FDE programs carefully. 

FDEs “are financially incentivized to grow customers’ use of a vendor’s AI products and to create stickiness with that vendor’s services,” he said. “While FDEs may be a reasonable value-added service by the AI vendor, customers should always find other unbiased expert opinions that can evaluate competitive solutions across multiple vendors.”

This is particularly important at a time when “investor-subsidized AI token business models are starting to show cracks,” Villanustre said. “Also, in the current rapid pace of innovation in this field where AI vendors are constantly leapfrogging each other, retaining the agility to move from one vendor to the next could create significant competitive advantages.”

Analysts, consultants, and other industry experts who spoke with Computerworld about FDEs echoed Villanustre’s caution, citing concerns around hidden costs, confidentiality, observability, and vendor lock-in.

Long-term costs and vendor lock-in

A key issue that IT executives need to consider is how long the FDE teams will be needed. The enterprise will likely need an ongoing series of AI deployments synced with the current AI model(s). If help is needed today, why would that change tomorrow?

Enterprises tend to overlook those longer-term costs, said John Sangyeob Kim, an AI engineer at software development vendor Solidroad.

“Deployment is maybe 20% of the total cost. The other 80% is keeping the system running through model upgrades, data drift, and edge cases that only appear after months in production,” Kim said. “Most contracts price the first part and assume the rest. Deployment isn’t the hard part of enterprise AI anymore. The next eighteen months are.”

And whether it’s intentional or not, FDEs will naturally favor their own product portfolio — it’s what they know best.

“FDEs from model labs are good at making their own models work in your environment. They are less suited for multi-model systems, because their incentive is to keep you inside their ecosystem,” Kim said.

Sanchit Vir Gogia, chief analyst at Greyhound Research, said IT leaders should look at the FDE model as a strategy involving ongoing operational power. 

“Whoever shapes the deployment pattern shapes the enterprise’s future muscle memory. Whoever owns the evaluation layer owns the truth layer. Whoever controls the integration logic controls the dependency map,” Gogia said. “This is why the FDE model matters. It is not just another delivery option. It is the frontier AI vendor moving closer to the customer’s workflow, operating model, and decision architecture.”

That proximity cuts both ways, Gogia noted. “FDEs are embedded inside the customer’s [environment], but they are also connected to the vendor’s commercial center of gravity. Their instinct will be to build around the model family, tooling assumptions, deployment patterns, and product roadmap they know best. This is perfectly natural. It is also precisely why CIOs must be cautious,” he said.

Allowing AI vendor employees an outsized say in enterprise deployment decisions could lock in model vendor dependency, which in turn will fuel high prices that can’t be fought effectively.

“FDEs can accelerate deployment and deepen dependency at the same time,” Gogia said. “Frontier AI vendors are no longer content to sell access to models. They increasingly want to shape how enterprises deploy intelligence. That is a larger prize.”

What happens when the FDE team leaves?

FDE post-departure risks are severe and often underappreciated, according to Justin Greis, CEO of consulting firm Acceligence and former head of the North American cybersecurity practice at McKinsey.

For one thing, the FDE team learns a massive number of operational details from the enterprise deployment. Although NDAs and confidentiality contracts protect any data accessed, they often don’t regulate observed processes and procedures. 

“The learnings are absolutely going to be taken from client to client,” Greis said. “Whoever helps deploy AI will learn far more than what appears in the statement of work. They will learn the real workflows, the undocumented exceptions, the data-quality gaps, the approval bottlenecks, the security workarounds, and the places where the business depends on a few people knowing what to do when the process breaks. That knowledge may be as sensitive and precious as the data itself.”

Another critical but often overlooked issue is how much meaningful control will IT have over the project if and when the FDE team leaves.

“The danger is not using outside help. Most companies will need outside help,” Greis said. “The danger is using outside help in a way that leaves the enterprise less capable and more dependent when the engagement is over.”

It is precisely those operational decisions that IT often neglects, said Solidroad’s Kim.

“The best predictor of success is not the vendor. It is whether one internal engineer truly understands the system before the implementer leaves. What matters is who owns the evaluation loop after the demo,” Kim said.

“What happens to our prompts, scorers, and guardrails when the model version changes? If we paused this engagement tomorrow, what would actually stop working, by design or by accident?” Kim asked. “Where do you want the enterprise’s AI learning, control, and dependency to live after the engagement is over?”

Kim argues that observability — the ability to understand and manage all elements of a complex enterprise environment — is a critical function to which IT often gives insufficient attention. Determining whether the project uses the enterprise’s observability stack or the vendor’s observability stack is crucial.

“If the implementer is using their observability stack, that is fine during the build, but you need a plan to migrate it to something you own before they leave; otherwise the visibility walks out of the door with them,” Kim said. “If they are using yours, that is the best case. It means they are working inside the system your team will operate long-term.”

A major problem crops up when they are using neither the enterprise’s nor the vendor’s observability stack. “Neither means they are building the system without any production observability layer at all, and you inherit a system you cannot see into. The first time something breaks in production, you have no traces, no failure history, and no way to tell whether the issue is a model regression, a data problem, or a code bug,” Kim said.

“If observability was not a priority during the build, evals and regression testing usually weren’t either, so you are inheriting a system you cannot measure and cannot safely change. That’s the worst possible handoff position,” he said.

Weighing the alternatives

While the FDE approach is not new, it is just now beginning a surge in popularity, and there are a finite number of such specialists available. That means not all companies even have the option of using FDEs.

This availability disconnect is especially prominent for non-US deployments, where on-site FDEs are rarer, said Gartner’s Henein. “Where is the development happening? There may not be FDEs available in that region,” he said. 

There are plenty of other places enterprises can turn to for AI help. Ishraq Khan, CEO of coding productivity tool vendor Kodezi, encourages IT executives to consider a wide range of options but notes that all approaches have major drawbacks.

“Traditional consultancies are usually stronger at governance, process, compliance, and organizational coordination. They know how large enterprises operate politically and structurally. The downside is that many move slower and often lack deep frontier AI specialization,” Khan said.

Gogia from Greyhound Research put it more colorfully: Traditional IT consulting firms “know how to get legal, risk, security, finance, HR, and business units into the same room without anybody setting fire to the carpet. For regulated enterprises, that matters,” he said.

Specialized AI consultancies have a different set of strengths, Khan said. “AI-native consultancies move much faster and are often more technically current, but many are still immature operationally. Some can build impressive demos without fully understanding long-term maintainability, governance, or production reliability.”

Greis from Acceligence commented on two other options for bringing in outside AI help. Using an independent contractor “can be great for eval design, architecture reviews, red teaming, agent design, or getting a stalled team unstuck,” he said, but it can increase the risk of “key-person dependency,” where a single external person is the only one who understands the system.

As for purchasing an AI firm and onboarding its employees, a practice known as “acquihiring,” Greis said it can work well when the AI capability and expertise being brought in are truly strategic for the acquiring enterprise. But there is a risk that the acquired team will be smothered by the parent company’s bureaucracy: “You buy a speedboat, bolt it to an aircraft carrier, and then wonder why it stopped moving,” he said.

Finally, an open-source strategy can give companies flexibility and reduce vendor dependence, but “many companies underestimate the operational burden that comes with it,” Kodezi’s Khan said. “Open source only helps if the organization has the internal talent and discipline to maintain it properly.”

Bottom line: enterprises need to define their true objectives before deciding on an approach. Khan offered several key questions for CIOs to consider: “Who owns the deployment after implementation? Can we move providers later without rebuilding everything? What happens if the vendor relationship changes or disappears? Are we optimizing for short-term deployment speed or long-term operational resilience?”

In any scenario where outside firms have direct access to enterprise systems, IT needs to be kept fully in the loop. “The worst outcome is when an enterprise successfully deploys AI but no longer fully understands how its own systems operate underneath,” Khan said.

External help for AI deployments: 6 options ProsConsAI vendor FDEs+  Best expertise on the main model being used–  Vendor lock-in

–  Operational detail leaksTraditional IT consultancies+  Best understanding of change management, legacy integration, global rollout, governance, and operating-model redesign–  Can be too slow, too expensive, or too genericAI consulting firms+  More practical AI deployment experience than traditional consultants

+  Less vendor lock-in than model-provider FDEs–  May not sufficiently understand enterprise-grade requirements: security, identity, auditability, compliance, incident response, cost controls, and long-term maintainabilityIndependent contractors+  Useful for precision tasks: eval design, architecture reviews, red teaming, agent design, or getting a stalled team unstuck–  Risk of ‘key-person dependency’‘Acquihiring’ an AI firm+  Works when the acquired capability is truly strategic–  Acquired team can be smothered inside existing bureaucracyDeploying open-source products+  Reduces dependency on one model vendor

+  Attractive for data sovereignty, control over enterprise systems, cost efficiencies, and regulated environments–  Enterprise takes on full responsibility for security, patching, evaluation, deployment, monitoring, and lifecycle management Source: Acceligence

Related reading:

• Here’s one career emerging from the AI shift: ‘forward-deployed engineers’
• The forward-deployed engineer: Why talent, not technology, is the true bottleneck for enterprise AI
• The new AI lock-in

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Heads-up, my fellow Android-appreciating animals: Google’s in the midst of rolling out a subtle change to its privacy settings that’s well worth your while to notice.

The change includes a new clause that says the company can use images, files, video, and audio from your interactions with Google Lens, Search, and Gemini Live to train and improve its AI models.

By default, that switch will soon be on and active for your account.

But with about 20 seconds of one-time effort, you can opt out and flip it off (both literally and metaphorically, if you’re so inclined) once and for all.

Lemme show ya how.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter. Something new and useful every Friday — from my keyboard to your email.] 

Google’s new AI training privacy default

First things first — the nature of the change: According to Google, starting in the next few days, a new “Search Services History” section within the general Google account settings will lead to a significant-seeming policy shift. As per an email the company sent out to users this week:

Your media [will now be] saved when Search Services History is on. Saved media includes your images, files, audio, and video from your interactions with Search services to help improve your experience. … Your saved media is also used to develop and improve Google services and technologies, including AI models and safety measures.

Riiiiiiiiiiight.

Now, to its credit, Google does say the data will never be associated with your account or identity once it’s used for these purposes, and it’ll rely on “filters” to “automatically remove a broad range of identifying info or sensitive personal information.” But still, whether you’re working with important corporate info or simply put off by the idea of your personal media being fed into the AI training machine, this may be news you aren’t exactly thrilled to hear.

If you’re finding AI increasingly creepy or you’re just not so keen on knowing whatever media you submit to search-related services will be used to train and develop AI for the future, now’s the time to proactively speak up and change your Google account settings to shut down this setup before it begins.

That, unfortunately, is where things get slightly complicated — ’cause for most of us, this new Search Services History section doesn’t seem to be present and available just yet.

But that doesn’t mean you’re plum out of luck.

Your 20-second opt-out roadmap

To start on your AI training opt-out adventure, make sure you’re signed into whatever Google account you rely on for work and/or personal purposes, then head to the Google Activity Controls page and see if you see a section there called “Search Services History.”

If you do, this is especially easy for you: Just use the option right then and there to disable the “Save Media” setting within that section, which will stop any media files from being saved and used without eliminating the entire history of things you’ve searched. (If you’d rather eliminate all of your Google Search history from being saved and used even for your own future discovery and recommendations, you can also opt to turn that entire section off. Just be aware that it may have some wide-reaching effects on the personalization you see across a lot of Google services.)

If you don’t see that section — and, again, that appears to be the case for most of us at this point — you’ve got two options for the moment:

1. You can completely disable all of “Web & App Activity.” Google says if you do this, once your account transitions over to the new approach, all of those “Search Services History” settings will stay off as well. Just be aware that doing so will prevent any and all search history from being saved for you from here on out — which, again, means you won’t be able to revisit your search history yourself and won’t see suggestions and personalization based on past searches throughout Google apps in the future.
2. If you want to avoid entirely eliminating all of your search history, you can for now uncheck the boxes only for “Include voice and audio activity” and “Include Visual Search History.” That’ll stop search-related media from being saved to your Google account for the time being — though I’d also suggest setting yourself a reminder to look back at that same page once a week or so until you see “Search Services History” appear and can confirm that “Save Media” is unchecked as a result of that previous preference. Right now, Google isn’t explicitly saying that such a preference will carry over, so I’d put it on yourself to double-check and make sure (and then make the needed adjustment in the new interface, if not).

The choice is ultimately 100% yours — but in this case, it’s up to you to take action and opt yourself out if you aren’t comfortable with the default. It’s an unfortunate position to be put in, but now you at least know what’s happening and how you can make your own decision to take back control.

Find the tips and tools that’ll *actually* help you with my free Android Intelligence newsletter. No hype, no nonsense — just useful new stuff in your inbox every Friday, from one (alleged) human to another. 

Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]

The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]

While AI is proliferating across the workplace, it is introducing a new productivity paradox: While the technology makes work feel faster, it actually pushes more burden onto employees to provide context, perform quality checks, then rinse and repeat across numerous disparate tools.

This, according to a new survey of 6,000 full-time digital workers by Glean’s Work AI Institute, results in two emerging behaviors: “botsitting,” all the unrecognized work that goes into making AI actually usable; and “botshitting,” shipping AI-generated work that is unverified, not that well understood, or perhaps not even trustworthy. The survey report was co-authored by experts from Work AI Institute, Emory University, Stanford University, UC Berkeley, UC Santa Barbara, UNC Charlotte, University College London, and University of Notre Dame.

“It’s definitely in many ways a vicious cycle that feeds itself,” said Rebecca Hinds, head of Glean’s research center the Work AI Institute, a research collaborative of AI experts. Enterprises need to begin understanding and addressing the “massive, massive human labor that’s at the core of this.”

Workers are using AI more, getting more frustrated

There’s no doubt that AI is quickly becoming a central teammate in the workplace. Glean’s Work AI Institute found that 87% of digital workers are using AI: It is already automating more than a quarter of their work and saving about 11 hours a week.

Still, only 13% say the use of AI has significantly improved their company’s performance, and their time savings are being eaten up by the same technology that is producing them. Employees lose about one-third of their work week (6.4 hours) botsitting: feeding AI context, supervising outputs, debugging errors, cleaning up AI-generated work, and switching between AI tools.

“We’re seeing high, high rates of multiple tool usage, and often those tools aren’t connected,” said Hinds.

In terms of context-feeding, large language models (LLMs) are trained on the vast corpus of the internet, but not always on enterprise-specific data. Thus, employees often have to provide additional information around their company’s products, customers, services, or other details.

“They’re often feeling frustrated when the tools don’t understand enough about day to day work to be useful,” said Hinds. Also, because employees are using multiple tools, they often have to repeat the same prompt over and over.

“It’s exhausting for workers to not only do this, but to have the work be unrecognized, often unrewarded and unacknowledged within the organization,” she said.

Similarly, workers are having to catch outputs that might look polished and finished on the surface, but could be wrong, incomplete, or missing important context. Debugging is the biggest driver of exhaustion, because it is often conducted by people who didn’t necessarily contribute to the initial output, Hinds noted, so they first have to dig up background information.

However, “not all botsitting is bad,” Hinds emphasized. “Certainly, we want workers to have some level of ownership and oversight.”

But when it is unnecessary, it can lead to botshitting, where users ship AI-generated work they haven’t verified because they’re overwhelmed or time-constrained. Sixty-nine percent of users admit to doing so, and 41% say they sometimes deliver work they could not explain if asked. Another 28% blame AI for mistakes they themselves caused.

“Botshitting is offloading your critical human thinking, judgment, and understanding,” Hinds explained. “You’re offloading that work that absolutely needs to remain with the human.”

Workers using multiple AI agents are significantly more likely to do this, she added, because agents are so scalable, and can spiral out of control if they don’t have the right controls or permissions built around them, causing overwhelmed users to give up on their verification efforts.

“You don’t often see the negative impacts until 3, 4, 5, steps down the line,” said Hinds. “Then it requires all of this cleanup work, detective work, to understand where did the agent go wrong.”

Using AI … but not too much

Interestingly, more than half of the workers surveyed said they get more day-to-day help from AI than they get from their managers, and consider it easier to collaborate with than humans.

Still, they seem to be facing a Goldilocks problem when it comes to sharing their use of AI. Among self-identified high AI achievers, 54% are using unapproved tools or using approved tools in noncompliant ways, and 36% are hiding how much AI helps them.

As Hinds explained, depending on the context and the level of psychological safety an organization has provided, it can be “differentially beneficial or harmful” to show you’re using AI, and, on the flip side, to conceal that you’re using it too much, because that might make you less valuable, or perceived as less valuable, she said.

It’s a complicated balance, because, she noted, “there’s massive pressure in so many organizations to demonstrate AI fluency, to demonstrate you’re a power user.”

What successful organizations are doing differently

In fact, the report said, “The companies pulling ahead are doing something different. They aren’t spending a greater share of their AI time using AI. They’re spending a greater share on the work around it: setting context, defining what ‘good’ looks like, building judgment, and deciding what should never have been handed to a model in the first place.”

The most transformative organizations are addressing AI challenges proactively: Providing training and support, treating AI as an opportunity to redesign work, and formally rewarding AI skills. In addition, it noted, the hardest skill to build is knowing when not to use AI.

It is “not just clicks of the tool, not just tokens used, but real skills, real learning,” said Hinds. In addition to investing in workers, these organizations are clearly stating AI strategy and clarifying the “why” behind it. Governance should also be “living and breathing,” with companies continuously re-evaluating policies.

And it needs to happen at every level, top execs included, said Hinds: “It’s being able to see the executives use the technology, sharing both the success stories and the failures.”

Successful companies are also actively using metrics anchored in existing key performance indicators (KPIs). They are measuring quality, efficiency, and employee engagement in different ways, and putting data in the hands of employees so they can assess their own adoption and success.

“It’s less about surveillance and more about feedback in terms of how we work collectively,” said Hinds.

What’s “fascinating but perhaps not surprising,” she said, is that workers are increasingly using AI itself as a teacher, and prefer it over other learning channels. This speaks to the importance of low-code, no-code tools, with low learning curves and organizational context, that are embedded directly into workflows.

“It is starkly different from what we’ve seen with previous technologies,” she said.

This article originally appeared on CIO.com.

Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...]

Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]