Agregátor RSS

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of [email protected]

When it comes to AI deployments, IT leaders are often caught in an awkward middle space, trying to reconcile conflicting directives from senior management with constantly changing AI models, capabilities, and costs; data governance and security needs; and the limitations of their own team.

“Very few real benefits can be attained by simply purchasing an AI product and giving it to employees. Vendors have been overselling that fallacy for the past three years,” said Nader Henein, a Gartner VP analyst.

“The reality is that strong AI value and consistent ROI are almost always a result of deep and intentional integration of AI capabilities into existing workflows. For that you need specialized teams, which do not come cheap, and organizations have been recruiting those teams in a variety of ways,” Heinen said.

Among the options available to IT leaders looking for help with AI deployments are traditional IT consultancies, AI-specific consultancies, and independent contractors. Large enterprises with deep pockets can consider acquiring an AI firm and integrating its technology and expert staff. The use of open source to reduce vendor lock-in is a strategy that can sit on top of those others, an approach that Capital One has used. 

But the option that has been getting the most attention recently is bringing in forward-deployed engineers (FDEs), teams of experts from AI vendors that embed with a customer’s in-house engineers to oversee AI rollouts within the enterprise environment. Both OpenAI and Anthropic have recently announced FDE offerings, for example, and Microsoft is partnering with consulting giant EY in a new FDE program for agentic AI deployments.

Engineering teams employed by AI vendors have key strengths, such as understanding their models better than anyone else, having experience integrating those models into different types of enterprise environments, and knowing about upcoming model capabilities before they’re announced. But they also have the obvious drawback of vendor lock-in. Even if future rollouts are not within their contracted deliverables, those vendor employees could subtly influence a client’s future AI efforts. 

Flavio Villanustre, CISO for LexisNexis Risk Solutions, cautions IT executives to move into FDE programs carefully. 

FDEs “are financially incentivized to grow customers’ use of a vendor’s AI products and to create stickiness with that vendor’s services,” he said. “While FDEs may be a reasonable value-added service by the AI vendor, customers should always find other unbiased expert opinions that can evaluate competitive solutions across multiple vendors.”

This is particularly important at a time when “investor-subsidized AI token business models are starting to show cracks,” Villanustre said. “Also, in the current rapid pace of innovation in this field where AI vendors are constantly leapfrogging each other, retaining the agility to move from one vendor to the next could create significant competitive advantages.”

Analysts, consultants, and other industry experts who spoke with Computerworld about FDEs echoed Villanustre’s caution, citing concerns around hidden costs, confidentiality, observability, and vendor lock-in.

Long-term costs and vendor lock-in

A key issue that IT executives need to consider is how long the FDE teams will be needed. The enterprise will likely need an ongoing series of AI deployments synced with the current AI model(s). If help is needed today, why would that change tomorrow?

Enterprises tend to overlook those longer-term costs, said John Sangyeob Kim, an AI engineer at software development vendor Solidroad.

“Deployment is maybe 20% of the total cost. The other 80% is keeping the system running through model upgrades, data drift, and edge cases that only appear after months in production,” Kim said. “Most contracts price the first part and assume the rest. Deployment isn’t the hard part of enterprise AI anymore. The next eighteen months are.”

And whether it’s intentional or not, FDEs will naturally favor their own product portfolio — it’s what they know best.

“FDEs from model labs are good at making their own models work in your environment. They are less suited for multi-model systems, because their incentive is to keep you inside their ecosystem,” Kim said.

Sanchit Vir Gogia, chief analyst at Greyhound Research, said IT leaders should look at the FDE model as a strategy involving ongoing operational power. 

“Whoever shapes the deployment pattern shapes the enterprise’s future muscle memory. Whoever owns the evaluation layer owns the truth layer. Whoever controls the integration logic controls the dependency map,” Gogia said. “This is why the FDE model matters. It is not just another delivery option. It is the frontier AI vendor moving closer to the customer’s workflow, operating model, and decision architecture.”

That proximity cuts both ways, Gogia noted. “FDEs are embedded inside the customer’s [environment], but they are also connected to the vendor’s commercial center of gravity. Their instinct will be to build around the model family, tooling assumptions, deployment patterns, and product roadmap they know best. This is perfectly natural. It is also precisely why CIOs must be cautious,” he said.

Allowing AI vendor employees an outsized say in enterprise deployment decisions could lock in model vendor dependency, which in turn will fuel high prices that can’t be fought effectively.

“FDEs can accelerate deployment and deepen dependency at the same time,” Gogia said. “Frontier AI vendors are no longer content to sell access to models. They increasingly want to shape how enterprises deploy intelligence. That is a larger prize.”

What happens when the FDE team leaves?

FDE post-departure risks are severe and often underappreciated, according to Justin Greis, CEO of consulting firm Acceligence and former head of the North American cybersecurity practice at McKinsey.

For one thing, the FDE team learns a massive number of operational details from the enterprise deployment. Although NDAs and confidentiality contracts protect any data accessed, they often don’t regulate observed processes and procedures. 

“The learnings are absolutely going to be taken from client to client,” Greis said. “Whoever helps deploy AI will learn far more than what appears in the statement of work. They will learn the real workflows, the undocumented exceptions, the data-quality gaps, the approval bottlenecks, the security workarounds, and the places where the business depends on a few people knowing what to do when the process breaks. That knowledge may be as sensitive and precious as the data itself.”

Another critical but often overlooked issue is how much meaningful control will IT have over the project if and when the FDE team leaves.

“The danger is not using outside help. Most companies will need outside help,” Greis said. “The danger is using outside help in a way that leaves the enterprise less capable and more dependent when the engagement is over.”

It is precisely those operational decisions that IT often neglects, said Solidroad’s Kim.

“The best predictor of success is not the vendor. It is whether one internal engineer truly understands the system before the implementer leaves. What matters is who owns the evaluation loop after the demo,” Kim said.

“What happens to our prompts, scorers, and guardrails when the model version changes? If we paused this engagement tomorrow, what would actually stop working, by design or by accident?” Kim asked. “Where do you want the enterprise’s AI learning, control, and dependency to live after the engagement is over?”

Kim argues that observability — the ability to understand and manage all elements of a complex enterprise environment — is a critical function to which IT often gives insufficient attention. Determining whether the project uses the enterprise’s observability stack or the vendor’s observability stack is crucial.

“If the implementer is using their observability stack, that is fine during the build, but you need a plan to migrate it to something you own before they leave; otherwise the visibility walks out of the door with them,” Kim said. “If they are using yours, that is the best case. It means they are working inside the system your team will operate long-term.”

A major problem crops up when they are using neither the enterprise’s nor the vendor’s observability stack. “Neither means they are building the system without any production observability layer at all, and you inherit a system you cannot see into. The first time something breaks in production, you have no traces, no failure history, and no way to tell whether the issue is a model regression, a data problem, or a code bug,” Kim said.

“If observability was not a priority during the build, evals and regression testing usually weren’t either, so you are inheriting a system you cannot measure and cannot safely change. That’s the worst possible handoff position,” he said.

Weighing the alternatives

While the FDE approach is not new, it is just now beginning a surge in popularity, and there are a finite number of such specialists available. That means not all companies even have the option of using FDEs.

This availability disconnect is especially prominent for non-US deployments, where on-site FDEs are rarer, said Gartner’s Henein. “Where is the development happening? There may not be FDEs available in that region,” he said. 

There are plenty of other places enterprises can turn to for AI help. Ishraq Khan, CEO of coding productivity tool vendor Kodezi, encourages IT executives to consider a wide range of options but notes that all approaches have major drawbacks.

“Traditional consultancies are usually stronger at governance, process, compliance, and organizational coordination. They know how large enterprises operate politically and structurally. The downside is that many move slower and often lack deep frontier AI specialization,” Khan said.

Gogia from Greyhound Research put it more colorfully: Traditional IT consulting firms “know how to get legal, risk, security, finance, HR, and business units into the same room without anybody setting fire to the carpet. For regulated enterprises, that matters,” he said.

Specialized AI consultancies have a different set of strengths, Khan said. “AI-native consultancies move much faster and are often more technically current, but many are still immature operationally. Some can build impressive demos without fully understanding long-term maintainability, governance, or production reliability.”

Greis from Acceligence commented on two other options for bringing in outside AI help. Using an independent contractor “can be great for eval design, architecture reviews, red teaming, agent design, or getting a stalled team unstuck,” he said, but it can increase the risk of “key-person dependency,” where a single external person is the only one who understands the system.

As for purchasing an AI firm and onboarding its employees, a practice known as “acquihiring,” Greis said it can work well when the AI capability and expertise being brought in are truly strategic for the acquiring enterprise. But there is a risk that the acquired team will be smothered by the parent company’s bureaucracy: “You buy a speedboat, bolt it to an aircraft carrier, and then wonder why it stopped moving,” he said.

Finally, an open-source strategy can give companies flexibility and reduce vendor dependence, but “many companies underestimate the operational burden that comes with it,” Kodezi’s Khan said. “Open source only helps if the organization has the internal talent and discipline to maintain it properly.”

Bottom line: enterprises need to define their true objectives before deciding on an approach. Khan offered several key questions for CIOs to consider: “Who owns the deployment after implementation? Can we move providers later without rebuilding everything? What happens if the vendor relationship changes or disappears? Are we optimizing for short-term deployment speed or long-term operational resilience?”

In any scenario where outside firms have direct access to enterprise systems, IT needs to be kept fully in the loop. “The worst outcome is when an enterprise successfully deploys AI but no longer fully understands how its own systems operate underneath,” Khan said.

External help for AI deployments: 6 options ProsConsAI vendor FDEs+  Best expertise on the main model being used–  Vendor lock-in

–  Operational detail leaksTraditional IT consultancies+  Best understanding of change management, legacy integration, global rollout, governance, and operating-model redesign–  Can be too slow, too expensive, or too genericAI consulting firms+  More practical AI deployment experience than traditional consultants

+  Less vendor lock-in than model-provider FDEs–  May not sufficiently understand enterprise-grade requirements: security, identity, auditability, compliance, incident response, cost controls, and long-term maintainabilityIndependent contractors+  Useful for precision tasks: eval design, architecture reviews, red teaming, agent design, or getting a stalled team unstuck–  Risk of ‘key-person dependency’‘Acquihiring’ an AI firm+  Works when the acquired capability is truly strategic–  Acquired team can be smothered inside existing bureaucracyDeploying open-source products+  Reduces dependency on one model vendor

+  Attractive for data sovereignty, control over enterprise systems, cost efficiencies, and regulated environments–  Enterprise takes on full responsibility for security, patching, evaluation, deployment, monitoring, and lifecycle management Source: Acceligence

Related reading:

• Here’s one career emerging from the AI shift: ‘forward-deployed engineers’
• The forward-deployed engineer: Why talent, not technology, is the true bottleneck for enterprise AI
• The new AI lock-in

Téměř 70 % počítačů se Steamem v květnu poháněly Windows 11. • Nejvíce hráčů vlastní 16 GB operační paměti a podíl kapacity narostl. • Grafické karty se 16 GB paměti skoro dohnaly 8GB karty.

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Každý absolvent povinné školní docházky si pamatuje, že Česko leží v mírném pásu. Maturanti ze zeměpisu pak možná z paměti vyloví i Köppenovu klasifikaci podnebí, která zemi dělí na mnohem pestrobarevnější rej zón s podobným klimatem. Česko má podnebí, které se táhne až k Mongolsku Česká ...

Heads-up, my fellow Android-appreciating animals: Google’s in the midst of rolling out a subtle change to its privacy settings that’s well worth your while to notice.

The change includes a new clause that says the company can use images, files, video, and audio from your interactions with Google Lens, Search, and Gemini Live to train and improve its AI models.

By default, that switch will soon be on and active for your account.

But with about 20 seconds of one-time effort, you can opt out and flip it off (both literally and metaphorically, if you’re so inclined) once and for all.

Lemme show ya how.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter. Something new and useful every Friday — from my keyboard to your email.] 

Google’s new AI training privacy default

First things first — the nature of the change: According to Google, starting in the next few days, a new “Search Services History” section within the general Google account settings will lead to a significant-seeming policy shift. As per an email the company sent out to users this week:

Your media [will now be] saved when Search Services History is on. Saved media includes your images, files, audio, and video from your interactions with Search services to help improve your experience. … Your saved media is also used to develop and improve Google services and technologies, including AI models and safety measures.

Riiiiiiiiiiight.

Now, to its credit, Google does say the data will never be associated with your account or identity once it’s used for these purposes, and it’ll rely on “filters” to “automatically remove a broad range of identifying info or sensitive personal information.” But still, whether you’re working with important corporate info or simply put off by the idea of your personal media being fed into the AI training machine, this may be news you aren’t exactly thrilled to hear.

If you’re finding AI increasingly creepy or you’re just not so keen on knowing whatever media you submit to search-related services will be used to train and develop AI for the future, now’s the time to proactively speak up and change your Google account settings to shut down this setup before it begins.

That, unfortunately, is where things get slightly complicated — ’cause for most of us, this new Search Services History section doesn’t seem to be present and available just yet.

But that doesn’t mean you’re plum out of luck.

Your 20-second opt-out roadmap

To start on your AI training opt-out adventure, make sure you’re signed into whatever Google account you rely on for work and/or personal purposes, then head to the Google Activity Controls page and see if you see a section there called “Search Services History.”

If you do, this is especially easy for you: Just use the option right then and there to disable the “Save Media” setting within that section, which will stop any media files from being saved and used without eliminating the entire history of things you’ve searched. (If you’d rather eliminate all of your Google Search history from being saved and used even for your own future discovery and recommendations, you can also opt to turn that entire section off. Just be aware that it may have some wide-reaching effects on the personalization you see across a lot of Google services.)

If you don’t see that section — and, again, that appears to be the case for most of us at this point — you’ve got two options for the moment:

1. You can completely disable all of “Web & App Activity.” Google says if you do this, once your account transitions over to the new approach, all of those “Search Services History” settings will stay off as well. Just be aware that doing so will prevent any and all search history from being saved for you from here on out — which, again, means you won’t be able to revisit your search history yourself and won’t see suggestions and personalization based on past searches throughout Google apps in the future.
2. If you want to avoid entirely eliminating all of your search history, you can for now uncheck the boxes only for “Include voice and audio activity” and “Include Visual Search History.” That’ll stop search-related media from being saved to your Google account for the time being — though I’d also suggest setting yourself a reminder to look back at that same page once a week or so until you see “Search Services History” appear and can confirm that “Save Media” is unchecked as a result of that previous preference. Right now, Google isn’t explicitly saying that such a preference will carry over, so I’d put it on yourself to double-check and make sure (and then make the needed adjustment in the new interface, if not).

The choice is ultimately 100% yours — but in this case, it’s up to you to take action and opt yourself out if you aren’t comfortable with the default. It’s an unfortunate position to be put in, but now you at least know what’s happening and how you can make your own decision to take back control.

Find the tips and tools that’ll *actually* help you with my free Android Intelligence newsletter. No hype, no nonsense — just useful new stuff in your inbox every Friday, from one (alleged) human to another. 

Byla vydána nová verze 4.8 multiplatformního integrovaného vývojového prostředí (IDE) pro rychlý vývoj aplikaci (RAD) ve Free Pascalu Lazarus (Wikipedie). Využíván je Free Pascal Compiler (FPC) 3.2.2.

Před dvěma měsíci přišla z Nizozemska zpráva o schválení FSD Supervised (asistenční systém společnosti Tesla). Už tehdy jsme se těšili, že je rozšíření do celé EU jen otázkou času. Za tu dobu se přidalo Estonsko, Litva a Dánsko. Ozvalo se i české Ministerstvo dopravy: …a na X se strhla bouře. ...

Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]

Intel vydal tzv. Platform Performance Package ve verzi 26.06.100.32, která zahrnuje Binary Optimization Tool rozšířený o podporu 7 her, což znamená, že celkem podporuje 19 herních titulů…

Elektronika je dnes dostupnější než kdykoliv předtím, přesto její výměna nebývá vždy tím nejrozumnějším řešením. Rozbitý displej, unavená baterie, přehřívající se notebook nebo selhávající disk často neznamenají konec zařízení.

Spousta lidí nostalgicky vzpomíná na to, jak se dříve věci opravovaly. Když ale dojde na lámání chleba, starý výrobek často vyhodí a koupí si nový. Někdy proto, že by oprava byla dražší než nový výrobek. Jindy přitom může být problémem jen stará baterie.

The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]

PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here. Have a story about someone leaving a gaping hole in their network? Share it with us at [email protected]. Anonymity is available upon request. This week’s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He’s been in the industry for more than a quarter of a century and he knows where the bits are buried. At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly. The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees’ login credentials. The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file. In any decent security setup, no one in the company has access to anyone else’s password. Even the head of the IT department should not know another employee’s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems. But this company’s CEO wanted the usernames and passwords for reasons I’m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague had sent secret information to the entire company via email and he had spent the evening logging into every single account and deleting the message before anyone could see it. Just in case other messages were sent in error in the future, the CEO wanted the ability to log into all the relevant accounts and delete them himself. Perhaps for the same reason, he would not allow MFA (multi-factor authentication), because that would have kept him out of people’s inboxes. He was adamant even though the company had been the victim of a ransomware incident previously. “Despite repeated advice, he held that position for around four months, until we were able to demonstrate that the IT team could remove messages centrally using fairly simple administrative commands, without needing everyone’s password,” Irwin said. Even after getting rid of the Excel sheet of shame, the boss still refused to turn on MFA and the company subsequently suffered two data breaches involving sensitive client data. Unfortunately, this company wasn’t the only one that Irwin worked with where the management had something against MFA. Another client, this one in the medical sector, was opposed to multi-factor authentication because it “made things just a little too hard” for the external consultants they were using to access their systems. During the time that Irwin worked with that company, they got lucky and no one breached them. But since then, he’s seen signs that their data was available on the dark web. No word on whether they ever switched MFA on. There’s plenty to learn from Irwin’s two clients, but it’s all pretty obvious. First, don’t let anyone, even administrators or CEOs, have other people’s passwords. If someone has to get into another person’s email account, have IT use administrative access. Second, always enable MFA, preferably MFA with passkeys. ®

Na konci roku schválí Evropská komise návrh nového legislativního balíku, který má za cíl výrazně narovnat podmínky v digitálním prostoru. Chce zakázat nekalé praktiky v e-shopech, na sítích i ve hrách.

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]

Ruské družice systému včasného varování prokazatelně ruší signály GNSS • Krátké výpadky v civilním pásmu postihují systémy GPS, Galileo i BeiDou • Podle vědců může jít o testování nových zbraní elektronického boje

PCIe 6.0 se z hlediska osobních počítačů jeví jako čím dál vzdálenější budoucnost. Je však zajímavé, že ani v profesionálním segmentu nepůjde o standard, ale luxus…

Apple container dospěl do verze 1.0.0. Jedná se o open source nástroj pro spouštění linuxových kontejnerů na macOS postavený nad containerization. Napsaný je v programovacím jazyce Swift a optimalizovaný pro Apple silicon.