February 18, 2025
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
While AI agents are built to do specific tasks or automate specific, often-repetitive tasks (like updating your calendar), they generally require human input. Agentic AI is all about autonomy (think self-driving cars), employing a system of agents to constantly adapt to dynamic environments and independently create, execute and optimize results. When agentic AI is applied to business process workflows, it can replace fragile, static business processes with dynamic, context-aware automation systems. Let’s take a look at why integrating AI agents into enterprise architectures marks a transformative leap in the way organizations approach automation and business processes, and what kind of platform is required to support these systems of automation. ... Models that power networks of agents are essentially stateless functions that take context as an input and output a response, so some kind of framework is necessary to orchestrate them. Part of that orchestration could be simple refinements (for example, having the model request more information). This might sound analogous to retrieval-augmented generation (RAG) — and it should, because RAG is essentially a simplified form of agent architecture: It provides the model with a single tool that accesses additional information, often from a vector database.
Adversarial AI attacks, such as model poisoning and data manipulation, threaten M2M security by compromising automated authentication and processes. These attacks exploit vulnerabilities in how machine learning models exchange data and authenticate within M2M environments. Model poisoning involves injecting malicious data or manipulating updates, undermining AI decision-making and potentially introducing backdoors. If AI systems accept compromised credentials or updates, security degrades, particularly in autonomous M2M systems, leading to cascading failures. ... The key is implementing zero standing privileges (ZSP) to prevent AI-driven systems from having persistent, unnecessary access to sensitive resources. Instead of long-lived credentials, access is granted just-in-time (JIT) with just-enough privileges, based on real-time verification. ZSP minimizes risk by enforcing ephemeral credentials, policy-based access control, continuous authorization, and automated revocation if anomalies are detected. This ensures that even if an AI system is compromised, attackers can’t exploit standing privileges to move laterally. With AI making autonomous decisions, security must be dynamic. By eliminating unnecessary privileges and enforcing strict, real-time access controls, organizations can secure AI-driven machine-to-machine interactions while maintaining agility and automation.
Attacks against credential stories are rising partly because these attacks have become easier and more automated, with widely available tools enabling cybercriminals to extract and exploit credentials at scale. In addition, “many businesses still rely on passwords as their primary defense, despite the known security risks, due to challenges around MFA [multi-factor authentication] adoption and user friction,” Berzinski said. David Sancho, senior threat researcher at anti-malware vendor Trend Micro, told CSO that the increase in malware targeting credential stores is unsurprising. “We are definitely seeing a rise in malware targeting credential stores, but this is hardly a surprise to anybody,” Sancho said. “Credential stores are where credentials are located, specifically on the browser. Every time you let the browser ‘memorize’ a user/password pair, it gets stored somewhere. Those locations are certainly the prime targets — and have been for a long time — for infostealers.” Darren Guccione, CEO and co-founder of password manager vendor Keeper Security, acknowledged that cybercriminals were targeting credential stores but argued that some applications were better protected than others. “Not all password managers are created equal, and that distinction is critical as cybercriminals increasingly target a broad range of cybersecurity solutions, including credential stores,” Guccione said.?
Reasoning models like o1 and R1 work in two steps, first they “reason” or “think” about the user’s prompt, then they return a final result in a second step. In the reasoning step, the model goes through a chain of thought to come to a conclusion. It depends on the user interface in front of the model if you can fully see the contents of this reasoning step. OpenAI e.g. is only showing users summaries of each step. DeepSeek’s platform shows the full reasoning chain (and of course you also have access to the full chain when you run R1 yourself). At the end of the reasoning step the chatbot UIs will show messages like “Thought for 36 seconds”, or “Reasoned for 6 seconds”. However long it takes, and regardless of if the user can see it or not, tokens are being generated in the background, because LLMs think through token generation. ... Many of the reasoning benchmarks use grade school math problems, so those are my frame of reference when I try to find analogous problems in software where a chain of thought would be helpful. It seems to me like this is about problems that need multiple steps to come to a solution, where each step depends on the output of the previous one. ... Debugging seems like an excellent use case for chain of thought. My main puzzle is how much our usage of reasoning for debugging will be hindered by the lack of function calling.
The consequences of flawed AI code can be significant. Security holes and compliance issues are top of mind for many software companies, but some issues are less immediately obvious. Faulty AI-generated code adds to overall technical debt, and it can detract from the efficiency code assistants are intended to boost. “Hallucinated code often leads to inefficient designs or hacks that require rework, increasing long-term maintenance costs,” says Microsoft’s Ramaswamy. Fortunately, the developers we spoke with had plenty of advice about how to ensure AI-generated code is correct and secure. There were two categories of tips: how to minimize the chance of code hallucinations, and how to catch hallucinations after the fact. ... Even with machine assistance, most people we spoke to saw human beings as the last line of defense against AI hallucination. Most saw human involvement remaining crucial to the coding process for the foreseeable future. ” Always use AI as a guide, not a source of truth,” says Microsoft’s Ramaswamy. “Treat AI-generated code as a suggestion, not a replacement for human expertise.” That expertise shouldn’t just be around programming generally; you should stay intimately acquainted with the code that powers your applications. “It can sometimes be hard to spot a hallucination if you’re unfamiliar with a codebase,” says Rehl.?
The project’s top-line goal, as per its tagline, is to create: “A series of foundation models for transparent AI in Europe.” Additionally, these models should preserve the “linguistic and cultural diversity” of all EU languages — current and future. What this translates to in terms of deliverables is still being ironed out, but it will likely mean a core multilingual LLM designed for general-purpose tasks where accuracy is paramount. And then also smaller “quantized” versions, perhaps for edge applications where efficiency and speed are more important. “This is something we still have to make a detailed plan about,” Haji? said. “We want to have it as small but as high-quality as possible. We don’t want to release something which is half-baked, because from the European point-of-view this is high-stakes, with lots of money coming from the European Commission — public money.” While the goal is to make the model as proficient as possible in all languages, attaining equality across the board could also be challenging. “That is the goal, but how successful we can be with languages with scarce digital resources is the question,” Haji? said. “But that’s also why we want to have true benchmarks for these languages, and not to be swayed toward benchmarks which are perhaps not representative of the languages and the culture behind them.“