January 25, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Microsoft’s Semantic Kernel team is building on OpenAI’s Assistant model to deliver one kind of intelligent agent, along with a set of tools to manage calling multiple functions. They’re also providing a way to manage the messages sent to and from the OpenAI API, and to use plugins to integrate general purpose chat with grounded data-driven integrations using RAG. The team is starting to go beyond the original LangChain-like orchestration model with the recent 1.01 release and is now thinking of Semantic Kernel as a runtime for a contextual conversation. That requires a lot more management of the conversation and prompt history used. All interactions will go through the chat function, with Semantic Kernel managing both inputs and outputs. There’s a lot going on here. First, we’re seeing a movement towards an AI stack. Microsoft’s Copilot model is perhaps best thought of as an implementation of a modern agent stack, building on the company’s investment in AI-ready infrastructure (for inference as well as training), its library of foundation models, all the way up to support for plugins that work across Microsoft’s and OpenAI’s platforms.
A big problem today is that security teams are only involved at the end of a project as part of a “final sign-off” in many organizations. This creates friction between developers and security engineers; both may see the other as the root of the problem: “If these developers only wrote secure code, everyone’s lives would be easier.” and “Oh great, the security team is going to find a bunch of bugs and delay our launch. Again.” Organizations that involve security teams with development during the initial stages of design and scoping and have a few security reviews during the development process allow bugs to be addressed early in the cycle and provide an opportunity for the security team to educate developers on standard insecure coding practices. While no solution is perfect, this approach – adopted by companies like Microsoft in developing HyperV – helps avoid last-minute delays and animosity between the teams. ... Supply chain security needs to be a priority early in the development lifecycle. At the very least, open-source libraries and components should be audited for known vulnerabilities, and it’s worth looking at the vulnerability history of a component.
The rapid spread of AI technology, while offering significant advantages, has also given rise to several concerning trends. Bias and discrimination inherent in AI systems can replicate and amplify existing societal prejudices, often at the expense of marginalized groups. Privacy erosion, another critical issue, poses risks of surveillance and data misuse. Additionally, the threat of job displacement due to automation, security vulnerabilities, and the ethical concerns posed by AI decision-making in sensitive areas are challenges that require immediate and thoughtful attention. In the context of hiring and recruiting, AI-driven bias is a significant concern. AI models, when trained on biased historical data, can inadvertently perpetuate discrimination, making it harder for certain groups, such as individuals with criminal records, to secure employment. For example, background checks are normally limited to seven years, but an AI model may contain data extending beyond that timeframe. Without proper protections in place, candidates may be flagged for offenses that are older than can legally be considered. This would not only impact individual lives but also reinforce systemic inequalities.
领英推荐
We are already witnessing notable strides in standardising the movement and utilisation of financial and healthcare data through innovations in the Account Aggregator (AA) framework and the Ayushman Bharat Digital Mission (ABDM) healthcare data exchange. The systematic approach fostered by AA and ABDM presents an opportune moment to embed privacy at the heart of system architecture and design. In these ecosystems, Financial Information Users (FIUs) and Healthcare Information Users (HIUs) are particularly vulnerable to risks associated with the handling of users and business data. India stands at a critical juncture, with the potential to revolutionise how data is circulated through such aggregator systems. While these institutions access data streams with user consent, there is a risk of falling into the same conflicts observed in advanced digital economies. The crux of the issue lies in the intricate relationship between consent, data exploitation, and the often opaque interpretation of privacy with consent. Addressing this challenge is essential to avoid replicating the contentious dynamics seen in more mature digital markets and to pave the way for a more transparent, user-centric data ecosystem.2
Data privacy advocates in the United States have been working toward comprehensive privacy legislation since the late 1990s. Unlike some other regions, such as the European Union with its General Data Protection Regulation (GDPR), the US lacks a single, overarching law to protect individuals' privacy rights. Right now, over 55 state and federal laws coexist in the United States, offering various levels of privacy protections. Not only is it a nightmare for data breach response and notification, but the inconsistencies do Americans a disservice when it comes to adequately protecting data privacy as it leaves gaps in protection for individuals whose data may be handled differently depending on their location. ... The release of the “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” by the Biden administration underscores the importance of legislation that unifies the existing patchwork of regulations, enforcement activities, and penalties under one comprehensive law. As the White House stated in their fact sheet, "AI not only makes it easier to extract, identify, and exploit personal data, but it also heightens incentives to do so because companies use data to train AI systems."
Every business model requires the Right to Win approach. So, what I look for in an entrepreneur is, whether he has this Right to Win attitude. What I look for next is, whether they are long-term entrepreneurs or opportunistic entrepreneurs. Many people want to be entrepreneurs today for the glamour and money in entrepreneurship. Entrepreneurship is not a sprint; it is a marathon with multiple ups and downs. And you should be able to withstand all that. You need to have the temperament to run a marathon. Remember, in the model that I follow now is where I don't run the business; the entrepreneurs run it. I help, I support, but ultimately, they have to run the business. When I looked for an entrepreneur for Bluestone.com, I had in my mind was one who can disrupt the traditional jewellery market with technology. You may wonder what Gaurav Singh Kushwaha, an IIT-Delhi computer science graduate, is doing in jewellery business when he is not a jeweller. It was his ability to design jewellery with the aid of computers and deliver exactly the same thing that attracted me. There is a lot of technology involved in the business.