A side dish of data for Thanksgiving
Happy deer hunting week! Or as most of you might know it, Thanksgiving week! I'm sure many of you, like me, are preparing to deliver a delicious table full of data. I mean dishes with tasty culinary delights, of course. Or maybe you're buying them (shhhh! I do some of that too. No shame, no judgment.) Either way, we're getting the table set for a feast!
If you're looking for a little taste of what's to come in technology, this is the place to be. I got a little of this and a little of that for you this week. Not too much, don't want to ruin the big feast for you, after all.
And not to ruin Black Friday or Cyber Monday shopping for you, but watch yourself out there. Netskope Threat Labs reports that adversaries targeting victims in the banking industry are focused on financial fraud, using phishing as one of their main strategies to steal bank account details and banking login credentials. That's a good reminder to remain vigilant and always be suspicious of links in unexpected e-mail or texts. And hey, if you get a chance to remind the fam at the feast, well, that's not a bad way to show you love them.
Unsurprisingly, banking - otherwise known as 6201 to those who memorize SIC codes for fun - is adopting chatbots and assistants and favor ChatGPT, Grammarly, Gemini, and Microsoft CoPilot. Given the rapidity with which my own bank adopted generative AI - and named it "Adie" - I'm not surprised.
What's disappointing about these public facing chatbots is that they're little more than a natural language interface (NLI) to existing documentation and FAQs. They can't actually interact with my financial records, which would be useful, because that would require some serious AI engineer and data scientist skillsets.
Those skillsets are hard to find. Skillsets continue to be a top barrier to AI adoption, though it tends to rank lower than data immaturity. And sadly for my regional bank, even if they can find the talent, Dice tells us that nearly one-third (29%) of AI professionals prefer "big tech" over other industries. So upskilling is the way to go. But wait! Just over a third of technology professionals (the ones that probably built my digital banking experience) say they never use generative AI tools.
There is a long, long road ahead for AI. Just saying.
And it's going to get longer if folks don't take security seriously. Consider this finding from Orca's State of AI Security, in which 62% of organizations have deployed an AI package with at least one CVE. Ope! But hey, supply chain security is hard for any software, right?
The answer is "right". If you think otherwise, you should put a copy of ReversingLabs' State of Software Supply Chain Security 2024 on your plate and sit down. Because we aren't only talking about CVEs in open source packages. Oh, no, not at all. We're also talking about a significant number of secrets in those packages. You know, things like API and private keys used for encryption. Of the more than 31,000 secrets detected on npm, the majority (56%) were used to access Google services, whereas 9% were attributed to Amazon’s AWS cloud services. OpenAI accounted for the second-largest share of leaked secrets at 19% of the total.
I warned you to sit down.
Course, given Orca found that 45% of Amazon SageMaker buckets are using non randomized default bucket names, and 98% of organizations have not disabled the default root access for Amazon SageMaker notebook instances maybe sharing sharing secrets is not the worst security practice you could have.
Hey, Uncle Google, don't be giving Aunt Amazon that disapproving look! 98% of organizations using Google Vertex AI have not enabled encryption at rest for their self-managed encryption keys. And cousin HuggingFace has nothing to say about this, as 35% of the exposed access keys in that Orca reported belonged to them.
Argh! That's all the family I can take at this point! Imma gonna take my desert and hang out in another room until after the holidays.
Yes, that's right. The data factory that is Lori is done for the year. But I'll be back in January with fresh, new data - especially given that our annual research will be ready at that point.
Ya'll have a safe and tasty Thanksgiving. And I wish you all the blessings of the Christmas season and hope you enjoy some time off before we hit the ground running in a brand new year.
Until then, secure your secrets and take care!