CIO CIO

As new technologies emerge, security measures often trail behind, requiring time to catch up. This is particularly true for Generative AI, which presents several inherent security challenges. Here are some of the key risks related to AI that organizations need to bear in mind. 1. No Delete Button The absence of a “delete button” in Generative AI technologies poses a serious security threat. Once personal or sensitive data is used in prompts or incorporated into the training set of these models, recovering or removing it becomes a daunting task. A data leak into an AI model is not just a breach; it leaves a permanent imprint. Therefore, protecting data against such irreversible exposure is more critical than ever. 2. No Access Control The lack of access control in Generative AI presents significant security risks in business environments. Not only is it wise to control unsanctioned AI apps but also control access and usage based on who is using AI and how.  This is because once information is transformed into embeddings (numerical representations showing relationships between data points), those can only be accessed in their entirety or not at all. This absence of Role-Based Access Control (RBAC) makes all data vulnerable, given there are no guardrails for who can access data, creating hazards in settings where restricted, role-based access is essential. 3. No Control Plane Generative AI technology often fails to separate its control and data planes, a fundamental security practice established in the 1990s. This oversight blurs the lines between different types of data—such as foundation model data, app training data, and user prompts—treating them all as a single entity. This merging increases AI’s vulnerability, as malicious user interactions like prompt injections or data poisoning can compromise the AI’s core, creating a potential danger zone for security breaches. 4. Chat Interface Challenges The integration of chat interfaces has made Generative AI more accessible and user-friendly, prompting many companies to adopt them for improved customer interaction. However, this shift introduces challenges. Unlike controlled interfaces with limited Natural Language Processing capabilities, chat interfaces allow unlimited user inputs, which can include harmful content or misuse of resources. For instance, a Chevrolet dealership experienced unexpected responses from their chat interface when abused by web visitors, underscoring the need for careful management and oversight. 5. Silent Gen AI Enablement Organizations typically have three options for incorporating AI: creating their own solutions, purchasing new products, or relying on existing vendors with integrated AI. However, the latter can lead to issues, as the data processed by these authorized tools often remains unclear. This concern, already prevalent with general AI, has intensified with the rise of Generative AI, which poses higher risks. Recent controversies, such as those surrounding Zoom’s use of AI that could access and store sensitive information shared during Zoom sessions, or concerns about applications like Grammarly, highlight the need for transparency and control in how AI implements data privacy in business settings. 6. Lack of Transparency The absence of transparency in training data for AI models poses a major security risk. If data sources are not well understood, hidden biases may influence the model’s outputs, leading to false information or unintended outcomes. Moreover, a lack of transparency can jeopardize user privacy, as individuals may be unaware of how their data is being used or exposed. Balancing security, privacy, and openness remains a challenging aspect of AI advancement. 7. Supply Chain Poisoning Using Generative AI in code generation carries significant risks, especially if the training data contains vulnerable code or if the AI model is compromised. This can create considerable threats in the supply chain, particularly in critical tasks like autopilot systems or automated code production. The risk of duplicating vulnerabilities or introducing new ones can have serious consequences for the reliability and safety of technological systems, especially since current Generative AI models lack built-in safeguards against this. 8. Lack of Watermarking The absence of established watermarking guidelines in Generative AI poses a severe security risk, particularly regarding deepfake production. Without effective watermarking, distinguishing between real and artificially generated content becomes increasingly difficult, raising the likelihood of spreading false information. Zscaler is protecting enterprises from Gen AI Threats While Generative AI offers transformative potential, it also brings fundamental security risks that must be addressed to ensure safety and reliability in its application. Zscaler is a prime example of an advanced security vendor that approaches securing Generative AI from the lens of having strong data protection capabilities, implementing strict access controls, delivering advanced threat detection, and a true Zero Trust security architecture designed to minimize risks by assuming no user or device is inherently trusted.  To learn more, visit us here. source

00:00Hi, everybody! Welcome to DEMO, the show where companies showcase their latest products and platforms. Today, I’m joined by Gilad Shriki, co-founder of Descope, but he’s also known as Shriki. Hello, Shriki! 00:11Shriki: Hello. 00:12Welcome to the show! Tell me a little about Descope and what you’re going to be showing us today. 00:16Shriki: Thanks for having me! Descope is a customer identity and access management platform that provides app developers with an easy way to build login experiences and user journeys. 00:27So, you’re going to be showing me parts of the platform, which is also called Descope, correct? 00:32Shriki: Yes. 00:33How big of a problem is authentication in this market? Because every time I visit a new website, authentication is already in place, so I don’t really understand what’s happening behind the scenes. 00:43Shriki: It’s a big market and a big problem. There are still a lot of passwords in use. Some app developers prefer to build authentication themselves, while others choose to buy a service. We believe this market requires disruption, making it much easier to build, and that’s exactly what we’re doing. 01:01So, the problem you’re solving is primarily about speed — getting authentication up and running quickly — rather than developers building it themselves or using templates from existing authentication platforms, right? 01:14Shriki: Correct. So, it’s about speed but also about approach. We believe in low-code and no-code experiences for developers who want to set something up quickly, and that’s what we provide. 01:23Okay. If companies don’t use Descope, what are they doing instead? Are they just hand-coding authentication? 01:31Shriki: Yes, they often build it themselves, and sometimes they do it poorly. Other times, they use a different authentication provider, but there are only a few major players in this space. 01:40What makes Descope different from the competition? Why should everyone use it? 01:43Shriki: I think our approach to authentication, especially with the flows I’ll be demonstrating today, is a leader in the space. The ability to build and iterate on authentication without making changes to the application itself is a game-changer. 01:57All right, let’s dive into the demo! Show us some cool stuff. 02:01Shriki: Of course! What you see here is our platform, featuring dashboards and activity logs. But the most important part is the authentication methods. We support a wide variety of authentication options, including passwords — though we’re not fans of passwords, we still support them. Today, I’ll be demonstrating how to go passwordless. In just five to 10 minutes, I’ll show you how to add multiple authentication options that don’t rely on passwords. You’ll also see where users are managed — this is your user pool — and how we track user information. The real magic happens in the flows, which allow you to build and iterate authentication processes and user journeys. Let’s step into our sample application. This is a revenue management app we quickly spun up. You’ll see a basic login experience, which is powered by Descope. Right now, it’s rudimentary and basic, but it can be fully styled and customized. I’ll log in with my user account. Since I don’t have an account yet, I’ll sign up using a simple password. Now, you see that I need to verify my email. All of this is part of the flow — meaning the application itself isn’t aware of the verification process, and the developer didn’t have to code it manually. I’ll go ahead and retrieve the verification email, enter the OTP [one-time password], and now I’m in. 04:48Does this process come with a template, or would most developers be familiar with setting it up themselves? 04:55Shriki: Yes, we provide templates. In fact, what I’m showing now started as a template. I began with the password authentication template and am iterating on it. The cool part is that you can modify the experience. For example, when a user already exists, instead of just prompting them for a password, we can add an option to log in with a magic link. I’ll demonstrate that now by adding a “Log in with Magic Link” button. I’ll configure it to send a magic link via email. You can see how easily I connect the dots — this update automatically handles sending the email and verifying the user. Now, if I go back to my login page and enter my email, I see the new magic link option. Clicking it sends me an email with the magic link, which I can click to log in instantly. This process was faster to set up than it would take to edit this video! 08:35Are you seeing more social logins being used? If I’m an app developer and I don’t trust Google, can I switch to a different provider? 08:53Shriki: Yes! Discord, for example, is another popular option. It’s incredibly easy to add — we just drag and drop it. No need to modify the authentication flow, because it uses the same OAuth and OIDC protocols. All social logins are bundled together because they use the same method. If I log out and refresh, you’ll see Discord as a login option.If you need a different provider, we support custom social logins too. Anything that follows standard OAuth protocols can be added, with full icon and branding support. 09:51What’s the most popular authentication method right now? I see you’re wearing a “Kill the Password” shirt. 10:06Shriki: The trend is moving towards passwordless authentication. Social logins are widely used, but there’s also a growing shift toward passkeys. Passkeys are a strong authentication method that provide a great user experience. They use the biometrics of your device, allowing seamless authentication — even across devices. For example, if you create a passkey on your phone, you can still use it to log in on a desktop. 10:44With my email, I still have to use a long, complex password, then enter an authenticator code, and then use Face ID. That’s three steps! 11:04Shriki: Exactly! Passkeys eliminate the need for extra steps. They’re

Earlier this month, Cisco celebrated 40 years during its Cisco Live! event in Amsterdam. The San Jose-based company positions itself as a unique partner to provide solutions to the challenges of its customers, from the changing nature of the workplace to the revolution of AI and the need for digital resilience. In this context, as Oliver Tuszik, Cisco’s VP for EMEA, said, the changes they’ve faced over the decades gives the ability to not just survive but thrive. By achieving such an ambitious milestone, Fletcher Previn, the company’s CIO, added that the company’s culture-centric IT strategy has been key. “Culture is the only thing you really own about your company,” he says. “They can steal your technology, but not your philosophy.”  Structuring IT strategy On the basis of this organizational culture, Previn is in charge of fine-tuning a tactical and holistic IT plan, with the capacity to innovate and maintain resilience to face future uncertainties. And it’s all structured around three fundamental pillars, the first of which consists of the user experience. “This was one of the first changes I made when I took on the CIO role at Cisco,” he says. “I created a function that would report directly to me from our design and user experience department, which would give me information to integrate into the development teams.” In this way, he says, everything Cisco builds, from business applications to emails, goes through this channel. source

The realm of artificial intelligence, long a source of imaginative tales, has transitioned into a robust and evolving discipline. It’s emerging as a major catalyst for societal transformation. source

Artificial Intelligence (AI) is at a pivotal moment, as more businesses realize that the best place for their AI operations might not be the cloud, but on their own premises. The choice between on-premises AI––popularly known as private AI––and a cloud-based approach is now less about “if” and more about “when,” as companies recognize the benefits of a private AI infrastructure. Unlike a single product or vendor-driven solution, private AI is an architectural strategy—a way of thinking—that brings substantial advantages in cost, control, and flexibility. But let’s understand private AI for what it really is: not a one-size-fits-all product, but an architectural approach that optimizes an AI environment for an organization’s specific needs. Indeed, private AI isn’t a particular model or technology—it’s a strategy. It allows organizations to bring AI models to where their data lives instead of moving their data to the model, creating a powerful blend of efficiency, control, and compliance. Why is this approach valuable? For many companies, their data is core to their business, and they need full control over where it’s stored and how it’s used. Moving it to the cloud may raise privacy, compliance, and even security concerns. By keeping AI on-premises, however, businesses get to keep their data where it’s most protected and under their control. Cost Advantages of AI On-Premises One of the biggest advantages of private AI is its cost efficiency, which has made this approach a real standout. In the cloud, every AI interaction is metered and billed as tokens. This pay-as-you-go model might work for some scenarios, but for AI workloads, it creates an unpredictable cost structure that doesn’t always scale well. That can lead to budget challenges and the need to enforce hard caps on usage, which can then limit the value of an AI service. Imagine having to turn off usage two weeks into a month because of hitting a cost ceiling. When customers deploy private AI, they benefit from sharing GPU, network, and memory resources across applications. This kind of resource-sharing model offers a far more predictable and efficient cost structure, saving businesses from skyrocketing monthly bills. A consistent, predictable infrastructure cost allows organizations to better forecast AI spend and allocate resources where they’re truly needed. Our customers tell us that running their AI services on-premises has turned out to be anywhere from a third to one-fifth of the cost of cloud-based options. With an on-premises strategy, any optimization to the infrastructure directly benefits the company’s bottom line, not a cloud provider’s margins. This level of ownership and control over infrastructure savings is a compelling argument for private AI. Control Over the Full Stack Beyond cost, private AI enables a level of operational control that cloud-based solutions simply can’t match. Cloud providers offer a broad suite of services, but they’re often locked into a specific ecosystem, limiting an organization’s choices for hardware, models, and tools. With private AI, organizations aren’t bound by a single vendor’s roadmap. They can choose the best hardware for each workload, experiment with different models, and evolve their environment to meet their specific demands. Take, for example, AI workloads in industries like finance, government, or healthcare. These sectors are under heavy regulatory scrutiny and require rigorous data governance. Private AI allows these organizations to run AI models where their data is already compliant and secure, avoiding the potential risks and costs associated with moving sensitive data off-premises. When the model is close to the data, there’s no need to restructure or reconfigure that data to fit a third-party platform—a major advantage that allows organizations to deploy faster and more securely. Measurable Business Value with Private AI Private AI can also be a powerful tool for CXOs who are looking to maximize AI investments without getting swept up in the hype. In many organizations, there’s pressure to implement AI quickly, but there’s a real risk of pursuing short-term wins without considering long-term business value. One of the most effective ways to show immediate returns with AI on-premises is through measurable use cases where business impact is clear. In customer service, for instance, a company can measure the volume of cases closed per agent both before and after deploying an AI solution. These efficiency gains, sometimes in the range of 10% or more, are valuable, practical ways to demonstrate ROI. Private AI also helps businesses stay focused on measurable outcomes rather than AI for the sake of AI. It enables CXOs to lead with pragmatism, choosing use cases that bring immediate value. Take information retrieval as another example: A police department using AI to cross-reference cold case files can see weeks or months’ worth of human detective work condensed into hours with the help of an on-premises AI-powered chatbot that ingests, organizes, and provides rapid access to complex case information. Avoiding the Pitfalls of Technical Debt  When rolling out AI, adopting a platform-based approach is crucial. Companies that lock themselves into proprietary cloud ecosystems or vendor-specific solutions often face significant challenges down the line. Proprietary solutions may appear faster or easier initially, but they can create a “technical debt trap.” This happens when businesses can’t pivot to better models or technologies because their AI stack is tied to a specific vendor’s AI silo. By taking a modular, platform-based approach to AI on-premises, organizations are well-positioned to evolve as new models and technologies emerge. This platform flexibility is critical in an industry that’s moving as fast as AI is today. Instead of being saddled with outdated technology, a platform-based approach allows organizations to adopt the latest models, ensuring that their AI remains competitive and responsive to change. Imagine finishing rolling out a new AI service and in a matter of weeks having buyer’s remorse because something faster and more accurate was just released by another vendor or in open source. With a platform approach, you can quickly pivot to the latest and greatest at the speed of software. With private AI, it’s also much easier to manage the full stack, from hardware to applications,

Anders Brown, CEO of Tompkins Solutions, a systems integrator that has a partnership with Agility, says Agility, which has the manufacturing capacity to produce up to 10,000 robots a year, has deployed multiple Digit robots at various customer locations for production use as part of proof of concept or robot-as-a-service (RaaS) arrangements. “The key to truly scaling beyond initial deployments is having a collaboratively safe robot, which Agility has made a pledge to release in 2026,” Brown says. Tom Richer, CEO of AI consultancy Intelagen and a former CIO, pointed to Figure.AI robot, which has garnered significant attention and secured funding and a partnership with BMW for manufacturing applications. Along with xAI’s Optimus, Richer also noted AgiBot, a Chinese company that claims to have produced almost 1,000 units, and Boston Dynamics, whose humanoid robot Atlas has demonstrated impressive feats of movement and task execution, “but widespread deployment remains limited.” source

In PwC’s June 2024 Pulse Survey, 85% of technology, media, and telco executives reported they have the capability to execute business models and scale by leveraging these technologies. And 76% said they plan to use gen AI to ramp up those efforts. These innovations offer immense potential, says Dolen, but the complexity involved in realizing that potential means CIOs and other tech leaders have a prime opportunity to play a strategic role in rethinking business models and delivery strategies. It’s not just about adapting to disruption, but thriving in an era of evolving competition and customer expectations, he adds. Organizations will have to make potentially big bets because the winners are likely to be the organizations that successfully navigate decisions about adopting technologies, like AI agents, as soon as they become commercially viable. source

One challenge we’ve faced on this journey is language consistency. It might sound simple, but when different teams use different terms for the same capability or process, it creates confusion and slows us down. A few years ago, we created a working group to tackle this issue head-on. We brought together representatives from across the organization to agree on a common taxonomy for our data and capabilities.  It wasn’t easy. People asked, “Do we need to go back and update all our systems to reflect this new language?” The answer was no, but we did have to be consistent going forward. Now, when we talk about our products and services internally and externally, we’re speaking the same language. That consistency has made it easier to collaborate, market our offerings, and differentiate ourselves from competitors.  Being data-forward isn’t just about technology. It’s about aligning people, processes and purpose to drive meaningful outcomes. It’s about being willing to test hypotheses, learn from the results and continuously improve.  source