A buyer journey is a sales process from the perspective of the customer. It refers to the buyer’s mindset when identifying their problem, comparing possible solutions, and making a purchasing decision. By understanding the flow through this purchasing process, sellers can engage appropriately and with the important information buyers want and need to make a purchase. 1 Pipedrive CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Calendar, Collaboration Tools, Contact Management, and more 2 Creatio CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Dashboard, Document Management / Sharing, Email / Marketing Automation, and more 3 HubSpot CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees) Micro, Small, Medium, Large What is the buyer’s journey? The buyer’s journey is the process of a potential customer going from identifying a need to completing a purchase. Distinct buyer journey stages represent the customer’s mindset and decision-making process. An effective way to utilize sales software like a CRM system is to map out this process to create personalized and intentional content and triggers. Buyer journey mapping is a marketing and sales strategy that allows businesses to maintain a unified flow of information for sales reps that instructs them on how to engage with buyers depending on where they are in their journey. What are the 3 stages of the buyer’s journey? Regardless of your industry, both B2B and B2C selling strategies have three main stages in any buyer’s journey. The three stages of the buyer’s journey are awareness, consideration, and decision. These stages follow the buyer realizing their need, comparing potential options, and then choosing a solution. It’s important to have a clear understanding of the mindset of a buyer at each stage. This way, you can push content and nurture the lead appropriately to get them closer to the sale. Stage 1: Awareness The first stage of the customer buying journey is awareness. Awareness refers to when a buyer realizes they have a problem or a need. This is when a buyer begins to think about how this problem or need affects their life and how a solution could fix it. These phases might include basic research into other people’s experiences with this problem and potential solutions. To capture a buyer’s attention at this stage, I suggest avoiding coming off as too salesy. This isn’t the time to pitch your product directly. Instead, create resources and share information about the problem your solution solves. Examples of these resources include: Customer use cases: Highlighting real-world use cases on your website or social media can provide an unbiased look at the benefits and demonstrate the solution in action. Expert seminars: Hosting webinars with industry experts can position your company as a leader in the field and create opportunities for buyers to improve their skills. Knowledge bases: A public-facing knowledge base is a valuable resource that can assist buyers during the research portion of this first stage. Stage 2: Consideration The second stage of the buyer journey is consideration. Buyers in this stage are researching and comparing potential solutions more actively. A buyer is directly comparing your solution to your competitors at this point. They’re online looking at reviews, available pricing information, support packages, and more. At this point, buyers are more committed to remedying their problem. As a seller, I recommend expanding on their interest in your solution by providing newsletters, pricing transparency, and personalized touchpoints. Stage 3: Decision The third and final stage of the buyer journey is consideration. This is when a buyer is ready to make a purchasing decision. Buyers have considered price, real customer reviews, benefits, features, onboarding, and more. They know exactly what they want, and are ready to look ahead to implementation. This is when sellers need to close the deal. I suggest that you provide sales reps with documentation and training so they can practice handling objections and rebuttals. This preparation assures you are engaging the actual decision maker for the purchase and are prepared to answer any last-minute questions confidently. More about CRM Buyer vs customer journey While you might see the terms buyer journey and customer journey together, there is a difference between the two. A buyer journey focuses on the path a customer follows to complete a purchase, with the end goal being the sale. A customer journey can follow that same path but extends beyond the purchase and includes onboarding, support, and even customer retention. A buyer journey is meant to identify and obtain a customer, and a customer journey’s purpose is to retain and support those customers. Some key differences to help identify a buyer vs customer journey: Focus: A buyer journey requires a focus on the customer’s motivations and decision-making, while the customer journey focuses on their experience with the brand itself. Journey length: Since the buyer’s journey ends with a purchase, that timeline is much shorter. The customer journey is longer, including the customer’s lifetime journey with your brand. Buyer’s journey example To help demonstrate the different stages, I’ve compiled a B2B example of a buyer’s journey in the recruitment industry. The buyer is a potential staffing client who is looking for an employment agency to help fill a role. Awareness: The client realizes they need to hire a new employee to lead a big initiative for the company. The client will be the hiring manager and has been given an approved budget for the acquisition. Consideration: The client pitches this open position to various local staffing agencies. The client realizes they want someone immediately, and their timeline is pushed up. So they prioritize efficiency, skillset, and budget when selecting the best candidate. Decision: The client has interviewed four different agencies and is ready to select one. They

Microsoft’s January update contains patches for a record 159 vulnerabilities, including eight zero-day bugs, three of which attackers are already actively exploiting. The update is Microsoft’s largest ever and is notable also for including three bugs that the company said were discovered by an artificial intelligence (AI) platform.   Microsoft assessed 10 of the vulnerabilities disclosed this week as being of critical severity and the remaining ones as important bugs to fix. As always, the patches address vulnerabilities in a wide range of Microsoft technologies, including Windows OS, Microsoft Office, .NET, Azure, Kerberos, and Windows Hyper-V. They include more than 20 remote code execution (RCE) vulnerabilities, nearly the same number of elevation-of-privilege bugs, and an assortment of other denial-of-service flaws, security bypass issues, and spoofing and information disclosure vulnerabilities. Three Vulnerabilities to Patch Immediately Multiple security researchers pointed to the three actively exploited bugs in this month’s update as the vulnerabilities that need immediate attention. The vulnerabilities, identified as CVE-2025-21335, CVE-2025-21333, and CVE-2025-21334, are all privilege escalation issues in a component of the Windows Hyper-V’s NT Kernel. Attackers can exploit the bug relatively easily and with minimal permissions to gain system-level privileges on affected systems. Microsoft itself has assigned each of the three bugs a relatively moderate severity score of 7.8 out of 10 on the CVSS scale. But the fact that attackers are exploiting the bug already means organizations cannot afford to delay patching it. “Don’t be fooled by their relatively low CVSS scores of 7.8,” said Kev Breen, senior director threat research, Immersive Labs, in emailed comments. “Hyper-V is heavily embedded in modern Windows 11 operating systems and used for a range of security tasks.” Microsoft has not released any details on how attackers are exploiting the vulnerabilities. But it is likely that threat actors are using it to escalate privileges after they have gained initial access to a target environment, according to researchers. “Without proper safeguards, such vulnerabilities escalate to full guest-to-host takeovers, posing significant security risks across your virtual environment,” researchers at Automox wrote in a blog post this week. Five Publicly Disclosed but Not Yet Exploited Zero-Days The remaining five zero-days that Microsoft patched in its January update are all bugs that have been previously disclosed but which attackers have not exploited yet. Three of the bugs enable remote code execution and affect Microsoft Access: CVE-2025-21186 (CVSS:7.8/10), CVE-2025-21366 (CVSS: 7.8/10), and CVE-2025-21395. Microsoft credited AI-based vulnerability hunting platform Unpatched.ai for finding the bugs. “Automated vulnerability detection using AI has garnered a lot of attention recently, so it’s noteworthy to see this service being credited with finding bugs in Microsoft products,” Satnam Narang, senior staff research engineer for Tenable, wrote in emailed comments. “It may be the first of many in 2025.” The other two publicly disclosed but as yet unexploited zero-days in Microsoft’s January security update are CVE-2025-21275 (CVSS: 7.8/10) in Windows App Package Installer and CVE-2025-21308 in Windows Themes. Both enable privilege escalation to SYSTEM and therefore are high-priority bugs for fixing as well. Other Critical Vulns In addition to the zero-days there are several other vulnerabilities in the latest batch that also merit high-priority attention. Near the top of the list are three CVEs to which Microsoft has assigned near maximum CVSS scores of 9.8 out of 10: CVE-2025-21311 in Windows NTLMv1 on multiple Windows versions; CVE-2025-21307, an unauthenticated RCE flaw in Windows Reliable Multicast Transport Driver; and CVE-2025-21298, an arbitrary code execution vulnerability in Windows OLE. According to Ben Hopkins, cybersecurity engineer at Immersive Labs, Microsoft likely rated CVE-2025-21311 as critical because of the potentially severe risk it presents. “What makes this vulnerability so impactful is the fact that it is remotely exploitable, so attackers can reach the compromised machine(s) over the Internet,” he wrote in emailed comments. “The attacker does not need significant knowledge or skills to achieve repeatable success with the same payload across any vulnerable component.” CVE-2025-21307, meanwhile, is a use-after-free memory corruption bug that affects organizations using the Pragmatic General Multicast (PGM) multicast transport protocol. In such an environment, an unauthenticated attacker only needs to send a malicious packet to the server to trigger the vulnerability, Ben McCarthy, lead cybersecurity engineer at Immersive Labs, wrote in emailed comments. Attackers who successfully attack the vulnerability can gain kernel-level access to affected systems, meaning organizations using the protocol need to apply Microsoft’s patch for the flaw immediately, McCarthy added. Tyler Reguly, associated director of security R&D at Fortra, described CVE-2025-21298 — the third 9.8 severity bug — as an RCE flaw that an attacker would likely exploit via email rather than over the network. “The Microsoft Outlook preview pane is a valid attack vector, which lends itself to calling this a remote attack. Consider reading all emails in plaintext to avoid vulnerabilities like this one,” he noted in emailed comments. Microsoft’s January 2025 update is in stark contrast to January 2024’s update when the company disclosed just 49 CVEs. According to data from Automox, the company issued patches for 150 CVEs in April 2024, and for 142 in July. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Cerebras Systems has teamed with Mayo Clinic to create an AI genomic foundation model that predicts the best medical treatments for people with reheumatoid arthritis. It could also be useful in predicting the best treatment for people with cancer and cardiovascular disease, said Andrew Feldman, CEO of Cerebras Systems, in an interview with GamesBeat. Mayo Clinic, in collaboration with Cerebras Systems, announced significant progress in developing artificial intelligence tools to advance patient care, today at the JP Morgan Healthcare Conference in San Francisco. As part of Mayo Clinic’s commitment to transforming healthcare, the institution has led the development of a world-class genomic foundation model, designed to support physicians and patients. Like Nvidia and other semiconductor companies, Cerebras is focused on AI supercomputing. But its approach is much different from Nvidia’s, which relies on individual AI processors. Cerebras Systems designs an entire wafer — with many chips on a single wafer of silicon — that collectively solve big AI problems and other computing tasks with much lower power consumption. Feldman said it took tens of such systems to compute the genomic foundation model over months of time. Still, that was far less time, effort, power and cost than traditional computing solutions, he said. PitchBook recently predicted that Cerebras would have an IPO in 2025. Cerebras Systems’ calculations can determine which treatment will work on a given patient with rheumatoid arthritis. Building on Mayo Clinic’s leadership in precision medicine, the model is designed to improve diagnostics and personalize treatment selection, with an initial focus on Rheumatoid Arthritis (RA). RA treatment presents a significant clinical challenge, often requiring multiple attempts to find effective medications for individual patients. Traditional approaches examining single genetic markers have shown limited success in predicting treatment response. The joint team’s genomic model was trained by mixing publicly available human reference genome data with Mayo’s comprehensive patient exome data. The human reference genome is a digital DNA sequence representing a composite, “idealized” version of the human genome. It serves as a standard framework against which individual human genomes can be compared, enabling researchers to identify genetic variations. In contrast to models trained exclusively on human reference genome, Mayo’s genomic foundation model demonstrates significantly better results on genomic variant classification because it was trained on data sourced from 500 Mayo Clinic patients. As more patient data is incorporated into training, the team expects continuous improvement in model quality. The team designed new benchmarks to evaluate the model’s clinically relevant capabilities, such as detecting specific medical conditions from DNA data, addressing a gap in publicly available benchmarks, which focus primarily on identifying structural elements like regulatory or functional regions. Cerebras Systems said its AI prediction for treatment is highly accurate. The Mayo Clinic Genomic Foundation Model demonstrates state-of-the-art accuracy in several key areas: 68-100% accuracy in RA benchmarks, 96% accuracy in cancer predisposing prediction, and 83% accuracy in cardiovascular phenotype prediction. These capabilities align to Mayo Clinic’s vision of delivering world leading healthcare through AI technology. More testing will need to be done to verify the results, Feldman said. “Mayo Clinic is committed to using the most advanced AI technology to train models that will fundamentally transform healthcare,” Matthew Callstrom, Mayo Clinic’s medical director for strategy and chair of radiology, in a statement. “Our collaboration with Cerebras enabled us to create a state-of-the-art AI model for genomics. In less than a year, we’ve developed promising AI tools that will help our physicians make more informed decisions based on genomic data.” “Mayo’s genomic foundation model sets a new bar for genomic models, excelling not only in standard tasks like predicting functional and regulatory properties of DNA but also enabling discoveries of complex correlations between genetic variants and medical conditions,” said Natalia Vassilieva, field CTO at Cerebras Systems, in a statement. “Unlike current approaches focused on single-variant associations, this model enables the discovery of connections where collections of variants contribute to a particular condition.” Cerebras Systems can parse the meaning of mutations. The rapid development of these models – typically a multi-year endeavor – was accelerated by training Mayo Clinic’s custom models on the Cerebras AI platform. The Mayo Genomic Foundation Model represents significant steps toward enhancing clinical decision support and advancing precision medicine. Cerebras’ flagship product is the CS-3, a system powered by the Wafer-Scale Engine-3. Advancing AI for chest X-rays Separately, Mayo Clinic today unveiled separate groundbreaking collaborations with Microsoft Research and with Cerebras Systems in the field of generative artificial intelligence (AI), designed to personalize patient care, significantly accelerate diagnostic time and improve accuracy. Announced during the J.P. Morgan Healthcare Conference, the projects focus on developing and testing foundation models customized for various applications, leveraging the power of multimodal radiology images and data (including CT scans and MRIs) with Microsoft Research and genomic sequencing data with Cerebras. The innovations have the potential to transform how clinicians approach diagnosis and treatment, ultimately leading to better patient outcomes.  Foundation AI models are large, pre-trained models capable of adapting to and carrying out many tasks with minimal extra training. They learn from massive datasets, acquiring general knowledge that can be used across diverse applications. This adaptability makes them efficient and versatile building blocks for numerous AI systems. Mayo Clinic and Microsoft Research are collaboratively developing foundation models that integrate text and images. For this use case, Mayo and Microsoft Research are working together to explore the use of generative AI in radiology using Microsoft Research’s AI technology and Mayo Clinic’s X-ray data. Empowering clinicians with instant access to the information they need is at the heart of this research project. Mayo Clinic aims to develop a model that can automatically generate reports, evaluate tube and line placement in chest X-rays, and detect changes from prior images. This proof-of-concept model seeks to improve clinician workflow and patient care by providing a more efficient and comprehensive analysis of radiographic images. The Mayo Clinic has 76,000 people

Businesses everywhere face pressures to enhance their security postures as cyberattacks across sectors rise. Even so, many organizations have been hesitant to invest in cybersecurity for a variety of reasons such as budget constraints and operational issues. The EU’s new Network and Information Security Directive (NIS2) confronts this hesitancy head on by making it mandatory for companies in Europe – and those doing business with Europe – to invest in cybersecurity and prioritize it regardless of budgets and team structures.   What Is NIS2?  The first NIS Directive was implemented in 2016, which was the EU’s endeavor to unify cybersecurity strategies across member states. In 2023, the commission introduced the NIS2 Directive, a set of revisions to the original NIS. Each member state was required to implement the NIS2 recommendations into their own national legal systems by October 17, 2024.  The original NIS focused on improving cybersecurity for several sectors, such as banking and finance, energy and healthcare. NIS2 expands that scope to other entities, including digital services, such as domain name system (DNS) service providers, top-level domain (TLD) name registries, social networking platforms and data centers, along with manufacturing of critical products, such as pharmaceuticals, medical devices and chemicals; postal and courier services; and wastewater and waste management.  Related:What Does Biden’s New Executive Order Mean for Cybersecurity? Organizations in these industries are now required to implement more robust cyber risk management practices like incident reporting, risk analysis and auditing, resilience/business continuity and supply chain security. For example, member states must ensure TLD name registries and domain registration services collect accurate and complete registration data in a dedicated database. The new regulations also strengthen supervision and enforcement mechanisms, requiring national authorities to monitor compliance, investigate incidents and impose penalties for non-compliance.  The goal of these new measures is to ensure the stability of society’s infrastructure in the face of cyber threats. Entities in the EU will benefit from adopting these security measures over the long run, better preventing a devastating cyberattack. In doing so, they will also avoid the NIS2 penalties, which are significantly more punitive and clearly defined than those created under the original directive.   Impact on Organizations  Much like how the European Union’s General Data Protection Regulation (GDPR) reset the standard for privacy globally, NIS2 sets clear requirements for businesses to establish stronger security defenses, but not without a cost. Failing to comply can lead to severe financial penalties and legal implications.   Related:Microsoft Rings in 2025 With Record Security Update The official launch of NIS2 in October was met with mixed reactions. While some organizations could testify, they had been preparing all along, many others had left NIS2 on the backburner. In addition, as a result of the new sectors covered by NIS2, there were businesses that did not initially believe they would be impacted and therefore had not laid their own groundwork.   All this said, it will be interesting to see how penalty enforcement plays out in 2025. If organizations don’t demonstrate compliance early in the new year, or at least show progress toward becoming compliant, I predict we will start to see consequences, though it may be too soon to tell which sectors will face them first.  To those still grappling with NIS2 implementation, it may understandably seem like a daunting task, but it does not have to be. Here are three actions organizations can take today to ensure a more seamless NIS2 implementation:   1. Evaluate your business partners.  NIS2 is not just about strengthening one business’ security; It also demands businesses thoroughly evaluate every entity they engage with in their supply chain. A chain is only as strong as its weakest link, and the same can be said for businesses and their partners’ security postures. It is essential for organizations to audit their partners to ensure every entity they do business with meets NIS2 requirements. Evaluating any security gaps now can help to avoid overlooked issues down the road.   Related:How CISOs Can Build a Disaster Recovery Skillset 2. Consolidate your domains.  We have heard anecdotally that some businesses are not fully aware of their domain registrars or who is responsible for managing and securing the domains within their organization. This lapse in knowledge creates more than siloed work environments; it can cause major repercussions when it comes to secure domain management and NIS2 compliance. Taking a more consistent, consolidated approach to managing and securing domains helps strengthen an organization’s overall domain security and checks one more task off the team’s compliance checklist.   3. Stay security-minded, organization-wide.  With new NIS2 requirements, businesses must report cybersecurity incidents within 24 hours. This demand requires an organization-wide culture shift to a more security-minded approach to the way they do business. For example, businesses may need to evaluate what cybersecurity protocols they have in place to secure the way they interact with their customers and their supply chain. Without security being top-of-mind, businesses may miss NIS2 requirements that could lead to revenue loss, loss of customers and even dents in their reputation. This shift doesn’t happen overnight but working with partners that are security-minded helps organizations stay a step ahead in their security.  As cybercriminals become more elusive in targeting reputable organizations, and as global geopolitical tensions leave many companies in the crossfires of nation-state attacks, adhering to NIS2 standards becomes all the more critical. These three strategies are guiding principles for organizations to contribute to a safer, more secure enterprise environment in Europe and around the world.   source

“More so than any previous platform shift, every layer of the application stack will be impacted. It’s akin to GUI, internet servers, and cloud-native databases all being introduced into the app stack simultaneously. Thirty years of change is being compressed into three years,” Nadella said. “This is leading to a new AI-first app stack — one with new UI/UX [user interface/user experience] patterns, runtimes to build with agents, orchestrate multiple agents, and a reimagined management and observability layer. In this world, Azure must become the infrastructure for AI, while we build our AI platform and developer tools — spanning Azure AI Foundry, GitHub, and VS Code — on top of it.” Info-Tech’s Brunet said part of the challenge with Microsoft is that they offer so many different options, many overlapping, that “it can feel like a very fragmented offering that can be very confusing. They are trying to make their infrastructure and offerings feel less fragmented.” He said that he sees this as Microsoft’s way of leveraging the Azure cloud “to make it easier to stitch their pieces together.” source

There is a frequent, critical gap in AI adoption strategies that must be addressed: the ongoing human consequences of AI adoption. Employees are constantly being flooded with articles, news, and information about AI-driven job displacement, fueling fear, uncertainty, and resistance to AI adoption. These fears are not baseless. The rapid adoption and high cost of AI implementation mean that many IT leaders have had to look critically at their resourcing strategies to make room for AI integration. We see many AI-displaced roles as software developers and hardware engineers. Failure to manage these personnel consequences ethically will foster an atmosphere of distrust and apprehension, hindering the success of AI initiatives. To mitigate the emotional and reputational damage that can be caused by ineffective AI implementation, IT leaders must prioritize transparency and proactive communication regarding long-term placement strategies, upskilling opportunities, retirement plans, and exit packages. 1. Alleviate employees’ uncertainty with transparent communication This trust dilemma has directly affected AI strategies, with 39% of respondents in a Gartner survey citing “lack of trust” as one of their top three challenges to AI implementation. IT leaders are no exception to this, as their teams often resist AI adoption and question its perceived value. To overcome these fears and support key business goals, IT leaders should lead with transparent communication; this approach is paramount in navigating the human consequences of AI adoption. The key here is to share these plans openly with employees and explain their value in three ways: better, faster, and cheaper. Ideally, this initial communication about which tasks AI will replace, IT leaders must do during IT town halls, office hours with leadership, or other specific face-to-face meetings. Employees must have opportunities to discuss how these changes will affect their specific roles rather than receiving impersonal updates through email or newsletters. By providing clarity on purpose and matching that with timelines, expectations, and support mechanisms, leaders can alleviate uncertainty and foster employee trust. Transparency also enables individuals to prepare themselves mentally and professionally for upcoming changes. It is critical to notify employees as early as possible, giving them ample time to plan their next transition steps — whether that involves upskilling, reskilling, or retiring. This approach mitigates resistance and facilitates smoother transitions. 2. Address employees’ emotional responses directly Even if communicating transparently builds trust — or at least fosters understanding — it won’t necessarily guarantee employees’ buy-in and participation; in fact, such openness will almost certainly elicit strong emotional responses. IT leaders must be prepared to directly address concerns. Effectively managing emotional responses to AI adoption requires proactive engagement and empathetic leadership. All communication should be bidirectional, allowing employees to share feedback, which should then be relayed to implementation teams. Plans should be refactored as necessary. Leaders should actively listen to employees and demonstrate empathy and understanding by customizing communications to address each employee’s unique concerns. Common fears expressed by IT personnel typically fall into three categories: fear of change, fear of displacement, and fear of the unknown. All three fears can be debilitating for employee productivity, change management, and effective AI deployment. IT leaders must provide clear guidance on how the IT organization — and the business at large — will support employees even in the event of displacement. Addressing these emotional responses involves providing tailored support and resources to help employees cope with change. This may include working with HR to determine how the organization can offer counseling services, facilitate peer support groups, or organize workshops on stress management and resilience. 3. Provide pathways for upskilling, placement, or retirement It’s imperative for IT leaders to prioritize the well-being and professional development of affected employees by offering clear pathways for upskilling, placement, or retirement. IT leaders must not do this work alone — the HR department can help decide how to deal with the impacts of AI adoption. For instance, HR can assist with overcoming budget constraints, adopting existing initiatives, navigating labor law issues, and more. DOWNLOAD: Our AI Quick Glossary from TechRepublic Premium Investing in comprehensive upskilling programs tailored to emerging technologies and roles can also empower employees to adapt to the changing demands of the industry. In fact, talent outcomes from AI-related training include significant percentage increases in engagement capital, discretionary effort, and enterprise contribution from employees. These programs should offer training in AI technologies, prompt engineering, or other areas where employees can leverage or enhance their existing skills. By fostering a continuous learning and development culture, IT leaders can equip employees with tools to succeed in new roles while demonstrating a commitment to their professional growth. For employees uninterested in upskilling or transitioning into new roles, providing pathways for placement within or outside the organization can provide alternative opportunities. For employees who choose against upskilling and are nearing the end of their careers, offering early retirement support and planning services is crucial for ensuring a smooth transition into retirement. Overall, navigating the transition brought about by AI integration in IT operations requires a proactive and compassionate approach to supporting employees through change. Leading with honesty and clarity will reduce AI resistance, improve the emotional well-being of the workforce, and potentially solve some of the long-term talent-sourcing challenges that IT leaders struggle to overcome. Autumn Stanish, Director Analyst with Gartner’s Digital Workplace I&O groupImage: Gartner Autumn Stanish is a Director Analyst with Gartner in the Digital Workplace I&O group. Her research addresses IT sustainability and the role of I&O in corporate ESG initiatives. In addition to sustainability, she also supports IT leaders with employee device trends and procurement strategies, including DEX tools, persona creation, lifecycle planning, and vendor selection. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More In our rush to understand and relate to AI, we have fallen into a seductive trap: Attributing human characteristics to these robust but fundamentally non-human systems. This anthropomorphizing of AI is not just a harmless quirk of human nature — it is becoming an increasingly dangerous tendency that might cloud our judgment in critical ways. Business leaders are comparing AI learning to human education to justify training practices to lawmakers crafting policies based on flawed human-AI analogies. This tendency to humanize AI might inappropriately shape crucial decisions across industries and regulatory frameworks. Viewing AI through a human lens in business has led companies to overestimate AI capabilities or underestimate the need for human oversight, sometimes with costly consequences. The stakes are particularly high in copyright law, where anthropomorphic thinking has led to problematic comparisons between human learning and AI training. The language trap Listen to how we talk about AI: We say it “learns,” “thinks,” “understands” and even “creates.” These human terms feel natural, but they are misleading. When we say an AI model “learns,” it is not gaining understanding like a human student. Instead, it performs complex statistical analyses on vast amounts of data, adjusting weights and parameters in its neural networks based on mathematical principles. There is no comprehension, eureka moment, spark of creativity or actual understanding — just increasingly sophisticated pattern matching. This linguistic sleight of hand is more than merely semantic. As noted in the paper, Generative AI’s Illusory Case for Fair Use: “The use of anthropomorphic language to describe the development and functioning of AI models is distorting because it suggests that once trained, the model operates independently of the content of the works on which it has trained.” This confusion has real consequences, mainly when it influences legal and policy decisions. The cognitive disconnect Perhaps the most dangerous aspect of anthropomorphizing AI is how it masks the fundamental differences between human and machine intelligence. While some AI systems excel at specific types of reasoning and analytical tasks, the large language models (LLMs) that dominate today’s AI discourse — and that we focus on here — operate through sophisticated pattern recognition. These systems process vast amounts of data, identifying and learning statistical relationships between words, phrases, images and other inputs to predict what should come next in a sequence. When we say they “learn,” we’re describing a process of mathematical optimization that helps them make increasingly accurate predictions based on their training data. Consider this striking example from research by Berglund and his colleagues: A model trained on materials stating “A is equal to B” often cannot reason, as a human would, to conclude that “B is equal to A.” If an AI learns that Valentina Tereshkova was the first woman in space, it might correctly answer “Who was Valentina Tereshkova?” but struggle with “Who was the first woman in space?” This limitation reveals the fundamental difference between pattern recognition and true reasoning — between predicting likely sequences of words and understanding their meaning. The copyright conundrum This anthropomorphic bias has particularly troubling implications in the ongoing debate about AI and copyright. Microsoft CEO Satya Nadella recently compared AI training to human learning, suggesting that AI should be able to do the same if humans can learn from books without copyright implications. This comparison perfectly illustrates the danger of anthropomorphic thinking in discussions about ethical and responsible AI. Some argue that this analogy needs to be revised to understand human learning and AI training. When humans read books, we do not make copies of them — we understand and internalize concepts. AI systems, on the other hand, must make actual copies of works — often obtained without permission or payment — encode them into their architecture and maintain these encoded versions to function. The works don’t disappear after “learning,” as AI companies often claim; they remain embedded in the system’s neural networks. The business blind spot Anthropomorphizing AI creates dangerous blind spots in business decision-making beyond simple operational inefficiencies. When executives and decision-makers think of AI as “creative” or “intelligent” in human terms, it can lead to a cascade of risky assumptions and potential legal liabilities. Overestimating AI capabilities One critical area where anthropomorphizing creates risk is content generation and copyright compliance. When businesses view AI as capable of “learning” like humans, they might incorrectly assume that AI-generated content is automatically free from copyright concerns. This misunderstanding can lead companies to: Deploy AI systems that inadvertently reproduce copyrighted material, exposing the business to infringement claims Fail to implement proper content filtering and oversight mechanisms Assume incorrectly that AI can reliably distinguish between public domain and copyrighted material Underestimate the need for human review in content generation processes The cross-border compliance blind spot The anthropomorphic bias in AI creates dangers when we consider cross-border compliance. As explained by Daniel Gervais, Haralambos Marmanis, Noam Shemtov, and Catherine Zaller Rowland in “The Heart of the Matter: Copyright, AI Training, and LLMs,” copyright law operates on strict territorial principles, with each jurisdiction maintaining its own rules about what constitutes infringement and what exceptions apply. This territorial nature of copyright law creates a complex web of potential liability. Companies might mistakenly assume their AI systems can freely “learn” from copyrighted materials across jurisdictions, failing to recognize that training activities that are legal in one country may constitute infringement in another. The EU has recognized this risk in its AI Act, particularly through Recital 106, which requires any general-purpose AI model offered in the EU to comply with EU copyright law regarding training data, regardless of where that training occurred. This matters because anthropomorphizing AI’s capabilities can lead companies to underestimate or misunderstand their legal obligations across borders. The comfortable fiction of AI “learning” like humans obscures the reality that AI training involves complex copying and storage operations that trigger different legal obligations in other jurisdictions. This fundamental misunderstanding of AI’s

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Google’s Gemini AI has quietly upended the AI landscape, achieving a milestone few thought possible: The simultaneous processing of multiple visual streams in real time. This breakthrough — which allows Gemini to not only watch live video feeds but also to analyze static images simultaneously — wasn’t unveiled through Google’s flagship platforms. Instead, it emerged from an experimental application called “AnyChat.” This unanticipated leap underscores the untapped potential of Gemini’s architecture, pushing the boundaries of AI’s ability to handle complex, multi-modal interactions. For years, AI platforms have been restricted to managing either live video streams or static photos, but never both at once. With AnyChat, that barrier has been decisively broken. “Even Gemini’s paid service can’t do this yet,” Ahsen Khaliq, machine learning (ML) lead at Gradio and the creator of AnyChat, said in an exclusive interview with VentureBeat. “You can now have a real conversation with AI while it processes both your live video feed and any images you want to share.” A Gradio team member demonstrates Gemini AI’s new capability to process real-time video alongside static images during a voice chat session, showcasing the potential for multi-stream visual processing in artificial intelligence. (credit: x.com / @freddy_alfonso_) How Google’s Gemini is quietly redefining AI vision The technical achievement behind Gemini’s multi-stream capability lies in its advanced neural architecture — an infrastructure that AnyChat skillfully exploits to process multiple visual inputs without sacrificing performance. This capability already exists in Gemini’s API, but it has not been made available in Google’s official applications for end users. In contrast, the computational demands of many AI platforms, including ChatGPT, limit them to single-stream processing. For example, ChatGPT currently disables live video streaming when an image is uploaded. Even handling one video feed can strain resources, let alone when combining it with static image analysis. The potential applications of this breakthrough are as transformative as they are immediate. Students can now point their camera at a calculus problem while showing Gemini a textbook for step-by-step guidance. Artists can share works-in-progress alongside reference images, receiving nuanced, real-time feedback on composition and technique. The interface of Gemini Chat, an experimental platform leveraging Google’s Gemini AI for real-time audio, video streaming and simultaneous image processing, showcasing its potential for advanced AI applications. (Credit: Hugging Face / Gradio) The technology behind Gemini’s multi-stream AI breakthrough What makes AnyChat’s achievement remarkable is not just the technology itself but the way it circumvents the limitations of Gemini’s official deployment. This breakthrough was made possible through specialized allowances from Google’s Gemini API, enabling AnyChat to access functionality that remains absent in Google’s own platforms. Using these expanded permissions, AnyChat optimizes Gemini’s attention mechanisms to track and analyze multiple visual inputs simultaneously — all while maintaining conversational coherence. Developers can easily replicate this capability using a few lines of code, as demonstrated by AnyChat’s use of Gradio, an open-source platform for building ML interfaces. For example, developers can launch their own Gemini-powered video chat platform with image upload support using the following code snippet: A simple Gradio code snippet allows developers to create a Gemini-powered interface that supports simultaneous video streaming and image uploads, showcasing the accessibility of advanced AI tools.(Credit: Hugging Face / Gradio) This simplicity highlights how AnyChat isn’t just a demonstration of Gemini’s potential, but a toolkit for developers looking to build custom vision-enabled AI applications. “The real-time video feature in Google AI Studio can’t handle uploaded images during streaming,” Khaliq told VentureBeat. “No other platform has implemented this kind of simultaneous processing right now.” The experimental app that unlocked Gemini’s hidden capabilities AnyChat’s success wasn’t a simple accident. The platform’s developers worked closely with Gemini’s technical architecture to expand its limits. By doing so, they revealed a side of Gemini that even Google’s official tools haven’t yet explored. This experimental approach allowed AnyChat to handle simultaneous streams of live video and static images, essentially breaking the “single-stream barrier.” The result is a platform that feels more dynamic, intuitive and capable of handling real-world use cases much more effectively than its competitors. Why simultaneous visual processing is a game-changer The implications of Gemini’s new capabilities stretch far beyond creative tools and casual AI interactions. Imagine a medical professional showing an AI both live patient symptoms and historical diagnostic scans at the same time. Engineers could compare real-time equipment performance against technical schematics, receiving instant feedback. Quality control teams could match production line output against reference standards with unprecedented accuracy and efficiency. In education, the potential is transformative. Students can use Gemini in real-time to analyze textbooks while working on practice problems, receiving context-aware support that bridges the gap between static and dynamic learning environments. For artists and designers, the ability to showcase multiple visual inputs simultaneously opens up new avenues for creative collaboration and feedback. What AnyChat’s success means for the future of AI innovation For now, AnyChat remains an experimental developer platform, operating with expanded rate limits granted by Gemini’s developers. Yet, its success proves that simultaneous, multi-stream AI vision is no longer a distant aspiration — it’s a present reality, ready for large-scale adoption. AnyChat’s emergence raises provocative questions. Why hasn’t Gemini’s official rollout included this capability? Is it an oversight, a deliberate choice in resource allocation, or an indication that smaller, more agile developers are driving the next wave of innovation? As the AI race accelerates, the lesson of AnyChat is clear: The most significant advances may not always come from the sprawling research labs of tech giants. Instead, they may originate from independent developers who see potential in existing technologies — and dare to push them further. With Gemini’s groundbreaking architecture now proven capable of multi-stream processing, the stage is set for a new era of AI applications. Whether Google will fold this capability into its official platforms remains uncertain. One thing is clear, however: The gap between what AI can do and what it

You hear this mantra in cybersecurity over and over again: It’s not if, it’s when. Data breaches, ransomware attacks, and all manner of incidents abound, it seems like disaster lurks around every corner. The prevalence of these incidents has shifted the CISO’s emphasis from prevention to resilience. Yes, even the most prepared enterprises can still get hit. What matters is how they bounce back.   Today’s CISO role has disaster recovery baked into the job description. How can they cultivate that skillset and use it to guide their organizations through the fallout of a major cybersecurity incident?   Defining Critical Disaster Recovery Skills  Disaster recovery has become an essential part of the CISO role. “In cybersecurity, we live in the world of incidents, whether it’s someone clicking on a phish or someone plugging in a USB drive, or someone who’s conducted fraud against your company,” Ross Young, CISO in residence at venture capital fund Team8, tells InformationWeek.   Incident response and disaster recovery go hand in hand. “Some of the best CISOs are some of the best understanders of disaster recovery efforts and apply those in their own security response plans,” says Matt Hillary, CISO at compliance automation platform Drata.   Effective disaster recovery requires both technical skills and human skills.   Related:What Does Biden’s New Executive Order Mean for Cybersecurity? On the technical side, CISOs must understand how each part of the technology stack is used in their organizations and how that technology impacts the CIA triad: confidentiality, integrity, and availability.   “A lot of that technical work is going to be driven down to the engineering level. Ideally, the CISO will have done the right work to bring in the right talent and drive the technical remediation,” says Marshall Erwin, CISO at Fastly, a cloud computing services company.   CISOs also need to be able to put themselves in the mindset of attackers to understand their goals and what they could be doing once inside the network. “You can say, ‘Team, here’s where we need to be looking, here’s where we need to point our lens and our forensic skills to identify what an attacker did to be able to make sure that we kicked them out and have cleaned up our internal network,’” says Erwin.   But human skills are equally important. CISOs need to be able to communicate effectively across multiple teams and with C-suite peers to lead an effective response.   “What you feel you need to do from a security investigative perspective might be the opposite from [what] business resilience … folks want to take,” says Mandy Andress, CISO at Elastic, an AI search company. “How do you navigate, communicate, and find the … compromises.”   Related:3 Strategies For a Seamless EU NIS2 Implementation A lot of that work is best done in advance of an actual incident. CISOs can add their voice to disaster recovery plans to ensure the security perspective is in place before an attacker gets inside.   In the heat of a cybersecurity disaster, CISOs also have a responsibility to their team. They need skills to get them through the incident response process.   “It seems like every incident I’ve ever seen, it always happens on a Saturday when everybody’s at their kid’s baseball game or something else. It’s the most inconvenient time possible. How do you keep the positive moral?” says Young.   Remaining calm and decisive in the midst of a stressful situation that can last days, weeks, or even months is necessary and not without its challenges. “I think there is a lot of bravado sometimes in … the security community,” says Hillary. “I don’t know if it’s a mask or if it’s something else that leads us to not being as human as we need to be. And so just to continue to be humble, teachable, and learn throughout that incident.”  Cultivating Disaster Recovery Skills   While people may have different career paths that lead them to the CISO role, they’ve most likely worked through cybersecurity incidents along the way.   Related:Microsoft Rings in 2025 With Record Security Update “Incidents are frequent enough that you’re going to have that experience at some point in your career and develop that expertise organically,” says Erwin.   While trial by fire is an excellent teacher, there are other ways that CISOs can shore up their disaster response and recovery toolboxes. Industry conferences, for example, can offer valuable training.   “When I was the CISO of Caterpillar Financial, I went to FS-ISAC [Financial Services-Information Sharing and Analysis Center], and they had a CISO conference where they did tabletop exercises simulating an insider threat,” Young shares.   CISOs can lead their own tabletop exercises at their enterprises to better understand the holes in their incident response plans and areas where they need to strengthen their own skills.   Other leaders within an organization can be valuable resources for CISOs looking to cultivate these skills. “One of my closest peers that I usually … go to is someone who’s over on the infrastructure team,” says Hillary. “Any kind of disaster impact or availability incident that they experience on their end, they have a plan for, they have a really good, well-exercised muscle within the organization to recover.”  CISOs can also look outside of their organizations for ways to sharpen their skills. Hillary shares that he always looks at other breaches and outages. “I usually ask myself two questions. How do I know that this same vector isn’t being used against my company right now? How do I know this same incident that this other company is experiencing can’t happen to us?” he says. “So, it helps drive a lot of preventative measures.”  Navigating Disaster  In a world of third-party risk, human error, and motivated threat actors, even the best prepared CISOs cannot always shield their enterprises from all cybersecurity incidents. When disaster strikes, how can they put their skills to work?    “It is an opportunity for the CISO to step in and lead,” says Erwin. “That’s the most critical thing a CISO is going to do in those incidents, and if

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Last year, Cognition started the AI agent wave with a product called Devin — the world’s first AI engineer. The offering was under wraps for several months, but now it’s generally available and learning new chops very quickly. Case in point: the Scott Wu-led startup has just released Devin 1.2, which brings a bunch of new capabilities to take the AI engineer’s ability to handle entire development projects to a whole new level. The biggest highlight of Devin 1.2 is its improved in-context reasoning, which makes the agent better at handling and reusing code. It also includes the ability to take voice messages via Slack, which gives users a more seamless way to tell Devin what it has to do. The development comes at a time when AI-powered agents are being touted as the future of modern work. Experts believe that there will soon be a time when humans and agents will be working together, with the former seamlessly handling repetitive tasks (which is already beginning to happen). Recently, at CES, Nvidia boss Jensen Huang said that in the future, enterprise IT departments would evolve into “HR departments” for AI, responsible for commissioning and maintaining agents working across different functions within the company. What does Devin 1.2 bring to the table? While not a major upgrade, Devin 1.2 introduces some interesting capabilities to make the agent better at its job. The number one feature here is the improved ability to reason in context in a code repository. This essentially means Devin can now better understand the structure and content of a repository. With this understanding, the agent can identify which file is relevant to a particular task, recognize and re-use existing code and patterns, and be more accurate in suggesting edits or creating pull requests (PRs), reducing errors and manual adjustments. For developers, this capability would mean accelerated workflows and reduced cognitive load from searching for files, understanding codebases or fixing inconsistent code.  The other notable update with Devin 1.2 is the introduction of voice messages. Devin can also take voice commands from users, via Slack.  Voice messages for Devin via Slack All one has to do is tag Devin in a Slack chat, hit the “Record audio clip” button and describe the task or feedback the AI engineer should execute. Devin will prepare a step-by-step action and begin to execute the command using its developer tools — its own shell, code editor and browser. The move simplifies how one interacts with the agent, saving the hassle of typing natural-language prompts into Devin’s chatbot-style interface. Improved login process, new enterprise controls Cognition has also made some usability improvements in Devin. For instance, in the new release the company is introducing machine snapshots to simplify the login process for Devin’s workspace. “If you log in for Devin during onboarding with Devin’s browser, we’ll save the cookie for future sessions (if the cookie expires, you’ll need to provide credentials for Devin in Secrets as well). This also unblocks authentication processes that require visiting a URL on Devin’s machine,” the company wrote in a blog post. Cognition is also introducing enterprise accounts, where organization admins will get a centralized console to manage multiple Devin workspaces, including members and their access controls, as well as billing for them.  Finally, the company is adding a usage-based billing model, allowing users to pay for additional capacity beyond their subscription limits. This way, once the users have exhausted their monthly allocation of ACUs, they can continue building beyond that limit by paying for extra usage.  The model has been active since January 9, with users able to set their additional usage budgets according to their needs. This allows users to maintain control over spending while ensuring uninterrupted service when they need additional capacity. Currently, Devin is generally available for engineering assistance at a starting price of $500 a month — with no seat limits. Multiple enterprises are already incorporating it into their workflows, including Lumos, OpenSea, Curai Health, Nu Bank and Ramp. Devin’s new capabilities come as competition in the AI engineering space is heating up. From GitHub Copilot’s widespread adoption to Magic and Poolside AI raising substantial funding to develop cutting-edge capabilities, the race to create the ultimate AI coding assistant is intensifying. Each player is striving to redefine software development, promising faster workflows, reduced cognitive load, and seamless collaboration between human and AI. As these AI-powered agents continue to evolve, they’re not only transforming how developers work but shaping the future of modern work itself, where efficiency and innovation are driven by a partnership between humans and machines. By 2028, Gartner estimates, 33% of enterprise software applications will include agentic AI, enabling autonomous decision-making in 15% of day-to-day work. source