Dell pulled the tarp off several new connected services during Microsoft Ignite, an annual conference hosted by Microsoft that is designed for developers and IT professionals. Several services are intended to take guesswork or security concerns from deploying generative AI, particularly on Microsoft’s Copilot+ PCs. Dell takes on the management of APEX File Storage for Azure APEX File Storage has been available for Azure for some time. However, starting with a public preview in the first half of 2025, customers will have an option for Dell to fully manage it. Unlike Dell, which provides a customer-managed service, APEX File Storage can be used as an Azure-native ISV service. Microsoft Azure administrators will be able to add on Dell APEX Protection services as well. APEX Protection Services uses Zero Trust principles, machine learning, analytics, and forensics tools to protect critical data against ransomware. Dell APEX Protection services for Microsoft Azure are set for release in the first half of 2025. Must-read security coverage Copilot and Azure AI services aim to simplify AI adoption, particularly on Microsoft’s AI PCs Microsoft’s ongoing push of its Copilot AI assistant and Copilot+ PCs has generated corresponding Dell offerings: Dell Services for Microsoft Copilot Studio (low code) and Azure AI Studio (pro code). These are intended to help customers leverage AI capabilities in ways that best match their needs and skill sets. They identify use cases and help customers create bespoke Copilots or other AI solutions. Overall, the goal is to provide frameworks that make it easier to launch AI projects. For Microsoft’s Copilot+ PC, Dell Accelerator Services for Copilot+ PCs offers “optimized usage recommendations” based on employee persona buckets and company goals. It also provides an environment for experimenting with AI. This ranges from data on how NPU utilization affects the client organization’s Al workloads to tips on optimizing Windows 11 settings and Microsoft Intune management for IT teams. The goal is to “maximize the Copilot+ experience and outcomes,” said Dell Vice President of Professional Services Scott Bils in a news briefing on Nov. 13. SEE: Checklist: Securing Windows 11 systems (TechRepublic Premium) Security services added to existing APEX and MDR offerings Other announcements focused on security services. Dell APEX Protection Services for MS Azure is now available as a Dell Managed service. APEX protection includes secure storage, encryption, MFA, AI analytics for attack detection and recovery, and the cyber vault for critical data. Dell APEX Protection Services for MS Azure provides a “simplified approach towards protecting and safeguarding their critical data from ransomware as well as cyber threats through a fortified digital vault in Azure,” said Dell Senior Vice President of ISG and Telecom Product Marketing Varun Chhabra at the news briefing. Lastly, Dell’s Managed Detection and Response now interoperates with Microsoft Defender XDR. This marks a Windows-friendly expansion of Dell’s existing security consultation and advisory solutions. Dell has “paired this industry-leading capability with our certified security experts that help customers stand up and deploy, implement the Microsoft Defender XDR solution, but then also provide support if and when a breach occurs,” Bils noted. Dell adds assistance with CMMC defense certification Dell has rolled out the Cybersecurity Maturity Model Certification alignment for U.S. federal contractors for Microsoft. The certification is a service that helps companies comply with the DoD CMMC standard. CMMC version 2.0 will be rolled out in 2025 and included in DOD contracts starting in December 2024. This service can help companies create a roadmap to align with version 2.0’s requirements. source

VoIP fraud is a serious and growing threat to businesses, with attackers increasingly targeting cloud phone systems to exploit vulnerabilities for financial gain. This type of fraud involves unauthorized access to a VoIP network, often for making costly international calls or redirecting traffic to premium-rate numbers. But there are many types of VoIP fraud, and not all of them rely on premium-rate number schemes. In this post, we’ll explore common VoIP fraud tactics and offer practical steps to protect your business from these threats. 1 RingCentral Office Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Enterprise (5,000+ Employees), Large (1,000-4,999 Employees) Medium, Enterprise, Large Features Hosted PBX, Managed PBX, Remote User Ability, and more 1. Vishing Also known as voice or VoIP phishing, vishing is a tactic that involves social engineering to extract company credentials, like logins, passwords, employee IDs, and other types of business or personal data. Scammers often use VoIP, along with voice-altering software, and other tactics to disguise their identities to pretend they’re someone else, usually someone in a position of authority. Callers then persuade their targets to give up valuable data. This type of scam can take many other forms. With AI and deep fakes, scammers can put on a much more convincing facade. A UK-based energy company’s CEO was scammed out of $243,000 through a deep fake vishing attack, for instance. Train employees on how to take precautions when picking up unexpected phone calls and spot common social engineering attacks, like scammers instilling a sense of urgency or refusing to go into the details after specific questions. Download this free social engineering cheat sheet to help your business harden security against these threats. 2. Wangiri Wangiri loosely translates to “one ring and cut” in Japanese (where this scam originated) and it works exactly the way it’s called. Your phone rings once and then just cuts. The scam is designed to spark your curiosity and make you call back so you can be charged abnormally high international rates. It’s generally accompanied by pre-recorded messages to trick you into thinking you’re talking to the original caller. These messages usually say that they can’t hear you and you should call back to keep you on the line for as long as possible and urge you to call back, so you can be charged all over again. VoIP systems and automated dialers made this scam a lot more common. They allow scammers to make hundreds of calls simultaneously for cheap. There’s also a variation of this scam specifically targeting businesses—Wangiri 2.0. It involves bots spamming business contact request forms with premium-rate numbers to generate callbacks. If businesses do call back, they will have to pay up. The good news, Wangiri is pretty easy to spot once you know how it works. The distinct one-ring (sometimes two) calls along with their international phone numbers are tell-tale signs, so let employees know about them. Also, most of the top VoIP phone services offer advanced call-blocking features, which can automatically block suspicious incoming phone calls. Geo permissions are also a good idea—they let you restrict traffic outside your area of operation. 3. VoIP toll fraud If attackers gain unauthorized access to a business’s VoIP system, they can start blasting out fraudulent calls to high-cost international or premium-rate numbers. Typically, the way this works is that the attacker has a revenue share deal orchestrated with the owner of the premium number. I have spoken with a managed service provider who told me that one of his clients (before they were his client) discovered $18,000 in fraudulent charges to their business phone system. The poor company was on the hook for all of it, and only spotted the fraud when the bill from their vendor came. This type of fraud usually starts with attackers identifying a vulnerable phone system and breaking in. It could be an open port, unsecured endpoint, or compromised credentials. Once the attacker is on the system, they start making calls unnoticed, often during off-hours or spread over time. To protect against this, businesses should implement VoIP security best practices, such as setting up firewalls, regularly updating software, and using strong passwords. Monitoring call details records for unusual activity and setting call limits can also help prevent large-scale fraud. 4. Caller ID spoofing Caller ID spoofing is not necessarily malicious, but it’s often used as part of larger scams to help hide the attacker’s identity and increase the likelihood of having victims pick up the call. This practice involves manipulating the caller ID to display a different name or phone number other than the original — the IT guy’s phone number looked local to you, but the real phone number was actually from a different country. That’s how caller ID spoofing works. Besides helping them pretend they’re someone else, attackers can also use caller ID spoofing to disguise robocalls with expensive international numbers — like Wangiri, but less obvious. Again, be cautious of unexpected phone calls, even if the caller ID seems familiar. Don’t give out personal details and try to ask specific questions to throw attackers out. If the call is accompanied by pre-recorded messages, hang up — it’s probably a robocall. 5. PBX hacking This tactic involves hackers infiltrating your private branch exchange (PBX) through various methods. SEE: Learn fast facts you need to know about PBX.  For instance, hackers will remotely get into a business’s voicemail box by figuring out the voicemail PIN. The problem is, some businesses don’t change the default PIN — usually the last four digits of the phone number, which is easy work for hackers. From there, hackers access the business’s call forwarding settings and change the number to their pay-per-minute line. The next time someone makes a call, the voicemail will redirect to that pay-per-minute line, which of course, comes at huge rates. For cloud PBX systems, hackers can find a PBX’s IP address and then brute force the login credentials to get

The results of the 2024 US presidential election kicked off a flurry of speculation about what changes a second Donald Trump administration will bring in terms of policy, including cybersecurity.  InformationWeek spoke to three experts in the cybersecurity space about potential shifts and how security leaders can prepare while the industry awaits change.    Changes to CISA  In 2020, Trump fired Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs after he attested to the security of the election, despite Trump’s unsupported claims to the contrary. It seems that the federal agency could face a significant shakeup under a second Trump administration.  “The Republican party … believes that agency has had a lot of scope creep,” AJ Nash, founder and CEO of cybersecurity consultancy Unspoken Security, says.   For example, Project 2025, a policy playbook published by conservative think tank The Heritage Foundation, calls to end “… CISA’s counter-mis/disinformation efforts.” It also calls for limits to CISA’s involvement in election security. The project proposes moving the CISA to the Department of Transportation.  Trump distanced himself from Project 2025 during his campaign, but there is overlap between the playbook and the president-elect’s plans, the New York Times reports.   Related:2024 Cyber Resilience Strategy Report: CISOs Battle Attacks, Disasters, AI … and Dust “I think it safe to say that CISA is going to have a lot of changes, if it exists at all, which I think [is] challenging because they have been very responsible for both election security and a lot of efforts to curb mis-, dis- and malinformation,” says Nash.   AI Executive Order  In 2023, President Biden signed an executive order regarding AI and major issues that arose in the wake of its boom: safety, security, privacy, and consumer protection. Trump plans to repeal that order.   “We will repeal Joe Biden’s dangerous Executive Order that hinders AI Innovation, and imposes Radical Leftwing ideas on the development of this technology. In its place, Republicans support AI Development rooted in Free Speech and Human Flourishing,” according to a 2024 GOP Platform document.   Less federal oversight on the development of AI could lead to more innovation, but there are questions about what a lack of required guardrails could mean. AI, how it is developed and used, has plenty of ramifications to cybersecurity and beyond.   “The tendency of generative AI to hallucinate or confabulate … that’s the concern, which is why we have guardrails,” points out Claudia Rast, chair of the intellectual property, cybersecurity, and emerging technology practice at law firm Butzel Long.   Related:Next Steps to Secure Open Banking Beyond Regulatory Compliance While the federal government may step back from AI regulation, that doesn’t mean states will do the same. “You’re going to see … California [and] Texas … and other states taking a very proactive role,” says Jeff Le, vice president of global government affairs and public policy at cybersecurity ratings company SecurityScorecard.    California Governor Gavin Newsom signed several bills relating to the regulation of GenAI. A bill — the Texas Responsible AI Governance Act (TRAIGA) — was introduced in the Lone Star State earlier this year.   Cybersecurity Regulation  The Trump administration is likely to roll back more cybersecurity regulation than it will introduce. “I fully anticipate there to be a significant slowdown or rollback on language or mandated reporting, incident reporting as a whole,” says Le.   Furthermore, billionaire Elon Musk and entrepreneur Vivek Ramaswamy will lead the new Department of Government Efficiency, which will look to cut back on regulation and restructure federal agencies, Reuters reports.  But enterprise leaders will still have plenty of regulatory issues to grapple with. “They’ll be looking at the European Union. They’ll be looking at regulations … coming out of Japan and Australia … they’ll also be looking at US states,” says Le. “That’s going to be more of a question of how they’re going to navigate this new patchwork.”  Related:Beyond the Election: The Long Cybersecurity Fight vs Bad Actors Cyber Threat Actors   Nation state cyber actors continue to be a pressing threat, and the Trump administration appears to be planning to focus on malicious activity coming out of China, Iran, North Korea, and Russia.  “I do anticipate the US taking a more aggressive stance, and I think that’s been highlighted by the incoming national security advisor Mike Waltz,” says Le. “I think he has made a point to prioritize a more offensive role, and that’s with or without partners.”  Waltz (R-Fla.) has been vocal about combatting threats from China in particular.   Preparing for Change  Predicting a political future, even just a few short months away, is difficult. With big changes to cybersecurity ahead, what can leaders do to prepare?  While uncertainty prevails, enterprise leaders have prior cybersecurity guidelines at their fingertips today. “It’s time to deploy and implement the best practices that we all know are there and [that] people have been advising and counseling for years at this point,” says Rast. source

By Christopher Cole ( November 17, 2024, 10:21 PM EST) — President-elect Donald Trump has picked Brendan Carr, the senior Republican on the Federal Communications Commission, as the agency’s next chair, selecting a former general counsel of the agency and frequent critic of the current administration to lead the telecom regulator…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

digital-asset-regulation-wef LinkedIn Email Facebook Twitter WhatsApp The post 行業研究報告: 數位資產監管 – 世界經濟論壇 appeared first on VeriMedia. source

CIOs must take an active role in educating their C-suite counterparts about the strategic applications of technologies like, for example, artificial intelligence, augmented reality, blockchain, and cloud computing. By bridging the gap between technical complexity and business relevance, CIOs can ensure that technology initiatives align with core business objectives, focusing on real-world applications rather than theoretical use cases. This practical understanding of technology enables businesses to make informed decisions, balancing the potential benefits of innovation with the realities of implementation and scalability.  Adopting agile methodologies for flexibility and adaptation  The Greek philosopher Heraclitus famously stated, “Change is the only constant.” John Kotter, a professor at Harvard Business School and a renowned change expert, introduced an eight-step change process in his 1995 book, “Leading Change.” In today’s business environment, agile methodologies have become indispensable for maintaining alignment between IT and business strategies. Agile practices allow organizations to remain flexible, adjusting projects and initiatives in response to evolving market conditions and customer feedback.  By implementing agile methodologies, CIOs ensure IT projects are delivered in short, manageable cycles, enabling continuous adjustments based on real-time data and feedback. This iterative approach fosters collaboration across departments and requires a company culture that embraces agility and constant change. Ensuring the cultural fit with agile principles is critical for promoting an environment where change is welcomed and harnessed for growth. For example, a financial institution might launch a new digital platform and continuously refine its features based on user feedback, showcasing how agile culture and iterative processes efficiently meet both IT and business objectives. Such a dynamic culture ensures that the organization remains flexible and adaptable in an ever-evolving digital landscape. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Israeli startup xpander.ai has introduced the Agent Graph System (AGS), which it says is a major new approach to building more reliable and efficient multi-step AI agents based on underlying AI models such as OpenAI’s GPT-4o series. The goal is to redefine how AI agents interact with APIs and other tools, making advanced automation tasks more accessible to organizations across industries. From left: Ran Sheinberg, co-founder and chief product officer of xpander.ai and David (Dudu) Twizer, co-founder and CEO of xpander AI. Credit: xpander.ai Solving the challenges of multi-step AI agents Function calling, the backbone of most AI agent workflows, enables models to interact with external systems to perform tasks such as fetching real-time data or executing actions. However, these interactions often falter when faced with complex API schemas or unpredictable responses, leading to inefficiencies and errors. xpander.ai’s Agent Graph System introduces a structured solution to these challenges by using a graph-based workflow that guides agents through appropriate API calls step by step. Instead of presenting all available tools at every stage, AGS intelligently restricts options to only those that align with the current context of the task, significantly reducing out-of-sequence or conflicting function calls. Ran Sheinberg, co-founder and chief product officer at xpander.ai, explained in an interview with VentureBeat: “With AGS, we ensure the agent only uses the relevant tools at each step and follows the correct schema, enforcing precision and efficiency.” Sheinberg previously worked at several other startups and as a principal solutions architecture leader at Amazon Web Services (AWS), leading large-scale compute projects with enterprise customers. Democratizing AI agent development xpander.ai aims to make agentic AI development accessible to a broader audience. “We aimed to create an accessible platform that allows anyone to build AI agents, experiment with the technology, and start automating repetitive tasks to focus on what truly matters,” said David Twizer, co-founder and CEO of xpander.ai, in the same interview. The company also offers AI-ready connectors that integrate easily with NVIDIA NIM (Nvidia Inference Microservices) and other systems. These connectors enrich API tools with detailed documentation, operational IDs, and schemas, reducing the technical burden on developers while enhancing runtime accuracy. “Once the setup is complete, you can connect it to any AI system that supports function calling,” Twizer said. “It was crucial for us to design technology that meets customers where they are and offers flexibility to upgrade models over time.” Twizer also previously worked at AWS as a principal solutions architect and leader of the go-to-market generative AI sales architecture. Key Benefits and Real-World Impact In benchmarking tests, xpander.ai demonstrated that AGS, paired with its Agentic Interfaces, enabled AI agents to achieve a 98% success rate in multi-step tasks, compared to just 24% for agents using traditional methods. These agents completed workflows 38% faster and with 31.5% fewer tokens, underscoring AGS’s ability to reduce costs and improve performance. One real-world example of AGS in action involved a benchmarking task where an AI agent had to research companies across platforms like LinkedIn and Crunchbase, then organize the results in Notion. AGS streamlined the process, ensuring tools were used in the correct sequence and schemas were consistently followed. “We provide a complete AI agent that can create an interface to any system,” Twizer added. “The data interface, for the first time, is native to AI, addressing a major pain point the world is struggling with.” AGS’s role in agentic AI xpander.ai positions AGS as a vital step in the evolution of agentic AI, enabling tools like Nvidia NIM microservices to integrate more seamlessly with enterprise systems. “AI agents will need to use APIs for synchronous use cases involving complex data structures, where traditional UIs just aren’t enough,” Sheinberg noted. Through AGS, xpander.ai transforms how AI agents handle error management and context continuity. By embedding fallback options directly within its graph structures, AGS allows agents to retry failed operations or pivot to alternative workflows without human intervention, preserving task stability. This level of reliability ensures that AGS-equipped agents are not just reactive but adaptive, capable of tackling even the most unpredictable workflows. Building the future of AI workflows xpander.ai’s introduction of AGS, coupled with its Agentic Interfaces, represents a significant leap forward for multi-step AI agents. By enabling structured, adaptive workflows and streamlining complex API interactions, AGS sets a new standard for reliability and efficiency in automation. As the company continues to grow, its tools promise to empower businesses to harness the full potential of AI-driven workflows. source

Managing content at scale is a challenge — staying organized, deciding what to post, assigning writers and editors, and monitoring results requires a lot of moving parts. The more people involved, the more complex the system. Editorial calendars simplify all of this. They provide a big-picture overview, making it much easier to strategize and schedule out the week, month, or year. After nearly a decade of managing high volume content teams, here are my favorite no cost editorial calendar templates for different tools. Monday.com: A comprehensive editorial calendar template Monday.com’s editorial calendar template delivers a pre-built content calendar that’s easy to customize alongside team collaboration features and task management capabilities from one of the best project management solutions on the market. It’s great for high level strategy, work management, and centralized content operations out of the box. More on monday.com: monday.com review | Asana vs monday.com | monday.com vs Jira. monday.com’s editorial calendar template doubles as a project management tool. Image: monday.com This template can be used for any and all types of content — from blog posts and ebooks to social media and video, it’s flexible enough to support all of your publishing activity. You can set up a color-coded system to prioritize your most important content and use custom tags to filter everything in a way that’s easy to understand. No matter how stacked your publishing schedule becomes, you’ll always know what’s ahead. If you’re a solo user, it’s likely overkill unless you customize it. However, it’s perfect if you’re working with at least several other people or a full content team. You can use this template, along with 200 others, at no cost with monday.com’s free plan. Pros Cons Tag team members and manage your content workflow. Easy to see if anything is running behind schedule. Template integrates with over 200+ tools. Not ideal for low-volume publishing. Free plan only includes two users. ClickUp: A beginner-friendly editorial calendar template Similar to monday.com, ClickUp is a complete project management solution. The two platforms are nearly identical in terms of features and capabilities, so choosing one over the other mostly comes down to personal preference and price. That said, ClickUp’s editorial calendar template is a bit easier to use out of the gate, especially for beginners. More on ClickUp: ClickUp review | ClickUp vs monday.com | ClickUp vs Notion.  Sign up for a free ClickUp plan to start using this beginner-friendly editorial calendar template. Image: Clickup.com Aside from the traditional calendar, ClickUp gives you five additional views, including a list view, content request view, resource view, and keywords view. Thanks to these extra views, keeping track of deadlines and managing every aspect of your production flow is a breeze. You can also add custom attributes to each piece of content, like the channel, publication date, editor, and even the CTA you’re using. Once you add these, you can track the performance of granular details for all the content you publish. Adding custom attributes takes a few clicks and you can add as many as you need. Because ClickUp is a project management tool, you’re also getting all of the essentials for team collaboration, assigning tasks, and setting due dates. Overall, this template is great whether you’re planning years in advance or just a few weeks. You can start using this template with ClickUp’s free plan in the next five minutes. Plus, ClickUp’s paid plans are more affordable than monday.com. Pros Cons Easy to use, even if you have zero experience with project management tools. Keep track of different content types, writers, and other team members. Multiple views allow you to visualize your strategy. Custom status columns are limited. Gets confusing if you add too many subtasks. Smartsheet: A template for brainstorming and managing content Smartsheet’s editorial calendar template includes an area for brainstorming content ideas and moving the best ideas into your production workflow. It works well for any type of content from videos and images to blog posts, podcasts, and guest posts. It also gives you everything you need to see your schedule by month or year at a glance. More on Smartsheet: Smartsheet review | Smartsheet vs Airtable | Smartsheet vs Asana.  Pick your favorite calendar view or use a combination of multiple tabs to manage your editorial planning. Image: Smartsheet.com You can use this template with Smartsheet, but the tool itself doesn’t have a free plan. If you don’t want to pay, you can download the template and use it with Excel or Google Sheets instead. Either way, you’ll be able to assign tasks, set publishing dates, take notes, leave comments, and stay on top of missed deadlines. That said, it doesn’t traditionally look like a calendar unless you use it with Smartsheet. Instead, you’ll see a table with all of your scheduled content for each month. If you’re a fan of lists and tables, it’s more than enough. Using it with Smartsheet also gives you additional capabilities, including a Gantt chart, automations, basic workload tracking, attachment storage, and more. However, Smartsheet is on the more expensive end of project management and relational database solutions. Pros Cons Good for solo content creators. Use for free with Google Sheets or Excel. Easy to plan multiple months in advance. Dedicated tab for brainstorming. Smartsheet doesn’t have a free plan. Limited views compared to other templates. Airtable: A digital and print editorial calendar template Airtable is an advanced relational database solution that gives you everything you need to build a custom editorial calendar that matches your workflow. Think of it as a blank slate you can customize as much (or as little) as you’d like. If you handle print media, the print editorial calendar template lets you easily manage print and digital media in the same place. More on Airtable: Airtable review | Airtable vs monday.com | Airtable vs Notion.  Manage all of your print content and digital content from a single source of truth with Airtable’s free editorial calendar template. Image: Airtable.com Unlike other templates so far,

The US Department of Homeland Security (DHS) has released recommendations that outline how to securely develop and deploy artificial intelligence (AI) in critical infrastructure. The recommendations apply to all players in the AI supply chain, starting with cloud and compute infrastructure providers, to AI developers, and all the way to critical infrastructure owners and operators. Recommendations for civil society and public-sector organizations are also provided. The voluntary recommendations in “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” look at each of the roles across five key areas: securing environments, driving responsible model and system design, implementing data governance, ensuring safe and secure deployment, and monitoring performance and impact. There are also technical and process recommendations to enhance the safety, security, and trustworthiness of AI systems. AI is already being used for resilience and risk mitigation across sectors, DHS said in a release, such as AI applications for earthquake detection, stabilizing power grids, and sorting mail. The framework looks at each role’s responsibilities: Cloud and compute infrastructure providers need to vet their hardware and software supply chain, implement strong access management, and protect the physical security of data centers powering AI systems. The framework also has recommendations on supporting downstream customers and processes by monitoring for anomalous activity and establishing clear processes for reporting suspicious and harmful activities. AI developers should adopt a secure by design approach, evaluate dangerous capabilities of AI models, and “ensure model alignment with human-centric values.” The framework further encourages AI developers to implement strong privacy practices; conduct evaluations that test for possible biases, failure modes, and vulnerabilities; and support independent assessments for models that present heightened risks to critical infrastructure systems and their consumers. Critical infrastructure owners and operators should deploy AI systems securely, including maintaining strong cybersecurity practices that account for AI-related risks, protecting customer data when fine-tuning AI products, and providing meaningful transparency regarding their use of AI to provide goods, services, or benefits to the public. Civil society, including universities, research institutions, and consumer advocates engaged on issues of AI safety and security, should continue working on standards development alongside government and industry, as well as research on AI evaluations that considers critical infrastructure use cases. Public sector entities, including federal, state, local, tribal, and territorial governments, should advance standards of practice for AI safety and security through statutory and regulatory action. “The framework, if widely adopted, will go a long way to better ensure the safety and security of critical services that deliver clean water, consistent power, Internet access, and more,” said DHS secretary Alejandro N. Mayorkas, in a statement. The DHS framework proposes a model of shared and separate responsibilities for the safe and secure use of AI in critical infrastructure. It also relies on existing risk frameworks to enable entities to evaluate whether using AI for certain systems or applications carries severe risks that could cause harm. “We intend the framework to be, frankly, a living document and to change as developments in the industry change as well,” Mayorkas said during a media call. source