Plus: 95% Of Executives Have Had A Bad Enterprise AI Experience |
| Bringing AI to your enterprise is an important step, but not doing it the right way can be costly. A new study from Infosys found that 95% of C-suite and director-level executives have had a negative experience with enterprise AI use in the last two years. These problems spanned a number of issues. About a third of all recipients reported they had experienced issues in each of these categories: privacy violations, systemic failures, inaccurate or harmful predictions, ethical violations, bias or discrimination, regulatory noncompliance or a lack of explainability. Of those who saw consequences from AI, 33% said the damage was substantial, while 39% classified it as severe—with a third of those saying the AI issues threatened their company’s existence. More than three quarters of companies negatively impacted by AI suffered financial losses, either through revenue lost or increased costs. This isn’t an indictment of AI as a technology, however. Infosys found that many of these companies had not yet laid the framework for responsible AI—determining rules and governance to ensure that AI is trustworthy, mitigates risk, protects data and functions with a degree of environmental sustainability. Fewer than 2% of the 1,500 companies Infosys surveyed for this report have a fully operational responsible AI framework, but the vast majority are starting on the path to develop these policies. In fact, 78% said they believe a responsible AI framework will increase business growth. More than four out of five said they believe regulations on AI would help them develop and further use the technology, bringing better clarity and confidence to AI compliance, with ethical and legal standards that will drive consumer trust. Creating workforce policies for responsible AI takes time and deep discussion, but it is possible. (And likely very necessary, since it does not look like there will be any widespread AI regulation in the U.S. in the near future.) Companies need to look at building trustworthy systems, which not only safeguard data, but also can explain their findings. Companies should also play an active role in observing what the AI systems are doing, and retooling the system when findings aren’t appropriate. They should consider things that might go wrong, and make sure the systems are secure and will perform accurately under these conditions. And they should ensure that they’re taking environmental sustainability into account. AI technology requires a lot of power, and as more entities embrace AI, energy demand will skyrocket. Energy efficient models will not only keep costs down, but minimize your carbon footprint. But as all tech leaders know, you don’t need AI for things to go wrong in an enterprise system. This summer, hacking network Scattered Spider has turned its attention to transportation, and has successfully disrupted flights and schedules for five airlines so far. I talked to Ian Ahl, CTO at identity security platform Permiso Security, about Scattered Spider, its tactics, and how you can prepare your company. An excerpt from our conversation is later in this newsletter.
If you like what you read here, you can easily share it online and on your social media pages. This newsletter, and all previous editions of Forbes CIO, can be found on our website here. |
|
| In today’s CIO newsletter: |
|
| The world’s most valuable company had two huge pieces of news this week. Nvidia released its new AI “robot brain,” the Jetson AGX Thor, and (again) broke a record with its most recent earnings report. Nvidia’s Jetson Thor platform for industrial AI delivers 7.5x better AI performance than its predecessor, the Jetson AGX Orin, and has about 3.5x better energy efficiency, writes Forbes senior contributor Janakiram MSV. He writes that the new platform brings real-time, intelligent interaction with the physical world to industrial robots. With the chip, factory robots could be able to perform several tasks at once, like visible product inspection and coordination with other robots. Forbes senior contributor Dave Altavilla runs down the tech specs of the new platform and its developer tools. He writes that the platform is not only top-of-the-line for robotics—it uses Nvidia’s Blackwell technology—but it’s also furthering Nvidia’s current strategic focus: owning the high-end performance market. The Jetson Thor platform didn’t figure into Nvidia’s latest earnings report, released after markets closed on Wednesday, but the company once again had a record-setting quarter. Revenues were $46.7 billion, surpassing its record of $44.1 billion in the previous quarter, and beating economists’ forecasts. The largest portion of its revenues came from data centers, which brought in $41.1 billion. However, analysts predicted this area would come in at $41.3 billion. The miss brought a slight drop to Nvidia’s stock on Thursday morning. |
|
| President Donald Trump has inserted the White House and federal government into business in an unprecedented way. Last week, he brokered a deal for the U.S. to take a 10% stake in Intel. With this deal, the federal government will be the third-largest stakeholder in the publicly traded company, with its 10% share only behind a pair of 13% stakes held by Blackrock and Vanguard. Intel had been promised close to $11 billion to support its manufacturing facilities through former President Joe Biden’s CHIPS Act. The equity stake is being cast as a redirection of those funds. Intel, which was one of the world’s hottest companies during the PC boom in the ‘90s, has had a relatively slow spell, but it’s nowhere near the point of imminent collapse. CEO Lip-Bu Tan has been working to reinvigorate and refocus the chip maker since he took the helm in March, laying off employees, slowing down new facilities, and focusing on finding customers before increasing manufacturing capacity. Many policymakers and economists criticized Trump’s decision, saying it exposed the government to market risk, takes a step toward state-controlled industry and socialism, and is bringing unprecedented government intrusion into business. Trump dismissed those critics as “stupid,” and promised to make more deals like this one. He’s already inserted the federal government into the AI business, making a deal with Nvidia and AMD to pay the U.S. government 15% of their revenue from chip sales to China. |
|
| The stock market has recently been on a tear, with the S&P 500’s total value up 84% in the last five years. But some wary investors are looking at the rapid rise and the big players, and envisioning a replay of the dotcom bubble a quarter century ago, writes Forbes’ Hank Tucker. Today, much like the late ‘90s, the IT sector makes up more than 33% of the S&P 500 index. And just like investors a quarter century ago bought up shares in internet companies, today’s investors are going all in on AI. Rob Arnott, founder and chairman of investment advisor Research Affiliates, told Tucker that today’s top companies tend to be great companies with great products, but bubbles burst when the margins are wrong—and they seem unrealistically optimistic around some of today’s high flyers. Last week, OpenAI CEO Sam Altman told The Verge he thinks the AI market is in a bubble. Considering that Altman is one of the primary figures that started the boom, Forbes contributor Paulo Carvão writes, it’s worth heeding the warning. |
|
 | | Permiso Security CTO Ian Ahl. Permiso Security, Getty |
|
| | | How To Disrupt Scattered Spider’s Web |
|
|
|
| This summer, hacker group Scattered Spider has certainly helped make travel more difficult. After a warning from the FBI that they were likely to target airlines, Scattered Spider disrupted flights on five airlines in two months. Most of the attacks came as a result of deception, not sophisticated hacking, with hackers calling corporate help desks and impersonating actual employees, asking for—and getting—assistance in accessing those employees’ accounts. I talked to Ian Ahl, CTO at identity security platform Permiso Security, about Scattered Spider’s methods and how you can be ready for them on the cybersecurity front. This conversation has been edited for length, clarity and continuity. What should companies do to protect against these kinds of attacks? Ahl: There’s back-to-basics things. Phishing-resistant multi-factor authentication really helps out. But when they call the help desk and the help desk disables that, that control is gone now. You almost have to assume there’s going to be a way around MFA. Everyone put a lot of faith that MFA solves everything. It does help quite a bit, but it is not a silver bullet there. You need visibility. I think a lot of organizations are kind of still stuck on the inventory posture phase of identity. You need to know what actions are actually taking account. You’ve got to get to that runtime detection phase if you want to really do anything. And then your basics still matter. Least privilege is needed for some of these organizations. A bad guy is going to steal some data from Snowflake. Well, they’re clicking in with an account that hasn’t touched Snowflake in 12 months. Should that account have Snowflake access? Probably not. Make sure you have visibility across all your applications, to include SaaS, which is unfortunately the hardest part, but is where attackers are learning most before they take action in environment. What about the help desk issue? If somebody calls the help desk and falsely claims to be somebody high level on the IT team or the CFO, what can be done to better thwart these attacks? Identity verification programs are a must. You can’t just rely on small bits of information. The hard thing with the help desk is it just takes one person who is not great at their job for the attacker to get through. And when [hackers] are doing this, they’re not doing it for just one identity. They’re calling for dozens of identities—and they’re English speaking and confident, and have a little bit of information to validate that they are who they say they are. Unfortunately, you’ve just got to do more. You almost can’t blame the help desk, either. This is what they’re designed to do: to be helpful in these situations. But most organizations, after they’ve gone through this, we see them putting in strong identity verification programs with their help desk to combat this in the future. Some of my peers in the industry are reporting deepfake videos. I haven’t seen that yet from this group, but I have heard cloned voices from them. So when they’re impersonating the CFO, they sound like the CFO. It has to be more than, ‘I recognize this voice and it sounds like this person.’ How are most companies doing with these protocols to stop these attacks? That’s the thing that is most concerning about this group for me. By the time an organization realized what’s going on—which may be hours or even less from when the incident occurred— [the hackers] have moved so far, they've captured so many other credentials that it is really hard to stop them, especially when they go from cloud to on-prem. You reset their password here in cloud. The bad guy just reset their password. It gets synced right back up to the cloud. You’re in this weird game. Where before it could take a couple days for [hackers] to really gain their feet in an environment, it’s just a couple of hours now. And for organizations that are doing well with this, I would say even some of the more high profile attacks that you've read about recently, these organizations do very well. They found it very quickly. They called in the right people, but the bad guy just moved too fast. Faster than they could. It seems that hackers are always coming up with new techniques. How can a CIO, CTO or CISO be vigilant and ward off anything that may be coming now or in the future? I would say focus more on the tactics than on the groups. The groups are going to change, but these tactics remain relatively the same. You want to put up as many speed bumps as possible to slow these guys down along the way. Is phishing-resistant MFA going to stop them? No. But it gives you more opportunity to catch them along that path. Is doing least privilege across all your applications a solution? Now we’re going to start seeing some errors along the way. Unfortunately, convenience for your employees is also convenience for the attackers. Even things like Copilot—in recent attacks from this group, instead of searching, they’ve prompted Copilot to go search SharePoint for me to figure out how to use the VPN. So do we stop our employees from being able to use Copilot? Do we restrict what type of data Copilot can use? Put up as many speed bumps as possible along that path to slow them down, give you the opportunity to disrupt them before they make it too far. |
|
|
Cybersecurity provider Palo Alto Networks appointed Lee Klarich as chief product and technology officer. Klarich was previously chief product officer, and succeeds company founder Nir Zuk, who is retiring after more than 20 years of building the firm.
|
|
Workforce management provider UKG hired Jim Joudrey as chief technology officer. Joudrey was most recently vice president of digital acceleration at Amazon, and he will succeed Sri Srinivasan, who had been interim CTO since 2023.
|
|
Logistics and transportation firm RPM selected Binu Panicker as its new chief technology officer. Panicker most recently worked in the same role at FreightVerify.
|
|
| Send us C-suite transition news at forbescsuite@forbes.com. |
|
| When Zscaler CEO Jay Chaudhry said that the company processes anonymized proprietary log data to train AI models on new threat signals, it started a new debate on what trust means in an AI-enabled cybersecurity world. Here’s some ways to look at and discuss the concept, both from the provider and customer standpoint. Companies can innovate on their own, but in today’s world with its modern tech challenges, some of the best new ideas come through companies working together. Here’s a toolkit to build and scale productive partnerships for innovation. |
|
| | A court filing last week said that Elon Musk tried to get another tech billionaire to join his unsolicited bid to buy OpenAI. Who was it? | | A. | Jeff Bezos | | B. | Sergey Brin | | C. | Larry Ellison | | D. | Mark Zuckerberg |
| | Check if you got it right here. |
|
|
