Tag: automation

Posted on by

UK government under-prepared for catastrophic cyber attack, hears PAC

The government is under-prepared for a catastrophic cyber attack and still dogged by legacy IT, but making progress, the Public Accounts Committee of the House of Commons has heard.

The committee, chaired by Geoffrey Clifton-Brown, Conservative MP for North Cotswolds, took testimony on 10 March from four high-ranking government IT leaders about the cyber resilience of Whitehall departments. This followed the publication, in January, of a report by the National Audit Office (NAO), which found government cyber resilience lacking, weakened by legacy IT and skills shortages, and facing mounting threats.

In its Government cyber resilience report, the public spending watchdog warned that the cyber threat to the UK government is “severe and advancing quickly”. It found that 58 critical government IT systems, assessed in 2024, had significant gaps in cyber resilience, and the government does not know how vulnerable at least 228 “legacy” IT systems are to cyber attack.

The NAO spotted that the government’s cyber assurance scheme, GovAssure, found significant gaps in cyber resilience, with multiple fundamental system controls at low levels of maturity across departments. GovAssure assesses the critical systems of government organisations. It was set up in April 2023.

The question, according to the report under review at the PAC committee session, is no longer if the government will face a damaging cyber attack, but how severe the impacts may be, as the sophistication and number of attacks continues to rise.

As the government’s operations become increasingly digitised, so too does the severity of potential impacts resulting from cyber attacks. In an effort to combat this, the government published a Cyber Security Strategy in 2022, which set out plans to make the public sector resilient to cyber attacks by 2030. The PAC chair said the committee would look at “how the government understands the severity of the cyber threat that it faces, how it can best achieve the aim of the strategy, and build the government’s resilience to cyber attacks”.

Testifying before the committee were: Cat Little, chief operating officer for the Civil Service and permanent secretary to the Cabinet Office; Vincent Devine, government chief security officer and head of the Cabinet Office’s Government Security Function; Joanna Davinson, interim government chief digital officer at the Department for Science, Innovation and Technology; and Bella Powell, cyber director of the Cabinet Office’s Government Security Group.

One matter of concern to the MPs on the committee is the lack of visibility civil servants seem to have into the very number of government IT systems, spread across departments and “arms-length bodies”, and to what extent they are “legacy” systems especially vulnerable to cyber attack.

Clive Betts, Labour MP for Sheffield South East, said: “This is quite a critical issue. This is about the threat from potential cyber attack that could be launched against a legacy system, and we don’t yet know what the systems are to begin with.”

This is quite a critical issue. This is about the threat from potential cyber attack that could be launched against a legacy system, and we don’t yet know what the systems are to begin with Clive BettsLabour MP for Sheffield South East

Davinson responded: “It’s not a simple, ‘What’s the list?’ We’ve asked that question of departments, and have had responses through our legacy risk framework. We’ve got that understanding and we are continuing to expand that out to other organisations. [But] it’s not a resource-free exercise.”

Little added: “What this part of our discussion really brings to light is that government, in a period of scarce resources, has got to make prioritised decisions based on risks and how much assurance is desired. And it’s for the government to set its risk appetite, and to use that risk appetite and information to allocate resources accordingly.

“We’ve made huge progress in understanding the most significant issues that we’ve got [in terms of legacy], and whilst it’s not every single system, it is the vast majority … [and] we’re using both GovAssure and our technical expertise in legacy IT to set out for ministers the choices about risk and how much risk they want to buy out. That is the fundamental question. If you’ve got X billion pounds available to fund people, resources, skills, to remediate legacy IT, and to invest in new technology, how you use your allocative resource has got to be risk based, and it’s got to be outcome based. The whole point of the Spending Review process is to bring outcomes and risks together so that ministers can make a funding allocation choice.”

Powell said: “We are ramping up the number of systems that we’re looking at. We are not doing that in an exponential fashion, but I think it’s also worth noting that with GovAssure, we are driving the car and building it at the same time. We launched it in April 2023 following some early pilots with departments [when] it was still at an early-stage assurance process.

“There is much more that we can and need to do, particularly in terms of automation of that process, in terms of providing stronger support and guidance to departments in implementing it, and also in the root cause analysis to better understand the data that we are gathering from that process. It is by no means a finished product, it is by no means a perfect product, but what it’s already starting to do is give us the outcomes that we need in terms of understanding resilience levels and where we can take action.”

MPs were also concerned about the extent to which the government has, as the NAO report states, under-estimated the extent of cyber risk.

Devine was candid in relation to the lateness of the introduction of GovAssure in April 2023. “We probably have woken up to the scale of cyber risk more slowly than we should have done. We were probably unrealistic in relying upon self-assessment [of government departments],” he said.

We didn’t ramp up the government response to cyber security from assurance through to response as quickly as we should have … because we [weren’t] as alive to the threats as we should have been Vincent DevineCabinet Office

“Despite recognising this in 2010, starting to invest money significantly in 2016, we didn’t ramp up the government response to cyber security from assurance through to response as quickly as we should have, in retrospect. Why? Because I don’t think we were as alive to the threats as we should have been, and probably because we hadn’t had the incidents that brought it to life for us that we and our allies have had over the last five years. It’s not a good answer, but it is the true answer,” Devine added.

To that, Little added: “It’s really difficult to go back in time to our predecessors. Like all good risk management, you manage risks as best you can until they become an issue. When they become an issue, and they’re live and they’re real, you step up your response…. We’ve always known about the risks, but it wasn’t until it became a real, live issue that the scale of what we were dealing with became clear, and it needs a different sort of response.”

The original NAO report gave, as an example of how damaging cyber attacks can be, the instance, in June 2024, of an attack on a supplier of pathology services to the NHS in south-east London, which led to two NHS foundation trusts postponing 10,152 acute outpatient appointments and 1,710 elective procedures. It also cited the British Library ransomware attack in October 2023, which has already cost £600,000 to rebuild services. The library expects to spend many times more as it continues to recover. These were mentioned in the PAC session.

The report found that the biggest risk to making the UK government resilient to cyber attack is a gaping skills gap. One in three cyber security roles in government were vacant or filled by temporary – and more expensive – staff in 2023-24, while more than half of cyber roles in several departments were vacant, and 70% of specialist security architects were staff on temporary contracts.

In the Public Accounts Committee meeting, Little said she was sad to see a continued over-reliance on contractors, but that initiatives such as a cyber security Fast Stream and a new “digital pay framework” were “starting to have an impact”.

Powell added that the overall number of digital technology professionals in the civil service has grown, and stands at nearly 6%. “It’s not as much as we’d like it to be. We are struggling with the very technical resources, and that’s a market problem – they are scarce in the private sector as well as in the public sector,” she said.

Source

Posted on by

March Patch Tuesday brings 57 fixes, multiple zero-days

Microsoft has dropped a grand total of 57 fixes to mark the third Patch Tuesday update of 2025 – rising to closer to 70 when third-party vulns are taken into account – including six zero-days and six critical flaws needing urgent attention.

The zero-days comprise a security feature bypass in Microsoft Management Console, two remote code execution (RCE) issues in Windows Fast FAT File System Driver and Windows NTFS, two information disclosure vulnerabilities in Windows NTFS, and a privilege escalation flaw in Windows Win32 Kernel Subsystem.

All are listed as exploited by Microsoft, but have not yet been made public, and all are considered to be important in their severity, carrying CVSS scores that range from 4.6 to 7.8.

A seventh vulnerability, an RCE issue in Windows Access, has been listed as public but does not appear to be actively exploited at the time of writing.

The six critical vulnerabilities, carrying CVSS scores of 7.8 through 8.8, are all RCE flaws. Two of them affect Windows Remote Desktop Services, and the four others relate to Microsoft Office, Windows Domain Name Service, Remote Desktop Client, and Windows Subsystem for Linux Kernel.

“All six of the vulnerabilities that Microsoft has labelled as exploit detected are resolved with the monthly cumulative update,” said Tyler Reguly, Fortra associate director of security research and development.

“This means a single update to roll out to fix all of these at once. Thankfully, none of them require post-patch configuration steps. The same is true for five of the six critical severity vulnerabilities. A lot of our important fixes come from the same patch.

“The remaining critical vulnerability, CVE-2025-24057, and the publicly disclosed vulnerability, CVE-2025-26630, both require Office updates. For those running click-to-run, there’s not a lot to do, but for those running Office 2016, there are two patches to install, one for Office and one for Access,” he added.

Reguly said that fortunately, this limited the amount of patching needed to resolve the attention-grabbing flaws. “However,” he said, “they are big ticket items and with headlines likely to state, Microsoft patches six zero-day vulnerabilities, admins will likely have a lot of questions to answer about the state of their patching.”

Big ticket items: big impacts

Assessing these big ticket items in a little more depth, Immersive senior director of threat research, Kev Breen said the NTFS and FAT RCE flaws probably warrant the greatest attention. These flaws form part of a chain with the two NTFS information disclosure vulnerabilities.

“These four CVEs are all related to a remote code execution vulnerability that is associated with mounting Virtual Hard Disk (VHD) files. These are tracked separately as CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, and CVE-2025-24993, so when it comes to patch management ensure all four are covered.

Breen explained that the exploit chain relies on the attacker convincing a user to open or mount a virtual hard disk (VHD) file. These are typically used to store operating systems for virtual machines and while more usually associated with VMs, there have been cases down through the years where such files have been used to smuggle malware payloads onto target systems.

“Depending on the configuration of Windows systems, simply double-clicking on a VHD file could be enough to mount the container and, therefore, execute any payloads contained within the malicious file,” said Breen. “Organisations should check their security tools for any VHD files being sent via email or downloaded from the internet and look to add security rules or blocks for these file types where they are not required.”

Meanwhile, Alex Vovk, CEO and co-founder of Action1, considered some of the implications of the Windows Win32 Kernel EoP flaw, tracked as CVE-2025-24984.

“CVE-2025-24983 provides a direct path from low privileges to SYSTEM access, making it an attractive target for attackers with initial access via phishing, malware, compromised credentials or insider threats,” said Vovk.

“Although classified as high complexity, well-resourced attackers – including state-sponsored groups and cyber criminal organisations – have historically overcome such constraints through automation and repeated attempts. Race-condition vulnerabilities in kernel subsystems have proven to be reliably exploitable, given sufficient attacker persistence and environment predictability.   

“Organisations heavily dependent on Windows infrastructure – including enterprises, governments, and critical infrastructure sectors – are at risk. Kernel-level privilege escalation vulnerabilities remain highly valuable to attackers, as they serve as a key pivot point in advanced cyber attacks, enabling deeper network infiltration and persistent access,” said Vovk.

Source

Posted on by

IT Sustainability Think Tank: Environmental trends to redefine IT strategies in 2025

Sustainability is a critical driver for business growth. This is not just a response to consumer demand but also a strategic move to mitigate risks associated with environmental changes. For instance, changing weather patterns have already impacted over half of global businesses, prompting significant operational shifts.

Investors are also raising the bar. Companies with strong sustainability credentials are becoming more attractive, with these credentials often surpassing traditional metrics like productivity.

With this in mind, Gartner has identified nine environmental trends IT leaders need to get on the front foot of in order to redefine their IT strategies in 2025.

These trends are not just reactive measures but proactive strategies that offer competitive advantages.

Distributed energy resources (DERs)

Small-scale energy systems, such as solar panels and microgrids, are revolutionising power consumption. DERs reduce costs, alleviate grid congestion, and provide organisations with more control over energy sources. IT leaders should explore integrating DERs into operations, particularly for powering datacentres and edge computing sites.

Climate adaptation

The increasing frequency of extreme weather events necessitates robust climate adaptation strategies. Resilient infrastructure, predictive weather analytics, and other measures are essential for safeguarding operations and ensuring business continuity.

Resource-positive buildings

 Imagine buildings that generate more energy, water, or heat than they consume. Resource-positive designs are reshaping sustainable construction, with IT playing a crucial role through smart sensors, Internet of Things platforms, and real-time monitoring systems.

 Digitally enabled sustainability

 Digital tools such as analytics, artificial intelligence (AI), and automation are becoming indispensable for reducing environmental impacts. IT leaders can leverage predictive maintenance to optimise energy consumption and use AI-driven insights to identify inefficiencies across operations.

Circular economy models

The days of “take, make, waste” are over. Circular economy principles focus on extending product lifecycles through reuse, repair, and recycling. For IT, this means adopting modular hardware designs, refurbishing assets, and reducing e-waste.

Hidden greenhouse gas and emissions from waste

Unaccounted-for emissions from landfills are a silent contributor to climate change. IT leaders must track these emissions across supply chains and operations, implementing better waste management systems to address the issue.

Be prepared for course corrections on the path to net-zero

 Setting net-zero targets is easy – achieving them is another story. IT leaders must focus on practical, interim actions such as transitioning to renewable energy, tracking scope 3 emissions, and adopting carbon-offsetting technologies. Transparency is key to building stakeholder trust.

Environmental consequences of conflict

Geopolitical unrest exacerbates environmental challenges, from damaged infrastructure to displaced populations and biodiversity loss. Organisations must assess supply chain vulnerabilities and implement strategies to manage risks in volatile regions.

Space pollution

A growing concern, space debris from retired satellites and discarded rocket components threatens critical infrastructure, including communications networks. IT leaders should stay informed on this emerging issue and advocate for sustainable satellite technologies.

Ignoring these trends is not an option. From regulatory penalties to reputational damage, the risks of inaction are clear. IT leaders must take proactive steps to address environmental challenges and transform them into opportunities for growth and resilience.

This involves adopting resilient practices by building infrastructure and processes that can withstand environmental disruptions, as well as implementing systems to monitor and manage greenhouse gas emissions across operations.

Embracing circularity is another crucial strategy, which includes transitioning to modular, reusable IT assets and prioritising recycling initiatives to minimise waste.

Additionally, IT leaders should reduce dependency on centralised grids by leveraging localised energy solutions, such as distributed energy resources, to enhance operational efficiency and sustainability. By acting decisively and thinking innovatively, IT leaders can ensure their organisations remain competitive in the face of environmental challenges.

Looking ahead: a strategic necessity

The environmental challenges outlined here are not distant threats — they are immediate disruptors that demand urgent action. Every delay increases the risks of resource depletion, regulatory penalties, and reputational damage.

IT leaders have a pivotal role in shaping the response, not just by mitigating risks but by positioning their organisations as innovators in sustainability.

The question isn’t whether to act—it’s how quickly you can adapt to these realities. Organisations that proactively integrate these environmental trends into their IT strategies will not only safeguard their future but also unlock competitive advantages that propel them ahead of their peers.

Source

Posted on by

Salesforce execs at TDX 25: Agentforce a whole system AI play

At the TDX 2025 developer conference in San Francisco, Salesforce executives presented its Agentforce agentic AI technology as a “whole system” approach, where large language models (LLMs) are less significant than a “trinity” of data, applications and agents. Relatedly, they consistently disparage “DIY” artificial intelligence (AI) programmes.

Paula Goldman, the supplier’s chief ethical and humane use officer, said: “I think a lot of the public discourse about AI has been about [large language] models. But if you think about Agentforce, it’s a whole system. There’s a foundation model, and then there’s a series of smaller models that go into our Atlas system, and there are workflows that are automated that people can draw on. We’ve got used to talking about AI as models over the past few years, but I think we need to be talking about systems.”

David Schmaier, president and chief product officer at Salesforce, said the supplier’s entire technology stack, including Slack and Tableau, comes into play with Agentforce. He also pointed to its Data Cloud platform as central to its AI offer.

“You couldn’t have a computer without a microprocessor; you need storage and RAM and a display and an operating system around it. That’s what we’ve done. We have our data cloud, which harmonises hundreds of thousands of systems. It gives you the data, the metadata and the semantics. That’s why we can outperform an LLM by itself. LLMs have hallucinations, they have bias, toxicity. An LLM is necessary but insufficient. We add to the LLM. Our view is the data powers the AI and then the AI powers the customer experience of the future,” he said.

An LLM is necessary but insufficient. We add to the LLM. Our view is the data powers the AI and then the AI powers the customer experience of the future David Schmaier, Salesforce

“We call it the ‘holy trinity’. We have the Data Cloud, then we have our Sales Cloud, Service Cloud and Marketing Cloud apps – which is how we got the name Salesforce – as well as Slack, Mulesoft and Tableau. And now we have Agentforce on top of all that. That’s how we can turn on 10,600 customers over three days with agents. It’s because we are using the same platform as we have for 25 years. So, with a healthcare company, for example, that has workflows it has bult in its Salesforce deployment, it can make all those available for [virtual] agents,” Schmaier added.

He believes too many organisations are doing DIY AI. “Most people are just trying to take whatever apps they have, whether it’s Salesforce or SAP or Workday, and just buying ChatGPT and trying to plug it in. No other competitor has what we have, in terms of agents. We think we have a real lead in this agentic field. We’ve sold to 5,200 customers since launching at Dreamforce [in September 2024]. Now, we have 200,000 customers, and most don’t use Agentforce today,” he said.

Rahul Auradkar, executive vice-president and general manager of Unified Data Services and Einstein at Salesforce, made a similar argument about what the provider calls DIY AI.

“What we are doing with agents is an entire system. We’re not shipping a model, an app or a copilot. We’re shipping an AI system on a deeply unified platform. What that system allows our enterprise customers, who don’t want to do the DIY, to do is surface customer-centric analytics and workflows, and listen to the customers to feed back to the system so the agents get better. Copilots are a narrow sliver of what AI can be,” he said.

“The difference between a DIY AI and an enterprise using [our] system is that the enterprise can focus on things that they are good at, which is plenty of things. They have their data. The have their transactions. They have their engagement data. They have their AI policies, their workflows, their automations. We bring all that together within a deeply unified platform and drive value for our customers,” added Auradkar.

DIY AI programmes strongly in evidence among users

And yet, analyst research from Informa TechTarget’s Enterprise Strategy Group (ESG) offers a contrast with Salesforce’s disparagement of DIY AI – a complicating contrast rather than a confutation, but a contrast nevertheless.

Towards the end of 2024, ESG surveyed 832 professionals at organisations across the globe involved in the strategy, decision-making, selection, deployment and management of generative AI (GenAI) initiatives and projects at their organisations and familiar with their organisation’s use of third parties to support GenAI initiatives.

The resulting report, The state of the generative AI market: Widespread transformation continues – authored by Mark Beccue, principal analyst, Mike Leone, practice director and principal analyst, and Emily Marsh, associate research director – does find support for an agentic AI philosophy: “Respondents most often said that they see AI agents, virtual assistants, and intelligent chatbots powered by AI as valuable productivity tools, though they also often said they view them with cautious optimism (41%). Over two-thirds of organisations are planning for or considering AI agents, which represents a significant opportunity for AI vendors to target these requirements with capabilities and services.”

They also note, however: “The AI agent market is extremely nascent and loaded with challenges, including managing single-task agents, interoperability problems, the potential emergence of multitask agents and security.”

But the authors also remark, similarly to Salesforce’s Auradkar, that: “A wide majority (84%) of respondents agreed it is important to incorporate their own enterprise data into models that support generative AI. GenAI models themselves are not a competitive differentiator. Rather, effectively identifying, organising and vetting internal data for use with GenAI models is the key to creating unique and highly actionable insights.”

The research also found user organisations to be embracing a variety of LLMs – open source and proprietary. The largest percentage of respondent organisations (43%) are both proprietary and open source models.

Alongside this enthusiasm for using large language models, the study found that organisations are placing “their bets on internal resources, planning to reskill or upskill employees (58%) and provide education and awareness training to employees (43%)”. This suggests a growing cadre of employees who will want to do DIY AI.

The authors comment: “Employee enthusiasm for these technologies is likely at a high point as GenAI excitement pervades many facets of society, so this internal investment will likely be a win-win situation whereby personnel receive welcome development opportunities and the business gains valuable GenAI expertise.”

At Dreamforce in September 2024, Marc Benioff, co-founder, chairman and CEO of Salesforce, was in combative mood in respect of Agentforce, positioning it as a wholescale alternative to generative AI copilot usage, associated with Microsoft and Google, but with other vendors too.

“There’s a lot of narratives out there from vendors, and a lot of it is not true,” he said at the time. “You need to sit with those customers [at the Dreamforce event], look at the code and break the hypnosis coming from all the vendors. There’s plenty of real customers here who are really deploying real AI. But there are billions being invested in copilots, delivering how much productivity increase? Is there a better way to do it? And so, that’s our gambit.”

The game is still being played. The middle game lies ahead.

Source

Posted on by

HMRC looks to upgrade SOC with advanced SIEM tech

His Majesty’s Revenue and Customs (HMRC) is firming up plans to procure more security information and event management (SIEM) services as it seeks to enhance its existing Security Operations Centre (SOC) capabilities, according to a request for information (RFI) published this week.

As the UK’s tax authority, HMRC is tasked with upholding the integrity of the country’s financial systems and ensuring public trust. It serves a broad public sector customer base of more than five million businesses and 45 million individuals, and manages over £800bn every financial year. As such, it faces significant and sophisticated cyber security threats on a day-to-day basis.

“This RFI seeks solution and service related information that would be capable of enhancing HMRC’s SOC through the deployment of advanced technological tools and expertise,” the department said in a tender notice. “Ideal partners will demonstrate a clear technological roadmap aligned with HMRC’s strategic needs, show a commitment to effective communication, and provide flexible and scalable solutions.

“A strong focus on long-term collaboration is essential to meet our cyber security objectives, as outlined in the RFI documents, effectively safeguarding against the continuously changing global geopolitical and economic landscape.”

At their core, SIEM systems such as the one proposed for HMRC are data aggregation services that draw information from various sources, identify anomalies that could indicate cyber threats, and take action – such as generating alerts for SOC teams or activating other countermeasures. More advanced SIEM capabilities incorporate elements of user and entity behaviour analytics (UEBA) and security orchestration, automation and response (SOAR).

Government departments unprepared

In recent weeks, both the Public Accounts Committee (PAC) and National Audit Office (NAO) have gone on record to say that departments across the British government appear to be woefully unprepared for a “catastrophic” cyber attack – largely as a result of over-reliance on legacy IT systems, a long-acknowledged issue in government.

Earlier this week, the PAC head witness statements from government IT leaders who discussed how civil servants across Westminster lack visibility into their IT systems and the extent to which they are vulnerable to cyber attacks.

The NAO report, published at the end of January 2025, found that 58 critical government IT systems had “significant gaps” in cyber resilience, and that the state of resilience of a further 228 legacy IT systems was essentially unknown.

Besides this lack of understanding, the NAO identified a lack of coordination within government that risks jeopardising a joined-up approach to cyber security at Westminster, including a lack of understanding of departmental roles and responsibilities, including those of the National Cyber Security Centre (NCSC).

It also warned of a serious skills gap, with roughly a third of open cyber security roles in government either vacant or filled by temporary contractors.

Its findings were based off a series of interviews with Cabinet Office officials who have been tasked with implementing the current Government Cyber Security Strategy: 2022-2030, as well as staffers from the NCSC, the Central Digital and Data Office (CDDO), and other civil servants working around cyber security. The NAO also sought input from the British Library, which fell victim to a significant ransomware attack in the autumn of 2023.

HMRC’s contract is currently set to begin on 1 December and will run for three years to 30 November 2028. The closing date for the RFI is midday on Friday 27 March. The department has not yet put a value to the contract.

Source

Posted on by

How Toyota is transforming its digital employee experience

Toyota, one of the world’s largest car manufacturers, has embarked on a project to transform its digital employee experience (DEX).

In the US, Toyota has ambitions to eliminate its traditional IT service desk this year, and if it’s unable to hit that target, it aims to at least reduce IT helpdesk calls by 80%. Part of the strategy to get there is the use of automation, predictive analytics and virtual assistants. “The traditional service desk is always reactive,” says Zakir Mohammed, manager of artificial intelligence and automation at Toyota. 

Looking at the experience employees can go through on a traditional IT helpdesk, he says it can take days, or even weeks, for support personnel to respond and fix an IT problem. For instance, if someone needed a new piece of software, they would need to raise a helpdesk ticket. In Mohammed’s experience, IT support would contact the individual who raised the ticket two to three days later, then block out a slot of 30 minutes or an hour to install the application.

“There was a lot of reactiveness happening,” he says. “At some point, our employees gave up opening tickets and started suffering in silence. We decided the traditional way of running a helpdesk was not sustainable. We needed to have a proactive approach.”

The company is a Gartner client, and Gartner’s digital employee experience market research recommends tools that conform to industry standards. Gartner defines DEX management tools as software that measures and continuously improves the performance of employee sentiment towards company-provided technology.

The tools tend to offer near-real-time processing of aggregated data from endpoints, applications, employee sentiment and actionable insights, which, according to Gartner, can power self-healing automation and enhance employee interactions with self-service portals and chatbots. Gartner says DEX tools also help IT support, asset management, procurement and other teams whose work depends on reliable information.

“Some of the tools and technology we evaluated looked very promising,” says Mohammed. “But the tool we currently use is Nexthink, which aligns with our requirements.”

Instead of waiting for IT issues to be manually triaged, Toyota’s 100,000 staff members now benefit from the IT department using Nexthink’s DEX technology to proactively detect, diagnose and remedy IT issues across endpoints.

Getting started with DEX

Toyota initially began a small-scale pilot of Nexthink with 100 users. Metrics were collected, enabling the IT team to understand the issues the pilot users were experiencing.

One of the challenges Toyota faced was that while it had deployed advanced observability tools to monitor business applications and IT infrastructure such as storage, the company lacked the tools required to monitor users, the performance of their devices, their experience of the IT they used and their overall sentiment.

Given people are considered a business’s most important asset, Mohammed believes it’s important to measure their experience of the IT they require to do their jobs.

Having evaluated a sample of 100 employees, he says: “What we saw was eye-opening. There were so many issues.”

Toyota then scaled up the proof of concept to 30,000 users. This step involved using automation. “We deployed to 30,000 users,” says Mohammed. “We were not only collecting the information, but we also started automating.”

Discussing the benefits of the roll-out, he says Toyota now has visibility of user devices, which helps the company offer a seamless digital experience and automates certain helpdesk tasks. 

Nexthink is also being used for predictive maintenance, such as replacing laptop batteries before they die. “If the performance of a certain type of battery is going from 80% to 60% in the next six months, these batteries may require replacement,” says Mohammed. “This is great information for the IT delivery team. It means they not only buy the batteries in advance, but can also proactively replace them before the old battery dies.”

Another way Nexthink is being used is in software reclamation. “There are tonnes of software sitting on laptops and we’re paying software licences for them,” he says. “Nexthink is able to check if the software has been used in the past 90 days. This information can then be used to send an automated message to ask if the application is still required. One click and it’s automatically reclaimed by the IT software library.”

The final piece of the DEX story at Toyota is the use of a virtual assistant. “We want to make it like a ChatGPT for Toyota, so that employees can submit a request and it does the work behind the scenes,” says Mohammed.

In effect, the virtual assistant is used to parse free text entered by users and translate these requests into actions that can be sent to Nexthink.

Another use of the virtual assistant is to enable users to request software directly. “If you need PowerBI, it connects behind the scenes with Nexthink, picks up the software and installs it,” he says. “You don’t have to do anything. Once the install is done, you get a notification saying that your software is ready.”

If Toyota’s goal is to reduce IT helpdesk calls, the ability for a user to have IT problems proactively resolved via a virtual assistant, or perhaps use it to request new software, shows where the digital employee experience is heading. 

Source

Posted on by

Top 10 women in tech and diversity in tech stories of 2024

This year signalled a worrying time for diversity, equity and inclusion in the technology sector as many firms began rolling back their initiatives and efforts.

This lack of commitment led many notable diversity organisations to dial back their own efforts, not wanting to contribute to allowing firms to pretend to be making a difference rather than actually turning the dial.

As the year bows out, many questions still remain about how the diversity landscape will look next year in the UK’s tech sector.

At the beginning of the year, women in the technology and finance sectors mobilised to reverse a government decisions which threatened to cause a diversity rift for startup funding.

Following a consultation, HM Treasury decided to change the criteria for what defines a “high-net-worth individual”, making it more difficult for women to become angel investors.

MP Caroline Dinenage backed the investHER campaign, which called for a change in the new law, and eventually the decision was reversed.

Research from BCS, expanding on the organisation’s study from before the pandemic, found that growth of diversity in the UK’s tech sector has been slow in the past five years.

Using women in tech as an example, the research found the number of women who make up UK tech professionals was 20% in 2022, only a 4% increase since 2018.

There is lots of debate about what exactly prevents people from underrepresented groups choosing a tech sector career.

The Institute of Coding claimed in some research that people aren’t fully sure what a role in the technology sector involved, and this misunderstanding, alongside the lack of representation of the UK’s general population among those in tech roles, is a huge barrier for those considering a career in tech.

In the summer of 2024, network for women in business, Everywoman, announced the winners of this year’s technology awards, in partnership with Bupa.

‘Empower. Transform. Thrive’ was the theme this year, with much of the conversation surrounding the importance of increasing the visibility and accessibility of female role models in the tech sector to encourage others into tech.

Each year, Computer Weekly, alongside its partner Harvey Nash, hosts a diversity in technology event to discuss subjects relating to the topic and to announce its list of the most influential women in UK technology.

The writeup from the 2023 event was released this year, including advice from tech experts on how to promote diversity and inclusion in tech businesses and why everyone needs to be involved where diversity, equity and inclusion is involved.

As part of ServiceNow’s Knowledge24 event, actress Viola Davis spoke on her career, on women in tech, and on the importance of supporting those around you both in your career and in your life.

Stating that you “can’t go it alone” in life, Davis explained how mentorship and help from others massively helped her through her career, mirroring the conversation in the technology sector surrounding the importance of role models for encouraging others to pursue a tech role.

Artificial intelligence (AI) is becoming increasingly important in both life and business, leaving many concerned about the diversity of the teams who are developing it.

Research from IBM found that business leaders in the UK believe that making sure women are in decision-making positions in the technology sector will be vital for ensuring AI and other technologies are developed with everyone in mind.

After its annual report found that the tech industry is dialling back on diversity initiatives, the Tech Talent Charter announced it would be disbanding after nearly 10 years in operation.

As it closed its doors, it issued a call to action to the industry not to go backwards in its efforts to improve the industry, giving advice on what to do next.

The industry’s concern that not having women involved in the development of technologies such as AI would have a detrimental affect on some user groups was confirmed by research from Code First Girls and Tech Talent Charter.

Job automation is 40% more likely to affect women than men, according to the joint research, though this could be improved with ongoing training.

In 2024, Sheridan Ash, co-CEO of technology education charity Tech She Can, became the 13th person to be named Computer Weekly’s most influential woman in UK tech.

The announcement was made alongside the rest of the top 50, as well as Computer Weekly’s 2024 Rising Stars, and the list of women in tech Hall of Famers.

Source

Posted on by

Innovation, insight and influence: the CISO playbook for 2025 and beyond

As 2024 comes to a close and we reach the midpoint of a decade that might generously be described as having so far been ‘turbulent’, I’d like to inject a note of positivity regarding the outlook for the second half of the 2020s. 

Before you dismiss me as naïve or irrationally optimistic, please hear me out. I’m not claiming that the cyber security threats facing CISOs and their teams aren’t extremely problematic. On the contrary, threat actors are adopting AI to mount more complex and sophisticated attacks. This is a trend we can expect to continue in the second half of the 2020s. 

But this is exactly why we cyber security professionals cannot afford to be immobilised by fear, uncertainty and doubt. To borrow a line from the Frank Herbert sci-fi epic Dune, “Fear is the mind killer.” And the broader business community must avoid paralysis too. What’s clear is, the nature of today’s threat landscape demands a united front.

To help allay fear, cyber security professionals can create a robust plan and a playbook of strategies that we can be confident will service us well. With that in mind, I’d like to propose that CISOs and their teams focus on continuing to build three key attributes in 2025 and beyond: innovation, insight and influence. 

Innovation is vital

Innovation is a vital element of the CISO playbook for 2025 and beyond. In the next five years, all analysis points to an escalation of cyber security threats driven by artificial intelligence (AI), and I firmly believe we must fight fire with fire. In other words, just as malicious actors have been quick to master and weaponise AI to conduct their attacks, AI can help cyber security teams build robust defences. 

Cyber criminals are already using AI to automate attacks, to identify vulnerabilities in corporate systems, and to create attacks that are more likely to evade detection. In response, cyber security teams should be using AI to proactively patch any points of weakness, to spot suspicious anomalies in traffic flows and user behaviours, and to stop them in their tracks. AI provides the bridge between security data and actionable knowledge at scale. 

In short, smart cyber security teams will get AI working for them. They will tap into its analytic powers and automation capabilities to craft proactive and adaptive strategies that reduce their reliance on traditional rules-based detection and manual effort.  

Insight matters

Insight matters because we need to recognise and acknowledge that cyber threats are changing. Ransomware, phishing, zero-day exploits haven’t gone away – but increasingly, cyber security teams must also consider their approach to deepfake attacks, based on fraudulent but highly convincing images and multimedia files purporting to relate to real people. 

The use of deepfakes by malicious actors is on the rise. In February 2024, Hong Kong police authorities reported that a finance worker at a multinational firm was tricked into paying out $25m to fraudsters who use deepfake technology to pose as the company’s own chief financial officer in a video conference call. The firm was later revealed to be engineering giant Arup

In May, Mark Read, the CEO of the world’s largest advertising company WPP, became the target of an elaborate deepfake scam, in which fraudsters created a WhatsApp account with a publicly available image of Read and used it to set up a Microsoft Teams meeting that appeared to be with him and another senior WPP executive. In this case, the attempt to solicit money and personal data was unsuccessful. 

Other firms will be targeted, as the underlying technology becomes more accessible and affordable for threat actors. According to IT market analyst company Gartner, by 2026, almost one-third of organisations (30%) will consider their current authentication or digital ID tooling inadequate to fight deepfakes. 

With that in mind, during 2025, IT security teams must step up and play an instrumental role in helping to counter this kind of sophisticated social engineering attack, by educating executives and employees on the risk, training them to spot deepfakes, and putting advanced AI and machine learning capabilities to work on identifying and deterring them. 

Security influencers

Finally, CISOs must continue to engage more broadly with business to understand its priorities. The CISO’s expertise and opinions must directly impact business strategy and they are important interlocutors in boardroom discussions about organisational risk. 

Today’s CISO is more frequently involved in strategic conversations and needs a sound understanding of overall business priorities in order to build programmes that manage risk exposure effectively. In short, the role is expanding significantly as cyber attacks become an ever-more complex and prominent part of the overall enterprise risk picture. 

This trend will see CISOs working more closely than ever with other senior executives, including those involved in overseeing finance, legal, HR and operations, as well as with those at the very top of the corporate hierarchy. A recent survey from Deloitte Global, for example, shows that one in five businesses worldwide now has the CISO report directly to the CEO, rather than the chief information officer.

According to the report’s authors: “Today CISOs are not only protectors against outside threats, but key players helping their organisation find success by integrating cyber considerations in the strategic decision-making process.”

I couldn’t agree more. Innovation, insight and influence are just three elements of my own strategy for 2025 and beyond – others include inclusivity and imagination – but I believe they will go a long way in helping us to face the future with determination and a positive mindset.

Source

Posted on by

Top 10 data and ethics stories of 2024

In 2024, Computer Weekly’s data and ethics coverage continued to focus on the various ethical issues associated with the development and deployment of data-driven systems, particularly artificial intelligence (AI).

This included reports on the copyright issues associated with generative AI (GenAI) tools, the environmental impacts of AI, the invasive tracking tools in place across the internet, and the ways in which autonomous weapons undermine human moral agency.

Other stories focused on the wider social implications of data-driven technologies, including the ways they are used to inflict violence on migrants, and how our use of technology prefigures certain political or social outcomes.

In an analysis published 14 January 2024, the IMF examined the potential impact of AI on the global labour market, noting that while it has the potential to “jumpstart productivity, boost global growth and raise incomes around the world”, it could just as easily “replace jobs and deepen inequality”; and will “likely worsen overall inequality” if policymakers do not proactively work to prevent the technology from stoking social tensions.

The IMF said that, unlike labour income inequality, which can decrease in certain scenarios where AI’s displacing effect lowers everyone’s incomes, capital income and wealth inequality “always increase” with greater AI adoption, both nationally and globally.

“The main reason for the increase in capital income and wealth inequality is that AI leads to labour displacement and an increase in the demand for AI capital, increasing capital returns and asset holdings’ value,” it said.

“Since in the model, as in the data, high income workers hold a large share of assets, they benefit more from the rise in capital returns. As a result, in all scenarios, independent of the impact on labour income, the total income of top earners increases because of capital income gains.”

In January, GenAI company Anthropic claimed to a US court that using copyrighted content in large language model (LLM) training data counts as “fair use”, and that “today’s general-purpose AI tools simply could not exist” if AI companies had to pay licences for the material.

Anthropic made the claim after, a host of music publishers including Concord, Universal Music Group and ABKCO initiated legal action against the Amazon- and Google-backed firm in October 2023, demanding potentially millions in damages for the allegedly “systematic and widespread infringement of their copyrighted song lyrics”.

However, in a submission to the US Copyright Office on 30 October (which was completely separate from the case), Anthropic said that the training of its AI model Claude “qualifies as a quintessentially lawful use of materials”, arguing that, “to the extent copyrighted works are used in training  data, it is for analysis (of statistical relationships between words and concepts) that is unrelated  to any expressive purpose of the work”.

On the potential of a licensing regime for LLM’s ingestion of copyrighted content, Anthropic argued that always requiring licences would be inappropriate, as it would lock up access to the vast majority of works and benefit “only the most highly resourced entities” that are able to pay their way into compliance.

In a 40-page document submitted to the court on 16 January 2024 (responding specifically to a “preliminary injunction request” filed by the music publishers), Anthropic took the same argument further, claiming “it would not be possible to amass sufficient content to train an LLM like Claude in arm’s-length licensing transactions, at any price”.

It added that Anthropic is not alone in using data “broadly assembled from the publicly available internet”, and that “in practice, there is no other way to amass a training corpus with the scale and diversity necessary to train a complex LLM with a broad understanding of human language and the world in general”. 

Anthropic further claimed that the scale of the datasets required to train LLMs is simply too large to for an effective licensing regime to operate: “One could not enter licensing transactions with enough rights owners to cover the billions of texts necessary to yield the trillions of tokens that general-purpose LLMs require for proper training. If licences were required to train LLMs on copyrighted content, today’s general-purpose AI tools simply could not exist.”

Computer Weekly spoke to members of the Migrants Rights Network (MRN) and Anti-Raids Network (ARN) about how the data sharing between public and private bodies for the purposes of carrying out immigration raids helps to prop up the UK’s hostile environment by instilling an atmosphere of fear and deterring migrants from accessing public services.

Published in the wake of the new Labour government announcing a “major surge in immigration enforcement and returns activity”, including increased detentions and deportations, a report by the MRN details how UK Immigration Enforcement uses data from the public, police, government departments, local authorities and others to facilitate raids.

Julia Tinsley-Kent, head of policy and communications at the MRN and one of the report’s authors, said the data sharing in place – coupled with government rhetoric about strong enforcement – essentially leads to people “self-policing because they’re so scared of all the ways that you can get tripped up” within the hostile environment.

She added this is particularly “insidious” in the context of data sharing from institutions that are supposedly there to help people, such as education or healthcare bodies.

As part of the hostile environment policies, the MRN, the ARN and others have long argued that the function of raids goes much deeper than mere social exclusion, and also works to disrupt the lives of migrants, their families, businesses and communities, as well as to impose a form of terror that produces heightened fear, insecurity and isolation.

At the very end of April, military technology experts gathered in Vienna for a conference on the development and use of autonomous weapons systems (AWS), where they warned about the detrimental psychological effects of AI-powered weapons.

Specific concerns raised by experts throughout the conference included the potential for dehumanisation when people on the receiving end of lethal force are reduced to data points and numbers on a screen; the risk of discrimination during target selection due to biases in the programming or criteria used; as well as the emotional and psychological detachment of operators from the human consequences of their actions.

Speakers also touched on whether there can ever be meaningful human control over AWS, due to the combination of automation bias and how such weapons increase the velocity of warfare beyond human cognition.

The second global AI summit in Seoul, South Korea saw dozens of governments and companies double down on their commitments to safely and inclusively develop the technology, but questions remained about who exactly is being included and which risks are given priority. 

The attendees and experts Computer Weekly spoke with said while the summit ended with some concrete outcomes that can be taken forward before the AI Action Summit due to take place in France in early 2025, there are still a number of areas where further movement is urgently needed.

In particular, they stressed the need for mandatory AI safety commitments from companies; socio-technical evaluations of systems that take into account how they interact with people and institutions in real-world situations; and wider participation from the public, workers and others affected by AI-powered systems.

However, they also said it is “early days yet” and highlighted the importance of the AI Safety Summit events in creating open dialogue between countries and setting the foundation for catalysing future action.

Over the course of the two-day AI Seoul Summit, a number of agreements and pledges were signed by the governments and companies in attendance.

For governments, this includes the European Union (EU) and a group of 10 countries signing the Seoul Declaration, which builds on the Bletchley Deceleration signed six months ago by 28 governments and the EU at the UK’s inaugural AI Safety Summit. It also includes the Seoul Statement of Intent Toward International Cooperation on AI Safety Science, which will see publicly backed research institutes come together to ensure “complementarity and interoperability” between their technical work and general approaches to AI safety.

The Seoul Declaration in particular affirmed “the importance of active multi-stakeholder collaboration” in this area and committed the governments involved to “actively” include a wide range of stakeholders in AI-related discussions.

A larger group of more than two dozen governments also committed to developing shared risk thresholds for frontier AI models to limit their harmful impacts in the Seoul Ministerial Statement, which highlighted the need for effective safeguards and interoperable AI safety testing regimes between countries.

The agreements and pledges made by companies include 16 AI global firms signing the Frontier AI Safety Commitments, which is a specific voluntary set of measures for how they will safely develop the technology, and 14 firms signing the Seoul AI Business Pledge, which is a similar set of commitments made by a mixture of South Korean and international tech firms to approach AI development responsibly.

One of the key voluntary commitments made by the AI companies was not to develop or deploy AI systems if the risks cannot be sufficiently mitigated. However, in the wake of the summit, a group of current and former workers from OpenAI, Anthropic and DeepMind – the first two of which signed the safety commitments in Seoul – said these firms cannot be trusted to voluntarily share information about their systems capabilities and risks with governments or civil society.

 Dozens of university, charity and policing websites designed to help people get support for serious issues such as sexual abuse, addiction or mental health are inadvertently collecting and sharing site visitors’ sensitive data with advertisers.  

A variety of tracking tools embedded on these sites – including Meta Pixel and Google Analytics – mean that when a person visits them seeking help, their sensitive data is collected and shared with companies like Google and Meta, which may become aware that a person is looking to use support services before those services can even offer help.

According to privacy experts attempting to raise awareness of the issue, the use of such tracking tools means people’s information is being shared inadvertently with these advertisers, as soon as they enter the sites in many cases because analytics tags begin collecting personal data before users have interacted with the cookie banner.

Depending on the configuration of the analytics in place, the data collected could include information about the site visitor’s age, location, browser, device, operating system and behaviours online.

While even more data is shared with advertisers if users consent to cookies, experts told Computer Weekly the sites do not provide an adequate explanation of how their information will be stored and used by programmatic advertisers.

They further warned the issue is “endemic” due a widespread lack of awareness about how tracking technologies like cookies work, as well as the potential harms associated with allowing advertisers inadvertent access to such sensitive information.

Computer Weekly spoke to author and documentary director Thomas Dekeyser about Clodo, a clandestine group of French IT workers who spent the early 1980s sabotaging technological infrastructure, which was used as the jumping off point for a wider conversation about the politics of techno-refusal.

Dekeyser says a major motivation for writing his upcoming book on the subject is that people refusing technology – whether that be the Luddites, Clodo or any other radical formation – are “all too often reduced to the figure of the primitivist, the romantic, or the person who wants to go back in time, and it’s seen as a kind of anti-modernist position to take”.

Noting that ‘technophobe’ or ‘Luddite’ have long been used as pejorative insults for those who oppose the use and control of technology by narrow capitalist interests, Dekeyser outlined the diverse range of historical subjects and their heterogenous motivations for refusal: “I want to push against these terms and what they imply.”

For Dekeyser, the history of technology is necessarily the history of its refusal. From the Ancient Greek inventor Archimedes – who Dekeyser says can be described as the first “machine breaker” due to his tendency to destroy his own inventions – to the early mercantilist states of Europe backing their guild members’ acts of sabotage against new labour devices, the social-technical nature of technology means it has always been a terrain of political struggle.

Hundreds of workers on Amazon’s Mechanical Turk (MTurk) platform were left unable to work after mass account suspensions caused by a suspected glitch in the e-commerce giant’s payments system.

Beginning on 16 May 2024, a number of US-based Mechanical Turk workers began receiving account suspension forms from Amazon, locking them out of their accounts and preventing them from completing more work on the crowdsourcing platform.

Owned and operated by Amazon, Mechanical Turk allows businesses, or “requesters”, to outsource various processes to a “distributed workforce”, who then complete tasks virtually from wherever they are based in the world, including data annotation, surveys, content moderation and AI training.

According to those Computer Weekly spoke with, the suspensions were purportedly tied to issues with the workers’ Amazon Payment accounts, an online payments processing service that allows them to both receive wages and make purchases from Amazon. The issue affected hundreds of workers.

MTurk workers from advocacy organisation Turkopticon outlined how such situations are an on-going issue that workers have to deal with, and detailed Amazon’s poor track record on the issue.

Refugee lawyer and author Petra Molnar spoke to Computer Weekly about the extreme violence people on the move face at borders across the world, and how increasingly hostile anti-immigrant politics is being enabled and reinforced by a ‘lucrative panopticon’ of surveillance technologies.

She noted how – because of the vast array of surveillance technologies now deployed against people on the move – entire border-crossing regions have been transformed into literal graveyards, while people are resorting to burning off their fingertips to avoid invasive biometric surveillance; hiding in dangerous terrain to evade pushbacks or being placed in refugee camps with dire living conditions; and living homeless because algorithms shielded from public scrutiny are refusing them immigration status in the countries they’ve sought safety in.

Molnar described how lethal border situations are enabled by a mixture of increasingly hostile anti-immigrant politics and sophisticated surveillance technologies, which combine to create a deadly feedback loop for those simply seeking a better life.

She also discussed the “inherently racist and discriminatory” nature of borders, and how the technologies deployed in border spaces are extremely difficult, if not impossible, to divorce from the underlying logic of exclusion that defines them.

The potential of AI to help companies measure and optimise their sustainability efforts could be outweighed by the huge environmental impacts of the technology itself.

On the positive side, speakers at the AI Summit London outlined, for example, how the data analysis capabilities of AI can assist companies with decarbonisation and other environmental initiatives by capturing, connecting and mapping currently disparate data sets; automatically pin point harmful emissions to specific sites in supply chains; as well as predict and manage the demand and supply of energy in specific areas.

They also said it could help companies better manage their Scope 3 emissions (which refers to indirect greenhouse gas emissions that occur outside of a company’s operations, but that are still a result of their activities) by linking up data sources and making them more legible.

However, despite the potential sustainability benefits of AI, speakers were clear that the technology itself is having huge environmental impacts around the world, and that AI itself will come to be a major part of many organisations Scope 3 emissions.

One speaker noted that if the rate of AI usage continues on its current trajectory without any form of intervention, then half of the world’s total energy supply will be used on AI by 2040; while another pointed out that, at a time when billions of people are struggling with access to water, AI-providing companies are using huge amounts of water to cool their datacentres.

They added AI in this context could help build in circularity to the operation, and that it was also key for people in the tech sector to “internalise” thinking about the socio-economic and environmental impacts of AI, so that it is thought about from a much earlier stage in a system’s lifecycle.

Source

Posted on by

2025: The year of AI for business – top trends to watch out for

You might not have started thinking about your Christmas shopping yet, but I bet you’ve been thinking about what artificial intelligence (AI) for business is going to look like in 2025. If you haven’t, then settle in with a glass of mulled wine, because now is your chance.

AI has come leaps and bounds over the past few years and is currently one of the biggest opportunities for business growth. With capabilities to intelligently automate admin tasks, take on customer service tasks, and analyse masses of data, the advantages are endless. But there’s still lots of room for development, in ways which will and won’t surprise you.

Stepping into the year of AI for business

Like your list of New Year’s Resolutions, the regulation landscape is constantly changing and adapting to the needs of tech businesses. For AI development to thrive in 2025, there must be a supportive environment ready for it. There’s no denying the appetite for AI, with over 120 bills on AI currently before the United States Congress. These build upon regulations already in place, such as the EU AI Act, which promotes the rapid adoption of trustworthy AI through reduced administrative burdens for SMEs and clear requirements for AI use.

The EU AI Act defines AI systems by their risk rating, splitting them up into prohibited, high-risk, limited-risk, and minimal-risk groups. This is something we could see changing in 2025, with the potential for new legislation focusing on AI classification over risk. This approach would consider criteria such as the intended uses and basic properties of AI systems.

New legislation coming into effect next year will significantly impact how businesses can use AI. Data management is one area likely to see substantial legislative focus, ensuring that AI does not compromise the security and privacy of business and customer data.

AI developments – The weird and the wonderful

As new legislation is rolled out in 2025, it will give businesses and developers more freedom and safety to largen AI’s scope. Many of us will already have AI ingrained into our processes, but what will we be bringing on board next?

  • Leading the way – Microsoft

One company which has been leading the way in AI development in 2024 has been tech giant Microsoft. At its recent Ignite 2024 event, it made several announcements which demonstrate the acceleration of AI in 2025. One of these was that Microsoft Teams will let participants speak in a language of their choice, through its new AI-powered Interpreter feature. Facilitating global communication and collaboration, this is one powerful way in which AI will fuel business growth.

Microsoft also announced the introduction of its AI agents this year. These agents will drive organisational wide optimisation and automation by collaborating with workers, a step forward from the AI assistants we already have. Agents can be trained to know your organisation from top to bottom and can compile details for business pitches and presentations whilst you focus on more valuable tasks.

  • Cutting corners with automation

Like AI agents, other AI systems which rely on trigger-based automation will flourish in 2025. Once the system is notified of a trigger, such as an email being received, it can digest the information and deliver an automated response to the trigger. Automated AI will seamlessly slot into business processes, taking care of admin tasks which frees up time for workers in all levels of the business to spend more time with customers and focus on their long-term needs.

The rise of automated AI poses a need for focus on responsible usage. Automation means that AI could be exposed to confidential data, and without the right protection measures in place, could learn that data and share it without authorisation. Legislation will play a key role in ensuring the responsible and ethical use of AI, but responsibility lies with business leaders as well to make sure that AI adoption goes hand in hand with education. Its important to understand that we will always include a human in the loop and full observability of these interactions with AI.

AI-powered systems might be forging new opportunities for businesses, but they lose their value and customer trust if inaccurate. To prioritise the accuracy of the models AI systems are trained on, we will see a shift in the New Year on how this process works. Grounding an model in accurate, secure data is extremely important. The better he data the more accurate the responses will be. Developers may synthesise their training data on large language models, and then train the AI system on a small language model.

This will approve the accuracy of the AI system, but as it adds degrees of complexity, it also poses the risk of potential bias or incorrect activity, such as the AI hallucination concept. When AI produces information like it is fact without any data to back it up, it’s a sign that something has gone wrong with the training data. Whilst 2025 will be a big year for the development of training models, businesses need to be aware of how their AI systems are being trained to avoid bias and unethical practice.

Not just a New Year’s Resolution

The huge amount of investment in 2025 is just one of many signs that AI isn’t a fleeting New Year’s Resolution. Companies like OpenAI and Microsoft have made a long-term commitment to investing in AI development, because they know we’re still unlocking its full portfolio of capabilities. Even if they’re not profiting off AI right now, it’s undoubtable that the future is rich. But this isn’t just a game for the big players, small businesses will also be staking their claim by adopting and investing in AI.

With the developments we’ll see next year in automation, robotics, and training data, it’s certain that there’ll be a flurry of businesses who haven’t explored AI yet looking to adopt. To make the most of the new developments, don’t wait until New Year’s Day to get started, reach out to the experts now to help your business get AI ready.

Chris Huntingford is the newly-promoted director of AI at ANS, a digital transformation provider and Microsoft’s UK Services Partner of the Year 2024. Headquartered in Manchester, it offers public and private cloud, security, business applications, low code, and data services to thousands of customers, from enterprise to SMB and public sector organisations.

Source