Up Times
AI integrations that still keep uptime the main thing? Bryley’s here for your peace of mind.
AI adoption is greatly outpacing AI security and governance … 13% of organizations reported breaches of AI models or applications, while 8% of organizations reported not knowing if they had been compromised in this way … of those compromised, 97% report not having AI access controls in place … as a result, 60% of the AI-related security incidents led to compromised data and 31% led to operational disruption.1
Bryley has earned its reputation2 as an advisor about secure data practices. Although the widespread adoption of AI tools is a new phenomenon, the principles of sound data management apply and following them can help you accomplish the deployments you envision while limiting your risk exposure.
More details about AI integration in this Up Times. There’s also a new report about how you can mange your organization’s invisible infrastructure including when to co-manage or fully outsource IT.
1 2025 IBM Cost of Data Breach report, https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications,-97-of-which-reported-lacking-proper-ai-access-controls
2 A Top-Growth Mass Co, Top 10 among IT Services in Central Mass, MSP 501 recipient 11 times
Bryley’s report. Freely available to download.
Report: The Invisible Infrastructure
Out of sight, out of mind
Business managers can tell you the condition of their building’s roof or describe their electrical service. Fewer speak as readily about their digital infrastructure. And for many organizations, that infrastructure has grown – with remote work and cloud tools, including AI integrations.
Bryley’s report, The Invisible Infrastructure, examines how organizations are managing this challenge — and what’s at stake when IT is an afterthought, and the gains when IT’s handled like a strategic asset … [8 min. read] Continue Reading >
Remote monitoring. A solid IT foundation shapes the results of AI integration.
An uptime mindset gives you a better way to think about AI
It has been shown that AI models in real-world contexts do not always perform as expected [based on pre-deployment] testing environments. Post deployment issues include … hallucination, sycophantic behavior, security exploits, and false claims … models have been found to detect when they are being evaluated … the variability introduced by AI models, coupled with the many system components … and user interactions, forms a large attack surface –NIST, Trustworthy and Responsible AI
This month the National Institute of Standards and Technology (NIST) issued a report about the challenges of post-deployment testing of AI systems in organizations. Real-world testing has been a standard practice of any tech installation. But AI tools present new challenges.
The report confirms areas of concern NIST raised in its 2023 publications, but with M365 Copilot and other newly mainstream business-use AI, the attack surface has grown … [6 min. read; audio available] Continue Reading >
A somewhat mixed ransomware report. More refuse to pay and more attacks unleashed.
In 2025 Ransomware gangs were indiscriminate about victims
As observed from crypto-payment analysis
Chainalysis analyzes activity on the public blockchain ledger where most cryptocurrency resides; among the data it tracks are ransomware payments.
For 2025 the amount paid to criminals is decreasing – more victims are refusing to pay, while both the number of criminal originators of ransomware has grown (a democratization of this type of malware), and as might be expected by that increase, the number of attack attempts has grown by a huge 50%.
So there is a less targeted, more widespread scattershot approach to getting people to bite on ransomware-launching links. That is, it’s increasingly not just healthcare and utilities that get hit.
The best defense against these kinds of attacks includes:
-
- Employee training on a regular basis — to keep them up-to-date on techniques being used against them, and to keep vigilant
- Good antivirus and anti-malware to block known variants
- EDR — behavior-based criminal detection and containment
- Reliable-when-you-need-them backups (lack of a good restore-set can end a business)
Layered security, like implementing all four of the above, help organizations not be among the casualties … [20 min. read] chainalysis.com
Here it’s a game, in business it may be a vulnerability.
Bypassing chatbot controls
Learn how the bad guys work the systems – Also get better clarity about how LLMs operate and fail
LLMs (Large Language Models aka chatbots or AI agents) have guardrails so they stay on course.
Bryley-partner Check Point’s game allows you to safely see what it’s like to take down AI defenses, as it pits you against stricter and stricter controls. In the game, you get the agent to reveal a secret password it’s been trained to not share.
The biggest takeaway for me was seeing the fragility of these plain-language bots. If you are using agents to navigate your workflow – it’s important you have data controls in place. Bryley can help you make better choices … [? min. play time] lakera.ai
Vetting what’s real in the digital world from what’s fake is getting harder.
Deep fakes are a part of life now
Here’s how the Times decided on which Maduro image to show
Stuart noted an odd-looking second row of windows in the aircraft hold.
How does your employee know if it’s really a vendor emailing their banking router number change? How will an employee know it is or isn’t a manager on the phone making gift card purchase requests?
Because AI is getting more capable, more and more we have to go through a process not unlike what the NY Times did before publishing an image of captured Venezuelan President Nicolas Maduro.
Some images were immediately circulating on social media – but were they real? Here’s the process the Times used to determine if any images had a high probability of being legitimate.
Several A.I.-detection sites did not find definitive signatures that the images were generated by A.I. These [detection] sites are not foolproof, however; they often register some uncertainty with images that are verifiably authentic.
But even the remote chance that the images were not genuine — coupled with the fact they came from unknown sources, and details like Mr. Maduro’s clothing being different between the two images — was strong enough to disqualify them from publication. Seems already a useful rule-of-thumb: when the stakes are high, err on the side of caution … [5 min. read] nytimes.com
You don’t know what you don’t know.
If I had never learned [to read a map] and started relying only on GPS, my brain wouldn’t develop that spatial awareness.
–Jennifer Ferguson, Head of User Experience & Student Success, Tufts Tisch Library
“I already know how to read a map. But if I had never learned and started relying only on GPS, my brain wouldn’t develop that spatial awareness. I wouldn’t even know that I was missing it.”
AI can be a security risk regarding its access permissions. But also, depending on its use, wrong information can be entered by it into your form fields. AI may feel efficient. It may even be efficient, but that doesn’t erase the need for oversight or your organization may be responsible for the consequences.
It is important to be critical of AI-generated information, per the Tufts Teachers’ blog, because if you’re not an expert in a topic, you may not even recognize what’s missing. AI tools already shape our search engines, academic databases, and even job applications. Ignoring [AI tools] isn’t the answer – using them wisely is … [4 min. read] tufts.edu
Cellphone systems were never set up to be secure.
Stealing your phone number, aka “sim swapping”
Using your phone number for MFA? That’s risky
The study also found that carriers [undermined] security to reduce customer friction … carriers inadvertently weakened their own defenses against SIM swap fraud.
Along with all the data breaches and their sale on the dark web, comes this “sim swapping” crime that’s sadly easy for criminals to pull off: let’s say they buy your username and password, but they still can’t get into your bank because you’ve set up MFA (multifactor authentication). No problem. They look up your phone number on a web directory, call the cell carrier claiming they are you and ask the number be reassigned to a phone they control. And, I guess you can see, the walls come down.
For many victims the first sign of an issue is that their phone stops working. When they connect via wifi comes the second sign, their funds have been removed.
As a good first step – protect your cell phone account with strong MFA like with an authenticator app like DUO or device like a DUO physical hardware token (Bryley can help) … [7 min. read] thomsonreuters.com
Note: The section directly above is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Get Up Times, useful tech news by New Englanders in Your In-Box
- Subscribe to Up Times, the monthly New England-centric technology newsletter.
- Up Times covers:
-
- Trends in New England tech
- Security tips you can implement now
- Updates on regional and national laws and compliancies
- IT-related developments
- Networking and cybersecurity challenges New England business managers are facing
- In continuous publication since 2000, Up Times arrives monthly in your email box.
Sign up for Up Times to have tech news and tips delivered monthly via email
