Entries by Lawrence Strauss

An Uptime Mindset Gives You A Better Way to Think About AI

by
It has been shown that AI models in real-world contexts do not always perform as expected [based on pre-deployment] testing environments. Post deployment issues include … hallucination, sycophantic behavior, security exploits, and false claims … models have been found to detect when they are being evaluated … the variability introduced by AI models, coupled with the many system components … and user interactions, forms a large attack surface –NIST, Trustworthy and Responsible AI

This month the National Institute of Standards and Technology (NIST) issued a report about the challenges of post-deployment testing of AI systems in organizations. Real-world testing has been a standard practice of any tech installation. But AI tools present new challenges.

The report confirms areas of concern NIST raised in its 2023 publications, but with M365 Copilot and other newly mainstream business-use AI, the attack surface has grown … [6 min. read]

The Invisible Infrastructure Report

by
Download Bryley’s report, The Cost of Outsourced IT. It’s available to download with no obligation. The report presents a look at:

Outsourced IT costs depend on your business size, industry requirements, current infrastructure, and growth plans.

For instance what works for a regulated business might be overkill for a startup, while a low price may mean unwanted gaps in protection … [6 min. read]

BYOAI?

by
McKinsey’s 2025 report “Superagency in the Workplace” shows that employers are aware of only one-third of their employees’ AI agent use. And MIT last year showed 90% of workers used AI for their work and only 40% had organization-sanctioned tools. The studies show that employees are not waiting: they’re using personal or unsanctioned AI accounts for their work.

And this creates risk … [4 min. read]

When Passwords Are on the Dark Web

by
At times when Bryley has proposed its Dark Web Monitoring service to clients one thing that shows up for clients a lot is old passwords that haven’t been used in years.

On the surface that may feel like a relief, but that’s not the whole story.

That old password in the report comes associated with a company email address. If that address is active, criminals have the start of a dossier … [5 min. read]

2025: milestones met through collaboration

by
In 2025 Bryley increased its R&D spending and as a result bolstered clients’ AI-powered defenses, deploying products that do different and specific tasks, but with some overlap, an emerging part of a layered defense approach.

AI defenses work along the general premise that when an action occurs or data is accessed in an unexpected way, the action can be halted and a human investigator notified to learn if the action was benign or malicious. These tools are helpful as criminal attacks have been developed that can shape-shift to evade the standard means of detection … [7 min. read]

There’s maybe an AI for that

by
Before 1960, postal employees cancelled stamps strictly by hand. When commercial mail volumes exploded, the post office introduced automated cancelling. It was poorly received – replacing people and that sort of thing.

Recently the post office announced it’s changing the date-stamping part of its automation. It now makes more sense to the USPS to hand-stamp the few pieces that still need today’s date recorded on the mailpiece. Automation routines are not permanent – it only makes sense when the volume justifies the complexity.
You may have looked around your place of business and thought, ‘there must be waste in the routine and manual.’ Three years ago ChatGPT arrived with an influx of automating-promising AI tools. Because of the endlessness and variety of internet promises, it’s easy to not think strategically about what AI can realistically do for your organization … [4.5 min. read]

CMMC is now active

by
What defense contractors need to know about CMMC going live – As of November 10, the Department of Defense (DoD) activated the Cybersecurity Maturity Model Certification (CMMC) program. The US government’s contracting officers can now require CMMC certification as a condition for awarding new contracts.

Without CMMC certification, businesses will no longer be awarded contracts or be able to work with the DoD when CMMC is specified in a solicitation (there is a window of grace and some exceptions). Understanding when this applies and how to prepare is essential to establishing or maintaining a position in the defense market … [8 min. read]

It takes AI to beat AI

by
For anyone who’s wrestled with the right way to say a thing, AI chatbots come across like a magic trick. And while OpenAI tries to dazzle us with a new announcement, criminal organizations have been figuring out how these technologies can make their operations faster and more efficient.

But let’s take a detour back through the mists of time to 2018. Before commonplace chatbots and diffusion image generators, bad guys had unleashed morphing malware to evade antivirus and anti-malware programs. Polymorphic malware was programmed to shape-shift, followed by more advanced morphing types that could also recognize a system’s defensive software and use evasion strategies tailored to its findings.

These are the sorts of attacks (and others like fileless or hard-drive-avoiding malware and insider threats) that led to the development of AI or ML (Machine Learning) defenses … [7 min. read]