Leaving the key under the doormat? SSO can fix that

At the very least the current AI-dominated climate has made attacks more relentless and deceptive.

That means the fundamentals of security need to be in order. If your employees have questionable password practices like easy-to-guess passwords or passwords being reused or if they change passwords just the bare minimum, or are using vulnerable SMS texts as the second security factor, you should consider Bryley’s Single Sign-On (SSO) offering that’s been showing high-adoption because it’s easy to use with a simple interface … [5 min. read]

Life saver on the ocean as an analogy for surviving data volume

“Even increased efficiency can create new problems”

AI goes fast. And because of this it amplifies the challenges to data security. For one example I saw on the way to posting this interview: in a joint Boston-area-school study of the recent surge in OpenClaw – an autonomous agent intended to take over a machine and work on behalf of the machine’s owner – the variety of security troubles the agent got in surprised even the researchers who were anticipating some problems.

And this brings us to the fundamentals, that brings us to my talk with Masters Academy International (Stow, Mass) data analyst and Bryant University adjunct professor Brian Degon. Previously Brian spent twenty-three years as a data and process analyst for WPI in Worcester, Mass … [5 min. read]

Remote monitoring of a system that integrates AI

An Uptime Mindset Gives You A Better Way to Think About AI

It has been shown that AI models in real-world contexts do not always perform as expected [based on pre-deployment] testing environments. Post deployment issues include … hallucination, sycophantic behavior, security exploits, and false claims … models have been found to detect when they are being evaluated … the variability introduced by AI models, coupled with the many system components … and user interactions, forms a large attack surface –NIST, Trustworthy and Responsible AI

This month the National Institute of Standards and Technology (NIST) issued a report about the challenges of post-deployment testing of AI systems in organizations. Real-world testing has been a standard practice of any tech installation. But AI tools present new challenges.

The report confirms areas of concern NIST raised in its 2023 publications, but with M365 Copilot and other newly mainstream business-use AI, the attack surface has grown … [6 min. read]

The Invisible Infrastructure Report

Download Bryley’s report, The Cost of Outsourced IT. It’s available to download with no obligation. The report presents a look at:

Outsourced IT costs depend on your business size, industry requirements, current infrastructure, and growth plans.

For instance what works for a regulated business might be overkill for a startup, while a low price may mean unwanted gaps in protection … [6 min. read]

Putting a phone in one's pants pocket

BYOAI?

McKinsey’s 2025 report “Superagency in the Workplace” shows that employers are aware of only one-third of their employees’ AI agent use. And MIT last year showed 90% of workers used AI for their work and only 40% had organization-sanctioned tools. The studies show that employees are not waiting: they’re using personal or unsanctioned AI accounts for their work.

And this creates risk … [4 min. read]

an owl

When Passwords Are on the Dark Web

At times when Bryley has proposed its Dark Web Monitoring service to clients one thing that shows up for clients a lot is old passwords that haven’t been used in years.

On the surface that may feel like a relief, but that’s not the whole story.

That old password in the report comes associated with a company email address. If that address is active, criminals have the start of a dossier … [5 min. read]

Park near UConn

2025: milestones met through collaboration

In 2025 Bryley increased its R&D spending and as a result bolstered clients’ AI-powered defenses, deploying products that do different and specific tasks, but with some overlap, an emerging part of a layered defense approach.

AI defenses work along the general premise that when an action occurs or data is accessed in an unexpected way, the action can be halted and a human investigator notified to learn if the action was benign or malicious. These tools are helpful as criminal attacks have been developed that can shape-shift to evade the standard means of detection … [7 min. read]

There’s maybe an AI for that

Before 1960, postal employees cancelled stamps strictly by hand. When commercial mail volumes exploded, the post office introduced automated cancelling. It was poorly received – replacing people and that sort of thing.

Recently the post office announced it’s changing the date-stamping part of its automation. It now makes more sense to the USPS to hand-stamp the few pieces that still need today’s date recorded on the mailpiece. Automation routines are not permanent – it only makes sense when the volume justifies the complexity.
You may have looked around your place of business and thought, ‘there must be waste in the routine and manual.’ Three years ago ChatGPT arrived with an influx of automating-promising AI tools. Because of the endlessness and variety of internet promises, it’s easy to not think strategically about what AI can realistically do for your organization … [4.5 min. read]

CMMC is now active

What defense contractors need to know about CMMC going live – As of November 10, the Department of Defense (DoD) activated the Cybersecurity Maturity Model Certification (CMMC) program. The US government’s contracting officers can now require CMMC certification as a condition for awarding new contracts.

Without CMMC certification, businesses will no longer be awarded contracts or be able to work with the DoD when CMMC is specified in a solicitation (there is a window of grace and some exceptions). Understanding when this applies and how to prepare is essential to establishing or maintaining a position in the defense market … [8 min. read]

It takes AI to beat AI

For anyone who’s wrestled with the right way to say a thing, AI chatbots come across like a magic trick. And while OpenAI tries to dazzle us with a new announcement, criminal organizations have been figuring out how these technologies can make their operations faster and more efficient.

But let’s take a detour back through the mists of time to 2018. Before commonplace chatbots and diffusion image generators, bad guys had unleashed morphing malware to evade antivirus and anti-malware programs. Polymorphic malware was programmed to shape-shift, followed by more advanced morphing types that could also recognize a system’s defensive software and use evasion strategies tailored to its findings.

These are the sorts of attacks (and others like fileless or hard-drive-avoiding malware and insider threats) that led to the development of AI or ML (Machine Learning) defenses … [7 min. read]