The preceding articles on security and vulnerability management mentioned that organizations treat the defense-in-depth approach as the preferred path to stronger security. They also engage in feedback from security researchers via programs like AI Red Teaming and Bug Bounty program to make a positive impact to their customers. AI safety and security are primary concerns for the emerging GenAI applications. The following section outlines some of the best practices that are merely advisory and not a mandate in any way.

As these GenAI applications become popular as productivity tools, the speed of AI releases and adoption acceleration must be matched with improvements to existing SecOps techniques. The security-first processes to detect and respond to AI risks and threats effectively include visibility, zero critical risks, democratization, and prevention techniques. Out of these the risks refer to data poisoning that alters training data to make predictions erroneous, model theft where proprietary AI models suffer from copyright infringement, adversarial attacks by crafting inputs that make model hallucinate, model inversion attacks by sending queries that cause data exfiltration and supply chain vulnerabilities for exploiting weaknesses in the supply chain.

The best practices leverage the new SecOps techniques and mitigate the risks with:

1.      Achieving full visibility by removing shadow AI which refers to both unauthorized and unaccounted for AI. AI bill-of-materials will help here as much as setting up relevant networking to ensure access for only allow-listed GenAI providers and software. Employees must also be trained with a security-first mindset.

2.      Protecting both the training and inference data by discovering and classifying the data according to its security criticality, encrypting data at rest and in transit, performing sanitizations or masking sensitive information, configuring data loss prevention policies, and generating a full purview of the data including origin and lineage.

3.      Securing access to GenAI models by setting up authentication and rate limiting for API usage, restricting access to model weights, and allowing only required users to kickstart model training and deployment pipelines.

4.      Using LLM-built-in guardrails such as content filtering to automatically removing or flagging inappropriate or harmful content, abuse detection mechanisms to uncover and mitigate general model misuse, and temperature settings to change AI output randomness to the desired predictability.

5.      Detecting and removing AI risks and attack paths by continuously scanning for and identifying vulnerabilities in AI models, verifying all systems and components that have the most recent patches to close known vulnerabilities, scanning for malicious models, assessing for AI misconfigurations, effective permissions, network resources, exposed secrets, and sensitive data to detect attack paths, regularly auditing access controls to guarantee authorizations and least-privilege principles, and providing context around AI risks so that we can proactively remove attack paths to models via remediation guidance.

6.      Monitoring against anomalies by using detection and analytics at both input and output, detecting suspicious behavior in pipelines, keeping track of unexpected spikes in latency and other system metrics, and supporting regular security audits and assessments.

7.      Setting up incident response by including processes for isolation, backup, traffic control, and rollback, integrating with SecOps tools, and availability of an AI focused incident response plan.

In this way, existing SecOps practices that leverage well-known STRIDE threat modeling and Assets, Activity Matrix and Actions chart with enhancements and techniques specific to GenAI.

References:

Across Industry

Row-level security

Metrics

 

 This is a summary of the book titled “Your AI Survival Guide” written by Sal Rashidi and published by Wiley in 2024. Sal argues that organizations cannot afford to be Laggards and Late majority sections of people adopting AI even if they are non-technical because that is here to stay and unless they want to be eliminated in business. So, the only choices are the Early Majority who adopt technology once it has demonstrated its advantages, early adopters who are more on the forefront, and innovators who pioneer the use of AI in their respective fields. Each group plays a crucial role in the adoption of lifecycle of technology which usually spans the duration until something better replaces it, so there is no wrong pick, but the author’s book lays out everything that helps you uncover your “why” to building your team and making your AI responsible. With applications already ranging from agriculture to HR, the time to be proactive is Now. His playbook involves assessing which AI strategy fits you and your team, selecting relevant use cases, planning how to launch your AI project, choosing the right tools and partners to go live, ensuring the team is gritty, ambitious, and resilient and incorporating human oversight onto AI decision making.

To successfully implement AI within a company, it is essential to balance established protocols with the need to adapt to changing times. To achieve this, consider the reasons for deploying AI, develop an AI strategy, and start small and scale quickly. Choose a qualified AI consultant or development firm that fits your budget and goals. Set a realistic pace for your project. Conduct an AI readiness assessment to determine the best AI strategy for your company. Score yourself on various categories, such as market strategy, business understanding, workforce acumen, company culture, role of technology, and data availability.

Select relevant use cases that align with your chosen AI strategy and measure the criticality and complexity of each use case. For criticality, measure how the use case will affect sales, growth, operations, culture, public perception, and deployment challenges. For complexity, measure how the use case will affect resources for other projects, change management, and ownership. Plan how to launch your AI project well to ensure success and adaptability.

To launch an AI project successfully, outline your vision, business value, and key performance indicators (KPIs). Prioritize project management by defining roles, deliverables, and tracking progress. Align goals, methods, and expectations, and establish performance benchmarks. Outline a plan for post-launch support, including ongoing maintenance, enterprise integration, and security measures. Establish a risk mitigation process for handling unintended consequences. Choose the right AI tool according to your needs and expertise, ranging from low-cost to high-cost, requiring technical expertise. Research options, assess risks and rewards, and collaborate with experts to create standard operating procedures. Ensure your team is gritty, ambitious, and resilient by familiarizing yourself with AI archetypes. To integrate AI successfully, focus on change management, create a manifesto, align company leadership, plan transitions, communicate changes regularly, celebrate small wins, emphasize iteration over perfection, and monitor progress through monthly retrospectives.

AI projects require human oversight to ensure ethical, transparent, and trustworthy systems. Principles for responsible AI include transparency, accountability, fairness, privacy, inclusiveness, and diversity. AI is expected to transform various sectors, generating $9.5 to $15.4 trillion annually. Legal professionals can use AI to review contracts, HR benefits from AI-powered chatbots, and sales teams can leverage AI for automated follow-up emails and personalized pitches. AI will drive trends and raise new challenges for businesses, such as automating complex tasks, scaling personalized marketing, and disrupting management consulting. However, AI opportunities come with risks such as cyber threats, privacy and bias concerns, and a growing skills gap. To seize AI opportunities while mitigating risks, businesses must learn how AI applies to their industry, assess their capabilities, identify high-potential use cases, build a capable team, create a change management plan, and keep a human in the loop to catch errors and address ethical issues.

 
ETA at waypoints using time-series algorithms:

Problem statement: Given the NURBS method for trajectory generation for UAV swarms as described in previous article, the UAV trajectory was independent of in-flight parameters and both the position and velocity profile of planned trajectory could be obtained using the global locations and expected time of arrival at the waypoints. While a single drone can adhere to the planned trajectory, the internal dynamics of the UAV swarm and their effect on the ETA are harder to quantify. A closer tracking of the ETA at waypoints and trajectory deviations is needed for the UAV swarm.

   

Solution:

Consider a closed loop trajectory of UAV swarm. The effects of UAV swarm dynamics are easier to observe along waypoints in the loop because the NURBS trajectory assumes a constant velocity profile. Uncertainty in external variables such as unmodeled wind-field or uncertainty from internal friction between the drone units, can lead to different arrival times. Uncertainty affecting cruise velocity can be modeled using Gaussian independent random variables with covariance but a time-series algorithm does not need any attributes other than the historical collection of ETAs at the waypoints to be able to predict the next ETA. It only looks at scalar value regardless of the type or factors playing into the arrival time of the swarm while weights can be used to normalize the irregularity of distances between waypoints on the trajectory between start to finish. The historical data is utilized to predict an estimation on the arrival time as if the arrival were a scatter plot along the timeline. Unlike other data mining algorithms that involve additional attributes of the event, this approach uses a single auto-regressive method on the continuous data to make a short-term prediction. The regression is automatically trained as the data accrues so there is no need to parameterize or quantify uncertainties. 

Central to the step of fitting the linear regression, is the notion of covariance stationarity which suggests: 

·        The mean is not dependent on t 

·        The standard deviation is not dependent on t 

·        The covariance (Yt, Yt-j) exists and is finite and does not depend on t 

·        This last factor is called jth order autocovariance 

·        The jth order autocorrelation is described as autocovariance divided by the square of standard deviation 

 

The autocovariance measures the direction of the linear dependence between Yt and Yt-j. 
while the autocorrelation measures both the direction and the strength of the linear dependence between the Yt and Yt-j. 
An autoregressive process is defined as one in which the time dependence in the process decays to zero as the random variables in the process get farther and farther apart. It has the following properties: 
E(Yt) = mean 
Var(Yt) = sigma squared 
Cov(Yt, Yt-1) = sigma squared . phi 
Cor(Yt, Yt-1) = phi 

To fit the linear regression for a restricted data set, we determine the values of the random variable from the length p transformations of the time series data set. 

For a given time-series data set, a corresponding nine data sets for length p transformations are created. The p varies from zero to eight for the nine data sets. Each of these transformed datasets is centered and standardized before modeling; that is for each variable we subtract the mean value and divide by the standard deviation. Then we divided the data set into a training set used as input to the learning method and a holdout set to evaluate the model. The holdout set contains the cases corresponding to the last five observations in the sequence. 

 Waypoint Selection

A previous article1 introduced waypoints and trajectory smoothing for UAV swarms. This section focuses on waypoint selection.

The fight path management we propose is about the example of flying a fleet of drones around skyscrapers. The sample space can be considered a grid that must be navigated from one end to another and all intermediary spaces can be thought of as waypoints to occupy on the way to the other end and allowing the fleet to organize themselves around these intermediary points. By treating sub grids within grids as potential candidates to select from, a path can be forged with a sequence of sub grids to forge to the other end and the fleet organizes itself around each sub grid. The sub grids are pre-determined, invariant and uniform in size in each epoch.

Searching for the optimum intermediary point for the flight of the drones translates to the selection of waypoints by way of centroids of the sub grids. Each viable waypoint acts as a vector for various features such as potential gain towards eventual destination, safety, signal strength and wind effects. All information about adjacencies of sub grids as viable paths is known beforehand. Treating sub grids as nodes in a graph, and using depth first traversal for topological sort, it is possible to discover paths between start to finish. The approach outlined here uses a gradient descent method to determine the local optima given the waypoints as vectors. A quadratic form representing the waypoints as vectors is assumed to denote their initial matrix.

The solution to the quadratic form representing the embeddings is found by arriving at the minima represented by Ax = b using conjugate gradient method.     

We are given input matrix A, b, a starting value x, a number of iterations i-max and an error tolerance epsilon < 1     

This method proceeds this way:      

set I to 0      

set residual to b - Ax      

set search-direction to residual.     

And delta-new to the dot-product of residual-transposed.residual.     

Initialize delta-0 to delta-new     

while I < I-max and delta > epsilon^2 delta-0 do:      

    q = dot-product(A, search-direction)     

    alpha = delta-new / (search-direction-transposed. q)      

    x = x + alpha.search-direction     

    If I is divisible by 50      

        r = b - Ax      

    else      

        r = r - alpha.q      

    delta-old = delta-new     

    delta-new = dot-product(residual-transposed,residual)     

     Beta = delta-new/delta-old     

     Search-direction = residual + Beta. Search-direction     

     I = I + 1      

The Jacobi iteration gives eigen values and eigen vectors.

 Monitoring, Telemetry and Observability are important aspects of infrastructure. The public cloud becomes the gold standard in demonstrating both active and passive monitoring. With a vast landscape of platforms, products, services, solutions, frameworks and dynamic clouds, modern IT infrastructure has enormous complexity to overcome to set up monitoring. Yet, they are seldom explained. In this article, we list five such challenges.

The first is the most obvious by nature of a diverse landscape and this is complexity. Contemporary environments for many teams and organizations are dynamic, complex, ephemeral and distributed. Tools for monitoring must keep up with these. To set up monitoring for a big picture that spans hybrid stacks and environments, one must grapple with disconnected data, alerts and reports and engage in continuously updating tagging schemas to maintain context. So, the solution to addressing complexity, unified observability and security with automated contextualization is a key solution. A comprehensive solution can indeed monitor containers, hosting frameworks like Kubernetes, and cloud resources. Topology and dependency mapping enable this flexible and streamlined observability.

The second challenge is the sprawl of tools and technologies for monitoring that are often also disconnected. Do-it-yourself and open-source solutions for monitoring were partly to blame for this. Leveraging built-in solutions from the cloud eases the overall efficiency and effort involved. This challenge has often resulted in a patchwork view, blind spots and duplicated efforts and redundant monitoring. This implies that a solution would comprise of a single, integrated full-stack platform that reduces licensing costs, increases visibility to support compliance, and empowers proactive issue remediation and robust security.

The third challenge is the sheer size of MELT (Metrics, Logs and Traces) data. With the ever-increasing volume, variety and velocity of data generated, IT Teams are tasked with finding ways to ingest, store, analyze and interpret the information often grappling with numerous and disconnected ways to do each. This results in critical issue being buried under a ton of data or overlooked due to unavailability or inadequate context which results in delayed decision making and potential for errors whose cost and impact to business are both huge and indeterministic. The right modern monitoring tool acts as a single source of truth, enriching data with context and not shying away from using AI to reason vast volumes of data. It would also have sufficient processing to emit only quality alerts and reduce triage efforts.

The fourth challenge is troubleshooting and time to resolution because teams suffering from glitches and outages do not have the luxury to root cause incidents as they must struggle to restore operations and business. As users struggle with frustrations, poor experiences, insufficient information, and the risks of not meeting Service Level Agreements, there is decreased productivity, low team morale and difficulty in retaining the most valuable employees in addition to fines that can be incurred from missed SLAs. A true monitoring solution will come with programmability features that can make triaging and resolving easier. AI can also be used to find patterns and anomalies so that there can be some proactive measures on approaching thresholds rather than being reactive after incidents.

The fifth challenge is the areas of the technological landscape that either do not participate in monitoring or do so insufficiently. In fact, data breaches and hacks that can result from incomplete monitoring have devastating financial consequences, fines and legal fees besides damaged market reputation that erodes stakeholders’ and customers’ trust. A single-entry point for comprehensive monitoring across entire infrastructure is a favored solution to meet this challenge. By visualizing the dependencies and relationships among application components and providing real-time, end-to-end observability with no manual configuration, gaps, or blind spots, a monitoring solution renders a complete picture.

Reference: Previous articles.

#Codingexercise: https://1drv.ms/w/c/d609fb70e39b65c8/Echlm-Nw-wkggNYXMwEAAAABrVDdrKy8p5xOR2KWZOh3Yw?e=hNUMeP

 This is a summary of the book titled “The Equality Machine: harnessing digital technology for a brighter, more inclusive future” written by Orly Lobel and published by Public Affairs in 2022. The author proposes “An Equality Machine” in his drive to use the common grounds of humanity to bridge two disparate and often at opposite ends of the spectrum of people impacted by technology: 1. those who fear new technologies due to their potential to exacerbate existing inequities and 2. those who envision a technological utopia without anticipating risks. The goal of this proposal is to create a better future in which humanity uses “technology for good”. It’s common knowledge that advances in technology such as artificial intelligence and chatbots are recognized both for their potential to empower as well as their drawbacks in meeting equity and fairness. Careful auditing can help algorithms from displaying the same bias as humans do. Making the data more transparent helps to value the labor involved. Feminizing agents and chatbots can normalize existing inequities. New technologies also help to discover gaps in representation and protect people from crime and disease. With their interactions to these technologies, humans are cognizant of their shift in interactions with others and with bots. Makers of chatbots and new technological inventions can explore assumptions that disrupt stereotypes.

The rise of intelligent machines has prompted a need for upholding values of equity and fairness. Technological change has been polarized, with insiders focusing on disruption and embracing new technologies, while outsiders, such as people of color, women, and those from rural areas, worry about exclusion and inequities. To improve machine fairness, humanity must strike a balance between naive optimism and fearful pessimism. Machine learning algorithms can often ascertain identity markers from other data, but this does not address the root causes of inequities. To prevent algorithmic models from reflecting human biases, organizations must be proactive about auditing the output of their AI models as well as their data inputs. Human resources can run hypothetical job candidates through their AI models to test for biases and choose more inclusive data sets. AI decision-making can offer advantages, such as easier dissecting and correcting machine bias than flawed human decision-making. Additionally, predictive algorithmic models can help companies screen a larger pool of applicants for more nuanced qualities, such as high performance and long-term retention. It would be prudent to strike a balance between machine screening and human review.

Technology can help stakeholders work towards a future of financial equity by enabling access to vast amounts of data, identifying and correcting disparities, and reducing biases. Research shows that algorithms created to reduce bias in the fintech industry were 40% less discriminatory than humans. Research also shows that companies are more likely to penalize women for initiating salary negotiations even though men might be praised for assertiveness. AI and societal shifts towards greater data transparency are empowering workers with a better understanding of their labor market value. Some governments have passed legislation banning employers from asking prospective employees to disclose their past salaries. New digital resources, such as Payscale, are bringing greater transparency to the salary negotiation process. Feminizing AI assistants and chatbots can normalize existing inequities, but companies must reflect on the preference to depict subservient robots as female. This reinforces gender as a binary construct and promotes outmoded views of women's roles in society.

Researchers are using new technologies to detect patterns in representation gaps and address systemic inequities. Natural language processing (NLP) methods are being used to analyze large amounts of information, revealing unequal power dynamics and opportunities. AI can be used to assess whether people with different identity markers are getting equitable representation in media forms. Machine learning and AI analytics can help detect gaps in representation and biases in various media industries and inspire more empowering narratives. Technology can also help protect people from harmful influences by enabling organizations to share data and develop data hubs. AI and health data can also help stakeholders accelerate drug discovery and collaborate to prevent the global spread of viruses. However, democratizing AI use in medical research contexts is crucial to ensure improved health outcomes for everyone, not just the rich.

Algorithms and embodied robots are transforming human connection and social bonds. Algorithmic biases can exacerbate existing class, racial, and social divides, while the growing prevalence of robots with sexual capacities is transforming intimacy and emotional connection. Some argue that framing robots solely as AI-empowered sex dolls is oversimplification, while others worry about the potential for violence against women.

Roboticists can challenge stereotypes by creating robots that challenge assumptions. Embodied robots can support humans in various functions, such as care labor, reception work, and space exploration. However, some critics worry about privacy risks, consent, and misuse of data.

Robots can surprise those they interact with by disrupting expectations. NASA uses feminine-looking robots like Valkyrie to support in-space exploration, while masculine-looking robots like Tank act as "roboceptionists." These robots demonstrate the choice roboticists face when designing robots that cater to existing biases or inspire imaginative new possibilities.

 This is a summary of the book titled “Future Ready: Your organization’s guide to rethinking climate, resilience and sustainability” written by Alastair MacGregor and Tom Lewis and published by Wiley in 2023. This book is about integrating sustainability and resilience into infrastructure and building projects. They introduce climate science for practitioners and decision makers who grapple with evolving environmental challenges. They recognize the target audience of the book are already aware they need to make changes. Those in the construction industry can support sustainability by adopting innovative technologies and sustainable materials. Those in transportation must prioritize decarbonization. Infrastructure designers must meet urbanization challenges. The authors recommend that they are best served by putting systems for measuring, say emissions, setting targets and implementing strategies to meet those targets. Achieving net zero will involve integrating technologies and understanding carbon markets. Leaders can generate support for these activities. Nature-based solutions provide a holistic and cost-effective approach to addressing challenges of sustainability and resilience.

Climate change has highlighted the need for infrastructure designers and urban planners to incorporate sustainability and resilience in their decision-making. The aftermath of Superstorm Sandy exposed vulnerabilities in current systems, prompting policymakers, urban planners, and industry professionals to shift their approaches to risk management and sustainability. The Future Ready framework, developed by WSP, consists of four lenses for considering decisions: climate, society, technology, and resources. The construction industry can support sustainability by adopting innovative technologies and sustainable materials. Buildings contribute nearly 50% of global greenhouse gas emissions and consume significant natural resources. Decision-makers must rethink building practices, focusing on sustainability, resilience, and long-term value. Innovative projects integrating modern technologies and sustainable materials, such as LEED and BREEAM, can provide potential paths forward.

Transportation innovations have advanced global trade and daily life, but they also contribute to 27% of US GHG emissions, exacerbating climate change and increasing infrastructure risks. To build a resilient, sustainable, and equitable future, decision-makers must prioritize decarbonization. The adoption of electric vehicles and hydrogen fuel cell vehicles will play a crucial role in reducing emissions, but adoption rates and charging infrastructure currently fall short of climate targets. Infrastructure designers are embracing innovations to meet climate and urbanization challenges, such as clean water infrastructure, green infrastructure, electrification, green hydrogen, and high-voltage direct current networks. Leaders in urban areas can enhance resilience with technological innovations, community-based solutions, and sustainable development. Cities contribute significantly to global GHG emissions and face high climate risks due to their dense populations, so they must adopt comprehensive, integrated approaches to climate resilience that address both mitigation and adaptation. Community-based solutions are essential in resilience efforts, as demonstrated by Staten Island's Living Breakwaters project.

Organizations must establish systems for measuring emissions, set targets, and implement strategies to achieve net-zero emissions. This involves accurately measuring GHG emissions, setting science-based targets, and implementing comprehensive strategies. Scientists set a deadline of 2050 to achieve net-zero emissions, but sooner it is better. Tools like wedge diagrams, gap analyses, backcasting, and life cycle assessment can help manage pathways to net zero. Integrating technologies and understanding carbon markets is crucial for achieving net-zero goals. Energy efficiency measures, industry-specific technologies, and carbon removal offsets can help reduce emissions. Carbon markets use compliance-based and voluntary schemes to encourage reductions of emissions and investments in renewables. Assessment systems and standardized reporting frameworks are necessary to manage climate-related risks. Scenario analysis tools like the American Society of Civil Engineers' Future World Vision can help decision-makers visualize potential climate risks and develop adaptive strategies. Innovation must continue to reach global net-zero targets.

Leaders can support climate-related initiatives by achieving early successes, educating stakeholders, and fostering engagement. They should focus on measurable strategies and address issues such as employee retention and regulatory uncertainties. External engagement is crucial for public sector organizations, involving diverse stakeholders. Nature-based solutions (NbS) offer a cost-effective, adaptive, and sustainable approach to environmental challenges, enhancing infrastructure resilience and community well-being. Examples include the restoration of oyster reefs in Florida, which serve as natural barriers against storm waves, protect infrastructure, and improve water quality. Community engagement is essential for tailoring solutions to local needs and addressing climate challenges.

#Codingexercise: https://1drv.ms/w/c/d609fb70e39b65c8/EVdE3xARiidMgiSKPiX554EBVSwvZ0dDxvVyIzK5X2k7gA?e=c7iNMK