Risk¶

July 13, 2025
in Security, Risk, AI
1 min read

Agentic AI Threat Vector

It is critical leaders understand Agentic GenAI that can connect to external systems has the same capabilities as malware for data exfiltration.

While malware takes action intentionally, GenAI is still a threat vector because GenAI systems are prone to prompt injection, context poisoning, and hallucinations.

Sandboxing GenAI systems is rarely practical because models will be running on someone else’s systems, and Agents must connect to systems to take actions.

While you should try to limit prompt injection, mitigate context poisoning, and keep a human in the loop for important decisions … your main control on data exfiltration is to limit what GenAI agents can access.

Simon Willison has a great read on this topic.

April 13, 2025
in Risk
1 min read

Neglected Systems

It’s tempting to view Mainframe, distributed, and cloud systems as a linear progression from old to new. But in reality, systems are bundles of trade-offs. Every platform, no matter how popular, comes with both strengths and weaknesses.

You can choose one platform or follow a hybrid strategy, but the one thing you can’t do is stop investing in the platforms you rely on.

March 22, 2025
in Risk
1 min read

Willing to Fail

Being willing to fail is different from being reckless, and being careful doesn’t mean avoiding risk. Yet, too often, we treat risk as a binary choice: go all in or play it safe.

The truth? Smart risk-taking lies in the middle.

December 2, 2023
in Legislation, Security, Risk
1 min read

New York Cybersecurity Regulation

If you do business within New York State, regulators have introduced changes to cybersecurity regulations for financial services companies.

Both Bloomberg and The Wall Street Journal have summaries, but Bloomberg’s article links to the revised regulations.

Bloomberg

Wall Street Journal

September 9, 2023
in AI, Risk
1 min read

AI Indemnification

Microsoft has agreed to indemnify users of its Copilot service from copyright claims with its new "Copilot Copyright Commitment." This development may ease decision-makers' minds on potential copyright claims stemming from using the service.

August 6, 2023
in Risk, Security
1 min read

Reputation Risk

Wired recently published a piece on API vulnerabilities in the Points platform used by many hotels, airlines, and banks. One of the researchers pointed out the vulnerabilities would have had “a cascading effect to every company utilizing their loyalty backend”.

“It takes a lifetime to build a good reputation, but you can lose it in a minute.” ~ Will Rogers