AI

Laughing Horse

It’s An AI World, We Just Live In It

I’m an IT and Security professional. I’ve spent my career helping organizations protect their data, manage their risk, and make sensible decisions about the technology they adopt. I have also, in that same career, watched AI do things that genuinely impressed me — and watched it create problems that genuinely alarmed me.

Sometimes on the same afternoon.

I am not anti-AI. I want to be clear about that, because this blog covers a lot of AI risk and it would be easy to read that as opposition. It isn’t. What I am is someone who has sat on both sides of the table — the side trying to harness AI’s capabilities and the side trying to prevent those capabilities from becoming a liability — and I’ve found that both sides have a point.

It’s An AI World, We Just Live In It Read Post »

private business meeting scene

The Conference Room With a Window

When people say a platform is “encrypted,” they almost always mean transport encryption — data is scrambled while it travels between your device and the platform’s servers. Think of it like a sealed envelope moving through the postal system. The contents are protected in transit. But the post office can still open it.

End-to-end encryption (E2EE) is different. With true E2EE, only the participants hold the keys. The platform itself cannot decrypt the content of your call. Think of it as a conversation in a language only you and the other person speak.

The major platforms — Zoom, Microsoft Teams, Google Meet — all offer E2EE now. But “offer” is doing a lot of work in that sentence. It is almost universally not the default. Teams E2EE only covers one-on-one calls — not group meetings. On Zoom, enabling E2EE turns off cloud recording and phone dial-in. Most organizations haven’t enabled it at all.

The Conference Room With a Window Read Post »

alohasara a 3d animated sea captain looking confused as he fi 006a4eea 8e7e 4d30 9be6 22b3c022f221 0

You Enabled What? The 30-Minute AI Audit Your Business Should Do This Week

If you read my last post about the Workday lawsuit, you probably had one of two reactions.

The first reaction: “Interesting case. Glad that’s not us.”

The second reaction: “Wait. What’s actually running in our stack?”

If you had the first reaction, I’d gently encourage you to read it again. If you had the second — good. That instinct is exactly right, and this post is for you.

The uncomfortable truth is that most small and mid-sized businesses have AI features active in their software that nobody deliberately approved. Not because anyone did anything wrong. Because these features are being added quietly, bundled into updates, tucked behind toggles in admin screens that nobody checks between quarterly reviews.

You Enabled What? The 30-Minute AI Audit Your Business Should Do This Week Read Post »

comical 3d animal pressing red button

Someone Clicked a Button. Now There’s a Lawsuit.

Somewhere in 2022 and 2023, Derek Mobley was doing what a lot of people do when they’re job hunting: applying. A lot. Over 100 applications, by his account, sent to companies that all had one thing in common — they used Workday to manage hiring.

He didn’t get the jobs. What he alleges is that he didn’t get them in part because an AI system was evaluating his applications and filtering him out — based, he claims, on his race, age, and disability status.

What happened next is where it gets interesting for anyone in IT or Security.

He didn’t just sue the companies that rejected him. He sued Workday.

Someone Clicked a Button. Now There’s a Lawsuit. Read Post »

Scroll to Top