AI a Security Risk? No Way or Is It No WAI?
September 11, 2025
Am I the only one who realizes that AI is a security problem? Okay, I’m not but organizations certainly aren’t taking AI security breaches says Venture Beat in the article, “Shadow AI Adds $670K To Breach Costs While 97% Of Enterprises Skip Basic Access Controls, IBM Reports.” IBM collected information with the Ponemon Institute (does anyone else read that as Pokémon Institute?) about data breaches related to AI. IBM and the Ponemon Institute held 3470 interviews with 600 organizations that had data breaches.
Shadow AI is the unauthorized use of AI tools and applications. IBM shared how shadow AI affects organizations in the Cost of a Data Breach Report. Unauthorized usage of AI tools cost organizations $4.63 million and that is 16% more than the $4.44 million global average. YIKES! Another frightening statistic is that 97% of the organizations lacked proper AI access controls. Only 13% had AI-security related breaches compared to 8% who were unaware if AI comprised their systems
Bad actors are using supply chains as their primary attack and AI allows them to automate tasks to blend in with regular traffic. If you want to stay awake at night here are some more numbers:
“A majority of breached organizations (63%) either don’t have an AI governance policy or are still developing one. Even when they have a policy, less than half have an approval process for AI deployments, and 62% lack proper access controls on AI systems.”
An expert said this about the issue:
This pattern of delayed response to known vulnerabilities extends beyond AI governance to fundamental security practices. Chris Goettl, VP Product Management for Endpoint Security at Ivanti, emphasizes the shift in perspective: ‘What we currently call ‘patch management’ should more aptly be named exposure management—or how long is your organization willing to be exposed to a specific vulnerability?’”
Organizations that are aware of AI breaches and have security plans in place save more money.
It pays to be prepared and cheaper too!
Whitney Grace, September 11, 2025
Microsoft: The Secure Discount King
September 10, 2025
Just a dinobaby sharing observations. No AI involved. My apologies to those who rely on it for their wisdom, knowledge, and insights.
Let’s assume that this story in The Register is dead accurate. Let’s forget that Google slapped the $0.47 smart software price tag on its Gemini smart software. Now let’s look at the interesting information in “Microsoft Rewarded for Security Failures with Another US Government Contract.” Snappy title. But check out the sub-title for the article: “Free Copilot for Any Agency Who Actually Wants It.”
I did not know that a US government agency was human signaled by the “who.” But let’s push forward.
The article states:
The General Services Administration (GSA) announced its new deal with Microsoft on Tuesday, describing it as a “strategic partnership” that could save the federal government as much as $3.1 billion over the next year. The GSA didn’t mention specific discount terms, but it said that services, including Microsoft 365, Azure cloud services, Dynamics 365, Entra ID Governance, and Microsoft Sentinel, will be cheaper than ever for feds. That, and Microsoft’s next-gen Clippy, also known as Copilot, is free to access for any agency with a G5 contract as part of the new deal, too. That free price undercuts Google’s previously cheapest-in-show deal to inject Gemini into government agencies for just $0.47 for a year.
Will anyone formulate the hypothesis that Microsoft and Google are providing deep discounts to get government deals and the every-popular scope changes, engineering services, and specialized consulting fees?
I would not.
I quite like comparing Microsoft’s increasingly difficult to explain OpenAI, acqui-hire, and home-grown smart software as Clippy. I think that the more apt comparison is the outstanding Microsoft Bob solution to interface complexity.
The article explains that Oracle landed contracts with a discount, then Google, and now Microsoft. What about the smaller firms? Yeah, there are standard procurement guidelines for those outfits. Follow the rules and stop suggesting that giant companies are discounting there way into the US government.
What happens if these solutions hallucinate, do not deliver what an Inspector General, an Independent Verification & Validation team, or the General Accounting Office expects? Here’s the answer:
With the exception of AWS, all the other OneGov deals that have been announced so far have a very short shelf life, with most expirations at the end of 2026. Critics of the OneGov program have raised concerns that OneGov deals have set government agencies up for a new era of vendor lock-in not seen since the early cloud days, where one-year discounts leave agencies dependent on services that could suddenly become considerably more expensive by the end of next year.
The write up quotes one smaller outfit’s senior manager’s concern about low prices. But the deals are done, and the work on the 2026-2027 statements of work has begun, folks. Small outfits often lack the luxury of staff dedicated to extending a service provider’s engagement into a year or two renewal target.
The write up concludes by bringing up ancient history like those pop archaeologists on YouTube who explain that ancient technology created urns with handles. The write up says:
It was mere days ago that we reported on the Pentagon’s decision to formally bar Microsoft from using China-based engineers to support sensitive cloud services deployed by the Defense Department, a practice Defense Secretary Pete Hegseth called “mind-blowing” in a statement last week. Then there was last year’s episodes that allowed Chinese and Russian cyber spies to break into Exchange accounts used by high-level federal officials and steal a whole bunch of emails and other information. That incident, and plenty more before it, led former senior White House cyber policy director AJ Grotto to conclude that Microsoft was an honest-to-goodness national security threat. None of that has mattered much, as the feds seem content to continue paying Microsoft for its services, despite wagging their finger at Redmond for “avoidable errors.”
Ancient history or aliens? I don’t know. But Microsoft does deals, and it is tough to resist “free”.
Stephen E Arnold, September 10, 2025
Google Does Its Thing: Courts Vary in their Views of the Outfit
September 10, 2025
Just a dinobaby sharing observations. No AI involved. My apologies to those who rely on it for their wisdom, knowledge, and insights.
I am not sure I understand how the US legal system works or any other legal system works. A legal procedure headed by a somewhat critical judge has allowed the Google to keep on doing what it is doing: Selling ads, collecting personal data, and building walled gardens even if they encroach on a kiddie playground.
However, at the same time, the Google was found to be a bit too frisky in its elephantine approach to business.
The first example is that Google was found guilty of collecting user data when users disabled the data collection. The details of this gross misunderstanding of how the superior thinkers at Google interpreted assorted guidelines and user settings appear in “Jury Slams Google Over App Data Collection to Tune of $425 Million.” Now to me that sounds like a lot of money. To the Google, it is a cash flow issue which can be addressed by negotiation, slow administrative response, and consulting firm speak. The write up says:
Google attorney Benedict Hur of Cooley LLP told jurors Google “certainly thought” it had permission to access the data. He added that Google lets users know it will continue to collect certain types of data, even if they toggle off web activity.
Quite an argument.
The other write up with some news about Google behavior is “France Fines Google, Shein Record Sums over Cookie Law Violations.” I found this passage in the write up interesting:
France’s data protection watchdog CNIL on Wednesday fined Google €325 million ($380 million) and fast-fashion retailer Shein €150 million ($175 million) for violating cookie rules. The record penalties target two platforms with tens of millions of French users, marking among the heaviest sanctions the regulator has imposed.
Several observations are warranted:
- Google is manifesting behavior similar to the China-linked outfit Shein. Who is learning from whom?
- Some courts find Google problematic; other courts think that Google is just doing okay Googley things
- A showdown may occur from outside the United States if a nation state just gets fed up with Google doing exactly whatever it wants.
I wonder if anyone at Google is thinking about hassling the French judiciary in the remainder of 2025 and into 2026. If so, it may be instructive to recall how the French judiciary addressed a 13-year-old case of digital Toxic Epidermal Necrolysis. Pavel Durov was arrested, interrogated for four days, and must report to French authorities every couple of weeks. His legal matter is moving through a judicial system noted for its methodical and red-tape choked processes.
Fancy a nice dinner in Paris, Google?
Stephen E Arnold, September 10, 2025
Cloud Storage: Working Really Well Most of the Time
September 10, 2025
If true, cloud services are outstanding. does Microsoft’s Cloud and Azure behave like this?
We at Beyond Search love the cloud. You love the cloud. Everyone loves the cloud. Except when the cloud deletes your entire life’s work. That’s what happened to one unfortunate soul according to a Seuros blog post and shared via Windows Central: “AWS Data Crisis: Engineer Restores 10 Years of Work Thanks To A Compassionate Insider.”
The victim is known as Abdelkader Boudih (aka Seuros) and he saved a lot of developer tools on the AWS cloud so is desktop wouldn’t be crowded. Here a description of the situation:
“When AWS deleted my account, they didn’t just hurt me. They hurt every developer who uses my gems. Every student who could have learned from those tutorials. Every future contribution that won’t happen because my workflow is destroyed.”
Darn.
Boudih stated he had backups of his backups and followed all proper procedures but he didn’t expect AWS to be a problem. The scenario began with AWS asking Boudih for verification, but he didn’t see it until it was past expiation. He then had to send in a bill and a copy of his ID. AWS said the files were unreadable. His account then went bye-bye.
There’s a ninety day grace period before AWS deletes all data. He spoke with customer support and never received straight answers. He did receive emails asking him to rate AWS’s service and give them five stars. Brilliant!
Anyone else recognize the frustration?
Here’s the conspiracy theory:
“This is no doubt in response to Boudih’s claims that an AWS insider had reached out shortly after the Seuros blog post began circulating publicly.
The insider suggested that AWS MENA (the second acronym stands for Middle East and North Africa) was "running some kind of proof of concept on ‘dormant’ and ‘low-activity’ accounts." It wasn’t just Boudih’s account that was affected.
It gets technical from this point on, but it basically boils down to the assumption that an AWS developer typed the wrong command and ended up deleting accounts that were still very much in use, like Boudih’s.
There’s no real proof that any of this happened, but Boudih points to the slow progress and ineffective feedback from support as explanations for a potential cover-up.”
The lesson to be learned here is to never rely on third-party storage vendors. Doesn’t anyone use external hard drives anymore? Of course not, the cloud is just there. What worry?
Whitney Grace, September 10, 2025
Google Monopoly: A Circle Still Unbroken
September 9, 2025
Just a dinobaby sharing observations. No AI involved. My apologies to those who rely on it for their wisdom, knowledge, and insights.
I am no lawyer, and I am not sure how the legal journey will unfold for the Google. I assume Google is still a monopoly. Google, however, is not happy with the recent court decision that appears to be a light tap on Googzilla’s snout. The snow is not falling and no errant piece of space junk has collided with the Mountain View campus.
I did notice a post on the Google blog with a cute url. The words “outreach-initiatives” , “public policy,” and DOJ search decision speak volumes to me.
The post carries this Google title, well, a Googley command:
Read our statement on today’s decision in the case involving Google Search
Okay, snap to it. The write up instructs:
Competition is intense and people can easily choose the services they want. That’s why we disagree so strongly with the Court’s initial decision in August 2024 on liability.
Okay, not em dashes, so Gemini did not write the sentence, although it may contain some words rarely associated with Googley things. These are words like “easily choose”. Hey, I thought Google was a monopoly. The purpose of the construct is to take steps to narrow choice. The Chicago stockyards uses fences, guides, and designated killing areas. But the cows don’t have a choice. The path is followed and the hammer drops. Thonk.
The write up adds:
Now the Court has imposed limits on how we distribute Google services, and will require us to share Search data with rivals. We have concerns about how these requirements will impact our users and their privacy, and we’re reviewing the decision closely.
The logic is pure blue chip consultant with a headache. I like the use of the word “imposed”. Does Google impose on its users; for instance, irrelevant search results, filtered YouTube videos, or roll up of user generated information in Google services? Of course not, a Google user can easily choose which videos to view on YouTube. A person looking for information can easily choose to access Web content on another Web search system. Just use Bing, Ecosia, or Phind. I like “easily.”
What strikes me is the command language and the huffiness about the decision.
Wow, I love Google. Is it a monopoly? Definitely not Android or Chrome. Ads? I don’t know. Probably not.
Stephen E Arnold, September 9, 2025
First, Let Us Kill Relevance for Once and For All. Second, Just Use Google
September 9, 2025
Just a dinobaby sharing observations. No AI involved. My apologies to those who rely on it for their wisdom, knowledge, and insights.
In the long distant past, Danny Sullivan was a search engine optimization-oriented journalist. I think we was involved with an outfit called Search Engine Land. He gave talks and had an animated dinosaur as his cursor. I recall liking the dinosaur. On August 29, 2025, Search Engine Land published a story unthinkable years ago when Google was the one and only game in town.
The article “ChatGPT, AI Tools Gain Traction as Google Search Slips: Survey” says:
“AI tool use is accelerating in everyday search, with ChatGPT use nearly tripling while Google’s share slips, survey of US users finds.”
But Google just sold the US government at $0.47 per head the Gemini system. How can these procurement people have gone off track? The write up says:
Google’s role in everyday information seeking is shrinking, while AI tools – particularly ChatGPT – are quickly gaining ground. That’s according to a new Higher Visibility survey of 1,500 U.S. users.
And here’s another statement that caught my eye:
Search behavior is fractured, which means SEOs cannot rely on Google Search alone (though, to be clear, SEO for Google remains as critical as ever). Therefore, SEO/GEO strategies now must account for visibility across multiple AI platforms.
I wonder if relevant search results will return? Of course not, one must optimize content for the new world of multiple AI platforms.
A couple of questions:
- If AI is getting uptake, won’t that uptake help out Google too?
- Who are the “users” in the survey sample? Is the sample valid? Are the data reliable?
- Is the need for SEO an accurate statement? SEO helped destroy relevance in search results. Aren’t these folks satisfied with their achievement to date?
I think I know the answers to these questions. But I am content to just believe everything Search Engine Land says. I mean marketing SEO and eliminating relevance when seeking answers online is undergoing change. Change means many things. Some of these issues are beyond the ken of the big thinkers at Search Engine Land in my opinion. But that’s irrelevant and definitely not SEO.
Stephen E Arnold, September 10, 2025
Google and Its Reality Dictating Machine: What Is a Fact?
September 9, 2025
I’m not surprised by this. I don’t understand why anyone would be surprised by this story from Neoscope: “Doctors Horrified After Google’s Healthcare AI Makes Up A Body Part That Does Not Exist In Humans.” Healthcare professional are worried about their industry’s over the widespread use of AI tools. These tools are error prone and chock full of bugs. In other words, these bots are creating up facts and lies and making them seem convincing.
It’s called hallucinating.
A recent example of an AI error involves Google’s Med-Gemini and it took an entire year before anyone discovered it. The false information was published in a May 2024 research paper from Google that ironically discussed the promises of AI Med-Gemini analyzing brain scans. The AI “identified” the “old left basilar ganglia infarct” in the scans, but that doesn’t exist in the human body. Google never fixed its research paper.
Hallucinations are dangerous in humans but they’re much worse in AI because they won’t be confined to a single source.
“It’s not just Med-Gemini. Google’s more advanced healthcare model, dubbed MedGemma, also led to varying answers depending on the way questions were phrased, leading to errors some of the time. ‘Their nature is that [they] tend to make up things, and it doesn’t say ‘I don’t know,’ which is a big, big problem for high-stakes domains like medicine,’ Judy Gichoya, Emory University associate professor of radiology and informatics, told The Verge.
Other experts say we’re rushing into adapting AI in clinical settings — from AI therapists, radiologists, and nurses to patient interaction transcription services — warranting a far more careful approach.”
A wise fictional character once said, “Take risks! Make mistakes! Get messy! In other words, say “I don’t know!” Could this quick kill people? Duh.
Whitney Grace, September 9, 2025
Innovation Is Like Gerbil Breeding: It Is Tough to Produce a Panda
September 8, 2025
Just a dinobaby sharing observations. No AI involved. My apologies to those who rely on it for their wisdom, knowledge, and insights.
The problem is innovation is a tough one. I remember getting a job from a top dog at the consulting firm silly enough to employ me. The task was to chase down the Forbes Magazine list of companies ordered by how much they spend on innovation. I recall that the goal was to create an “estimate” or what would be a “model” today of what a company of X size should be spending on “innovation.”
Do that today for an outfit like OpenAI or one of the other US efforts to deliver big money via the next big thing and the result is easy to express; namely, every available penny is spent trying to create something new. Yep, spend the cash innovating. Think it, and the “it” becomes real. Build “it,” and the “it” draws users with cash.
A recent and somewhat long essay plopped in my “Read file.” The article is titled “We’ve Lost the Plot with Smartphones.” (The write up requires signing up and / or paying for access.)
The main idea of the essay is that smartphones, once heralded as revolutionary devices for communication and convenience, have evolved into tools that undermine our attention and well-being. I agree. However, innovation may not fix the problem. In my view, the fix may be an interesting effort, but as long as there are gizmos, the status quo will return.
The essay suggests that the innovation arc of such devices like a toaster or the mobile phone solves problems or adds obvious convenience to a user otherwise unfamiliar with the device. Like Steve Jobs suggested, users have to see and use a device. Words alone don’t do the job. Pushing deck chairs around a technology yacht does not add much to the value of the device. This is the “me too” approach to innovation or what is often called “featuritis.”
Several observations:
- Innovations often arise without warning, no matter what process is used
- The US is supporting “old” businesses, and other countries are pushing applied AI, which may be a better bet
- Big money innovation usually surfs on month, years, or decades of previous work. Once that previous work is exhausted, the brutal odds of innovation success kick in. A few winners will emerge from many losers.
One of the oddities is the difficulty of identifying a significant or substantive innovation. That seems to be as difficult to do as set up a system to generate innovation. In short, technology innovation reminds me of gerbils. Start with a few and quickly have lots of gerbils. The problem is that you have gerbils and what you want is something different.
Good luck.
Stephen E Arnold, September 8, 2025
Pinboard: A Useful Resource
September 8, 2025
I’m going to be completely honest. When I visited Pinboard I didn’t have any idea what the website was. I poked around, visited some links that look me to various social media and similar websites, until I found the about page:
"Founded in 2009, Pinboard is a fast, independently run, no-nonsense bookmarking site for people who value privacy and speed.
There are no ads and no trackers of any kind. Users pay a modest yearly fee.
Pinboard lets you bookmark from any browser, connect up Twitter accounts (and favorites), and sync with popular services like Instapaper or Pocket.
For a few more bucks a year, Pinboard offers an archiving service which saves a copy of everything you bookmark, gives you full-text search, and automatically checks your account for dead links.”
I was intrigued. Services like this are all glitz and spangles these days, but Pinboard has old school simplicity with chaotic neutral hacker vibes. Say what?
By that I mean, it’s a neat service without the high price tag. These reviews say it all:
The Guardian said, “Pinboard is a very effective service… Sometimes, you don’t need glitz; you need plumbing.”
Followed by The Economist, One dude in his underpants somewhere who has five windows open to terminal servers.”
The operator of the site takes steps to neutralized SEO spammers and Telegram posting bots. This is a very good service. There is what I call a “slow SEO spammer.” The entity behind this steady stream of baby oriented cloth is an annoyance and a bit amusing.
Whitney Grace, September 8, 2025
Dr. Bob Clippy Will See You Now
September 8, 2025
I cannot wait for AI to replace my trusted human physician whom I’ve been seeing for years. “Microsoft Claims its AI Tool Can Diagnose Complex Medical Cases Four Times More Accurately than Doctors,” Fortune reports. The company made this incredible claim in a recent blog post. How did it determine this statistic? By taking the usual resources away from human doctors it pitted against its AI. Senior Reporter Alexa Mikhail tells us:
“The team at Microsoft noted the limitations of this research. For one, the physicians in the study had between five and 20 years of experience, but were unable to use textbooks, coworkers, or—ironically—generative AI for their answers. It could have limited their performance, as these resources may typically be available during a complex medical situation.”
You don’t say? Additionally, the study did not include everyday cases. You know, the sort doctors do not need to consult books or coworkers to diagnose. Seems legit. Microsoft says it sees the tool as a complement to doctors, not a replacement for them. That sounds familiar.
Mikahil notes AI already permeates healthcare: Most of us have looked up symptoms with AI-assisted Web searches. ChatGPT is actively being used as a psychotherapist (sometimes for better, often for worse). Many healthcare executives are eager to take this much, much further. So are about half of US patients and 63% of clinicians, according to the 2025 Philips Future Health Index (FHI), who expect AI to improve health outcomes. We hope they are correct, because there may be no turning back now.
Cynthia Murrell, September 8, 2025
-
- Subscribe to Beyond Search
Feature archive
News archive
-
