AI Tools Are Rewriting Business Security, and Not in a Good Way

AI is completely rewriting the script on how founders run their businesses. As founders implement more AI tools into their workflows, they need to understand the security of their AI software supply chain. Only recently, deployment platform Vercel suffered a massive security breach as the result of an employee connecting a third-party AI tool to their corporate Google account. Revolutionizing your business operations isn’t going to do much good if sensitive data is compromised. Before you roll out AI-powered tools, you must consider how they affect the entire software supply chain. What are the risks of an under-managed AI software supply chain? Currently, enterprise enthusiasm for AI adoption seems to be outpacing companies’ ability to enact meaningful security measures. According to a report by cloud and AI security solutions provider Wiz, while 87% of security professionals are using some type of AI service, only 13% have an AI-specific posture management security strategy. Twenty percent aren’t implementing any type of AI security strategy. Another 25% admit they don’t know which AI services are currently being used in their organization. The lack of information and oversight creates major challenges for founders. Reports have found that as many as 80% of workers use unvetted and unapproved AI tools on the job. This isn’t just among lower-level employees. Senior managers and executives often have even higher rates of unapproved AI usage. The problem? Unvetted AI tools often use open-source components which can house major security flaws. The flow of information to and from micro-services, LLMs and database servers can be difficult to track, with the potential for serious connections and permissions vulnerabilities. The Vercel breach exposed a huge amount of database credentials, API keys and third-party integrations. This happened simply because an AI tool was given permission to read software environment variables. In some cases, cyberattackers, who insert false or misleading information into the training data, intentionally “poison” public machine learning models. This can make the AI malfunction in ways that trigger it to provide wrong answers, leak sensitive information or behave in a biased way, even when the model seems to be functioning normally. As agentic AI becomes more widely used, the risks grow exponentially. Agentic AI’s capabilities to carry out complex series of tasks without oversight can be a boon for time-strapped founders. It also allows AI agents to be used for increasingly sophisticated and devastating attacks if they are compromised. Minimize the risks, and maximize the results. For founders, the same risks that exist from a “standard” cyberattack also exist within the AI software supply chain, but at scale — potential regulatory, legal and financial accountability, significant downtime, and lost trust. All of those become even greater risks when founders don’t do their due diligence on their entire AI software supply chain. So how do you minimize the risks for your organization? Start by comprehensively vetting tools your organization uses. Even basic steps such as reviewing terms of use and understanding how an AI tool may use data you feed into its system can help reduce risk. For businesses operating in privacy-focused industries, tools should also meet all relevant regulations. You should also carefully vet the developers behind these AI tools. Ask yourself: Has your AI developers regularly updated AI tools, especially for security? Does the developer provide testing and validation results? Are they transparent with how your data is used or stored? What is their reputation like? Even if a given AI system is deemed safe unto itself, it’s important to map out the downstream connections it has with your apps and servers. This ensures that you are managing all relevant identities and workflows safely. The best AI supply chain security strategies take all of these components into account. Securing AI workflows and access When you integrate AI into your stack, you should also adopt many of the same security practices you use with human employees. Zero trust governance, with strict access and authentication controls, can ensure that AI tools only access the information they need to perform their critical functions. Finally, you need to establish clear AI policies and make sure your entire team follows them, on the user’s end as well as the developer’s end. The 2025 Verizon Data Breach Investigations Report found that roughly 60% of breaches had a human element, usually employee error. Ongoing training regarding safe AI use will hopefully keep your team from using unauthorized AI tools that could compromise your systems. Do you know where your AI comes from? As AI adoption accelerates, ensuring it doesn’t compromise your security becomes an increasingly high-stakes game for founders. It’s great to unlock exciting automations and boost productivity. But you need to reduce risk wherever possible. A proactive and informed approach to your AI software supply chain will help you avoid becoming another cautionary tale. EXPERT OPINION BY HEATHER WILDE RENZE @HEATHRIEL

He Spent 18 Years as a Software Engineer. AI Replaced Him in Weeks—and Exposed the Reskilling Myth

For nearly two decades, David was the guy you called when the system crashed at 3 a.m. With 18 years of experience as a senior software engineer, he had seen the industry move from physical servers to the cloud, surviving bubble bursts and economic downturns. He assumed his deep expertise was his ultimate insurance policy. Then the email arrived. It was the standard “restructuring” notice that has become the soundtrack of the modern tech sector. But this time, the chairs weren’t just being rearranged. David’s entire department was being dismantled to make room for a new team of AI specialists. David wasn’t worried at first. He had spent his career learning new languages and frameworks. He bought the books, took the online courses, and prepared to “reskill” into the AI-driven future that every LinkedIn influencer and CEO was shouting about. The reality, however, was a cold shower. After applying to over 100 jobs, the feedback was consistently the same. Hiring managers told him his skills were obsolete. The very experience he viewed as an asset was now being treated as a liability, a relic of a pre-generative era. Today, David doesn’t spend his nights debugging code. He spends them working the night shift as a waiter at McDonald’s. His story is not an outlier. It exposes the reskilling lie. The myth of the easy pivot We have been told a comforting story about the AI revolution. The narrative suggests that while some jobs will disappear, a vast ocean of new roles will open up for those willing to learn. It sounds logical in a keynote presentation, but it falls apart on the ground. Midcareer professionals are being sold a bill of goods. The idea that a 45-year-old engineer with a mortgage and family can simply take a six-week boot camp and compete with 22-year-old AI natives is a fantasy. It ignores the structural ageism and economic realities of the hiring market. Companies aren’t looking for veterans who have “reskilled.” They are looking for specialists who have lived and breathed neural networks for their entire academic lives. The “pivot” is more of a leap across a widening chasm, and for many, the landing isn’t there. Part of the problem is they haven’t yet grasped the disruption confidence cycle that takes place every time a new technology comes along and changes the game. When experience becomes a liability In the traditional business world, 18 years of experience commands a premium. It represents depth of knowledge and a history of successful projects. In the AI-first world, that same history is often viewed as “legacy baggage.” Hiring managers are increasingly biased toward candidates who don’t have “pre-AI” habits. They want people who think in prompts, not in procedural logic. This creates a trap for midcareer professionals who find themselves overqualified for entry-level AI roles but “underskilled” for senior ones. The result is a talent graveyard. Brilliant minds are being discarded not because they can’t learn, but because the corporate machine doesn’t want to pay for the transition time. It is cheaper to hire a specialist than to wait for a veteran to adapt. The leadership failure This is not just a technology problem. It is a leadership failure. Executives are prioritizing short-term AI integration over long-term talent retention. By replacing veteran staff with specialized newcomers, they are hollowing out the institutional memory of their organizations. When a senior engineer leaves, they take more than just their coding skills. They take the knowledge of why certain decisions were made five years ago. They take the understanding of the client’s deep-seated needs. AI cannot replicate that context yet. Leaders who buy into the replace-and-reskill narrative are often surprised by the problems it creates. The new AI systems might be faster, but the loss of human oversight leads to hallucinations that can cost millions. Replacing a seasoned pro with a prompt engineer is a gamble that rarely pays off the way the spreadsheets predict. Seeking alternative paths For those caught in this transition, the traditional job market can feel like a closed door. This is why many are looking toward independent tools and solo ventures to reclaim their agency. Instead of waiting for a hiring manager to validate their AI skills, they are building their own workflows. Some have turned to platforms that simplify complex industries such as travel planning, financial management, legal paperwork, real estate, health care navigation, online education, and small-business operations. It allows them to leverage their organizational skills without needing a corporate badge to prove their worth. The goal for many is no longer about finding a new desk in a glass building. It is about creating a career moat that AI cannot easily bridge. This requires a move from being a worker to being a builder, regardless of the industry. The hidden cost of displacement The human cost of this displacement is staggering. When a senior professional is forced into low-wage service work, it isn’t just a loss of income. It is a loss of identity and social utility. The psychological toll of being told you are “obsolete” after two decades of high-level performance is profound. This creates a ripple effect throughout the economy. Families lose their stability, and the community loses the tax base of high-earning professionals. The “reskilling” narrative acts as a convenient shield for companies to avoid the moral and economic responsibility of their hiring decisions. Redefining the promise If the reskilling lie is to be corrected, the conversation must change. We need to stop telling people that a pivot is easy and start talking about how to protect and adapt existing expertise. We need policies that incentivize companies to retain and transition their veteran staff. True reskilling requires time, investment, and a willingness to value experience. It isn’t a weekend workshop. It is a collaborative process between the individual and the organization. Without that partnership, the “pivot” will continue to be a cliff for many. For the Davids of the world, the McDonald’s shift isn’t a failure of effort. It is a failure of a system that promised a ladder and then pulled it away once he reached the middle. The AI era doesn’t have to be a zero-sum game between veterans and newcomers. But as long as we pretend that “learning to code” or “learning to prompt” is a magic bullet for a 45-year-old, we are setting millions up for disappointment. Leaders must be honest about the limitations of reskilling. They must acknowledge that experience still matters, even in an automated world. Until that happens, the night shift at McDonald’s will continue to be the unintended destination for some of our brightest minds. EXPERT OPINION BY JOEL COMM, AUTHOR AND SPEAKER @JOELCOMM

These 40 Jobs May Be Replaced by AI. These 40 Probably Won’t

A new study measuring the use of generative artificial intelligence in different professions has just gone public, and its main message to people working in some fields is harsh. It suggests translators, historians, text writers, sales representatives, and customer service agents might want to consider new careers as pile driver or dredge operators, railroad track layers, hardwood floor sanders, or maids — if, that is, they want to lower the threat of AI apps pushing them out of their current jobs. Why should anyone heed yet another of the myriad, sometimes conflicting reports in AI’s potential impacts on jobs? Because the researchers behind the new findings really know what they’re talking about. They all work for tech giant Microsoft, which is developing Copilot and related AI apps examined in the study. And those tools, the authors say, risk putting ticket agents and telemarketers out of work far sooner than orderlies and paving equipment operators. The Microsoft study comes as debate continues about the employment threats AI may pose to millions of people in clerical, administrative, communications, marketing, and other jobs. Executives of several tech companies, including AI developer Anthropic CEO Dario Amodei, have alternatively cheered or warned about bots automating a wide range of work tasks, potentially eliminating up to half of all white-collar and entry-level jobs in the process. Other business leaders, notably serial entrepreneur Mark Cuban, believe the tech will generate even more new positions than it erases by assuming a lot of repetitive drudge work. Microsoft’s new research doesn’t offer an opinion on the quantitative consequences on employment that AI will ultimately have. But it does provide clear indication of which 40 jobs are already using apps most frequently — and the contrasting 40 professions reflecting the tech’s lowest levels of penetration. The full text of their findings and the two rankings are available here. These 40 jobs are most threatened by AI Interpreters and Translators Historians Passenger Attendants Sales Representatives of Services Writers and Authors Customer Service Representatives CNC Tool Programmers Telephone Operators Ticket Agents and Travel Clerks Broadcast Announcers and Radio DJs Brokerage Clerks Farm and Home Management Educators Telemarketers Concierges Political Scientists News Analysts, Reporters, Journalists Mathematicians Technical Writers Proofreaders and Copy Markers Hosts and Hostesses Editors Business Teachers, Postsecondary Public Relations Specialists Demonstrators and Product Promoters Advertising Sales Agents New Accounts Clerks Statistical Assistants Counter and Rental Clerks Data Scientists Personal Financial Advisers Archivists Economics Teachers, Postsecondary Web Developers Management Analysts Geographers Models Market Research Analysts Public Safety Telecommunicators Switchboard Operators Library Science Teachers These 40 jobs are least threatened by AI Phlebotomists Nursing Assistants Hazardous Materials Removal Workers Helpers–Painters, Plasterers Embalmers Plant and System Operators, All Other Oral and Maxillofacial Surgeons Automotive Glass Installers and Repairers Ship Engineers Tire Repairers and Changers Prosthodontists Helpers–Production Workers Highway Maintenance Workers Medical Equipment Preparers Packaging and Filling Machine Operators Machine Feeders and Offbearers Dishwashers Cement Masons and Concrete Finishers Supervisors of Firefighters Industrial Truck and Tractor Operators Ophthalmic Medical Technicians Massage Therapists Surgical Assistants Tire Builders Helpers–Roofers Gas Compressor and Gas Pumping Station Operators Roofers Roustabouts, Oil and Gas Maids and Housekeeping Cleaners Paving, Surfacing, and Tamping Equipment Operators Logging Equipment Operators Motorboat Operators Orderlies Floor Sanders and Finishers Pile Driver Operators Rail-Track Laying and Maintenance Equipment Operators Foundry Mold and Coremakers Water Treatment Plant and System Operators Bridge and Lock Tenders Dredge Operators The results were obtained by analyzing 200,000 “conversations between users and Microsoft Bing Copilot.” Researchers then matched those with “measurements of task success and scope of impact, [to] compute an AI applicability score for each occupation.” The jobs with the highest use rates tended to be office positions or other work communicating data or thoughts for specific business purposes. “We find the highest AI applicability scores for knowledge work occupation groups such as computer and mathematical, and office and administrative support, as well as occupations such as sales whose work activities involve providing and communicating information,” the study says. “Additionally, we characterize the types of work activities performed most successfully, how wage and education correlate with AI applicability, and how real-world usage compares to predictions of occupational AI impact.” The upshot of that is data showing the work of ticketing agents, proofreaders, and PR specialists is already being automated at far higher levels than labor provided by housepainters and plasterers, embalmers, ship engineers, and phlebotomists — the technicians who draw blood for medical tests. But despite the study establishing a de facto ranking of the jobs threatened the most — and least — by AI, its authors ultimately waffle a bit on just how big the tech’s impact on overall employment and workplace stability might be. That’s probably not surprising, given they all work for the same Microsoft employer whose business future will largely depend on successfully developing and selling those work-automating apps to other companies. And some of the study’s disclaimers suggest underlining AI’s potential for possibly eviscerating current employee counts wasn’t considered the best messaging for broadening the appeal of apps to prospective customers. “It is tempting to conclude that occupations with high overlap will experience job loss,” they write in one of those hedges on AI’s likely impact on employment. “This would be a mistake, as our data do not include the downstream business impacts of new technology, which are very hard to predict.” On the one hand, authors do specify that AI tools are being used most often for communications tasks like language interpretation, emailing, and composing marketing materials. But on the other, they hasten to add it isn’t clear apps are also being asked to assume the complete array of tasks those workers perform on the job — or whether they’d even be capable of doing that. The researchers similarly note the different objectives employees studied had in using bots. Some of those workers asked apps to entirely handle and complete certain job tasks. But in many other cases, people queried AI assistants about the most effective ways to fulfill work duties themselves, retaining their own value to employers. Meantime, the study’s authors also seem to balance between the higher productivity objectives — and potentially decreased labor costs — that some employers hope AI will provide and employees’ contrasting fears about their job security. Those diverging focuses, the authors say, won’t generate the zero-sum results many warn of — at least not necessarily. “For example, if AI makes software developers 50 percent more productive, companies could raise their ambitions and hire more developers as they are now getting more output per developer, or hire fewer developers because they can get the same amount done with fewer of them,” they say. “Our data is only about AI usage and we have no data on the downstream impacts of that usage, so we only weigh in on the automation versus augmentation question by separately measuring the tasks that AI performs and assists.” But the study also makes it clear that the jobs least likely to be disrupted initially by increased or dominant use of AI are those involving some mixture of manual activity, use of machines, and interaction with people. That combination leaves nursing assistants, hazardous waste removers, car windshield installers, and medical equipment preparers among the professions with the lowest level of app penetration. But even there, the authors create some wiggle room for eventual employment outcomes. They note their research is based on use of AI that Microsoft developed from large language models (LLMs). More focused apps tailored to individual professions — possibly paired with robotic machines — might still leave many manual jobs vulnerable to the tech’s influence in the future. “Note that our measurement is purely about LLMs,” the authors note. “Other applications of AI could certainly affect occupations involving operating and monitoring machinery, such as truck driving.” Meaning, any historians or brokerage clerks feeling fearful about their work after reading the study might want to rethink any plans about rushing into careers as a roustabout or packaging machine operator. Because those professions, too, may come under the growing influence of specialized AI apps in the not too distant future. BY BRUCE CRUMLEY @BRUCEC_INC

Stop Letting ChatGPT and Other AI Chatbots Train on Your Data. Here’s Why—and How

When you interact with a chatbot, there’s a good chance that everything you say, and every prompt you give, isn’t just used to generate replies to your queries. Nearly every chatbot company on the planet also uses the information you provide to train its AI models. This can leave your privacy—and even your employer’s confidential information—exposed. But you can mitigate these privacy risks by telling chatbots not to use your data for training. Here’s how. What is AI chatbot training? In order for a chatbot to provide knowledgeable and (hopefully) accurate answers, the underlying large language model (LLM) that powers it needs to assimilate a massive amount of information, which it then uses to help answer your questions. This process of information assimilation is known as “training.” The more information an LLM trains on, the more intelligent the LLM, ostensibly, gets. LLMs acquire training data from numerous sources, including public websites, social media platforms, encyclopedias, video-sharing sites like YouTube, and, unfortunately, sometimes even without permission from authors, novelists, artists, musicians, and other creatives. But LLMs also get their training data from you, too. Every time you enter a prompt to give a chatbot information, that information is likely being used by the AI company to further train its models. And that can leave your privacy severely exposed. Why you shouldn’t let AI chatbots train on your data It’s generally a good idea not to allow LLMs to train on your data, especially if, in your interactions with a chatbot, you share a lot of sensitive information about yourself. If you talk to a chatbot about your physical or mental health, your finances, or your relationships, you should know that that data is, by default, usually used by the AI company to further train its LLM, which means your most intimate thoughts, worries, and concerns are becoming part of the model. AI companies say they anonymize the information you provide before using it to train their models—but you really just have to take them at their word. Even if they do anonymize your information, that doesn’t mean a bad actor in the future couldn’t use some technique to link all the prompts about a particular health, relationship, legal, or financial issue back to you. And if you are using an AI chatbot for work, you could be exposing your employer to legal and regulatory risks if the data you feed it contains confidential user or client information. Even if it doesn’t, you could inadvertently give away your employer’s corporate secrets, such as proprietary code or sales data. The chatbot may give you the answers you’re searching for, but it will also use all the data you give it to further train its models—and retain that data as part of itself. How to prevent AI chatbots from training on your data All this means that it’s a very good idea to prohibit a chatbot from training on your data. Doing so will not hinder the quality of the results the chatbot provides to you, but it will ensure, as best as possible, that the data you provide to it won’t be permanently absorbed into the bot’s underlying LLM. The good news is that most reputable chatbots—including the four most popular ones: OpenAI’s ChatGPT, Google’s Gemini, Anthropic’s Claude, and Perplexity AI’s Perplexity—now offer ways you can opt out of having your data used for training. Here’s how to tell the big four chatbots to stop training on your data: ChatGPT: Select your profile to access the chatbot’s settings. Select Data Controls. Select “Improve the model for everyone.” Toggle the “Improve the model for everyone” switch off. Gemini: Go to the Gemini Apps Activity settings page. Select the button that says “On.” From the pop-up, select “Turn off.” Select “Got it” in the confirmation box that appears. Claude: Select your profile to access the chatbot’s settings. Select the privacy menu. Toggle the “Help improve Claude” switch off. Perplexity: Select your profile to access the chatbot’s settings. Select the Preferences menu. Toggle the “AI data retention” switch off. Once you’ve done this, none of the big four AI giants should be able to use the prompts and other information you give their chatbots to further train their LLMs. However, since these firms haven’t provided independent auditors with access to their systems, you have to take the companies’ word that they will stop using your data to train their models. Also note that even if AI companies agree not to use your data to train their models, they may retain information from your chats and other information you provide for legal or regulatory purposes for a set period of time. And even with these anti-training orders in place, it’s still a good idea to thoroughly (and correctly) redact sensitive information from any documents before you upload them to an AI chatbot. To get even more privacy when interacting with popular chatbots, consider using proxies like Apple Intelligence on the iPhone or DuckDuckGo’s Duck.ai, which can help better obscure your digital footprint from AI giants. By Michael Grothaus