Podcasts about pii

Officials in St. Paul, Minnesota declare a state of emergency following a cyberattack. Hackers disrupt a major French telecom. A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI-driven app development platform. A new study shows AI training data is chock full of PII. Fallout continues for the Tea dating safety app. Hackers are actively exploiting a critical SAP NetWeaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida prison exposes personal information of visitors to all of its inmates. Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building. CISA and Senator Wyden come to terms —mostly— over the long-buried US Telecommunications Insecurity Report.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building discussing what it's like to be the new host on the N2K CyberWire network and giving a glimpse into some upcoming episodes. You can catch Keith and his co-hosts Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint, and our own Dave Bittner the first Tuesday of each month on your favorite podcast app with new episodes of Only Malware. Selected Reading Major cyberattack hits St. Paul, shuts down many services (Star Tribune) French telecom giant Orange discloses cyberattack (Bleeping Computer) Power Outage at Newark Data Center Disrupts Linode, Took LWN Offline (FOSS Force) Critical authentication bypass flaw reported in AI coding platform Base44 (Beyond Machines) A major AI training data set contains millions of examples of personal data (MIT Technology Review) Dating safety app Tea suspends messaging after hack (BBC) Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware (Bleeping Computer) CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group (gb hackers) Florida prison data breach exposes visitors' contact information to inmates (Florida Phoenix) CISA to release long-buried US telco security report (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

If you like what you hear, please subscribe, leave us a review and tell a friend!

//The Wire//2300Z July 25, 2025////ROUTINE////BLUF: "DATING" APP DATA BREACH HIGHLIGHTS NATIONAL SECURITY CONCERNS.// -----BEGIN TEARLINE------HomeFront-USA: This morning a major PII leak was exploited on the Tea app, the infamous app that has gained notoriety around the United States. This data leak was not a hack by any means; the selfie ID feature and driver's license images used to register users were stored unencrypted on the app's servers for anyone on the internet to see. Furthermore, the location data was not scrubbed from the images, so the exact GPS coordinate of each user was also leaked, with tens of thousands of users' private location data being leaked online.-----END TEARLINE-----Analyst Comments: This app gained infamy as it's entire purpose is to serve as a "Yelp" for women to rate men, and to allow women to secretly share personal information regarding prospective dates, all without men being allowed to either face their accusers or even know that they are being gossiped about (thus the name of the app being a slang term that serves as a synonym for "gossip"). Most importantly, the app uses facial recognition to prevent biological males from obtaining an account. Beyond the unfortunate origins of the app and the equally unfortunate data leak, examination of the data that was leaked is likely to cause exceptionally grave risks to national security. The "gossipy" nature of this story doesn't matter, a bunch of unflattering selfies doesn't matter either; what does matter is that this may have inadvertently revealed significant national security concerns.For instance, preliminary analysis of the datasets indicates that many users of the Tea app downloaded the app, took a selfie, and registered for an account while at work. In some cases, at government facilities or on military bases...such as the rather unfortunate individual who decided it was a good idea to register for this app while stationed at Marine Corps Base Quantico. Or the person who felt that they needed to use this app while on a gunnery range at the Aberdeen Proving Grounds. So far, other interesting sites located via personnel taking a selfie to register for this app at work include the following locations:- An ammunition storage bunker at Naval Weapons Station Earle in New Jersey.- The legislative offices at the Connecticut State Capitol building.- One of the headquarters buildings at Minot Air Force Base.- A maintenance site on the airfield at Eglin Air Force Base.- Alumni Hall at the US Naval Academy in Annapolis.- And the off-base housing complexes at nearly every single military base in the United States.Of course, these data points only encompass the GPS coordinates that were embedded in the metadata of the selfies taken when users created an account on the app, so the data that was leaked is merely a snapshot of wherever a person was when they registered an account. Most of the GPS points presented in this data were very precise, pinpointing users within a diameter of 36ft or so on average. GPS errors are also likely to throw off this dataset, so it's probable that quite a few data points are inaccurate. However, most of the data (as leaked) is good enough for nationstate-level malign actors to have a field day when it comes to espionage. A person who is unhappy with the person they are in a relationship with, who is also willing to submit their full legal name and street address (or GPS location) makes for a prime espionage target when this data is cross-referenced with other data. It takes exactly two clicks to import the leaked data to a map, and overlay that map with known sensitive military sites around the nation...perhaps in the process finding a few new locations as well. It is also easy to cross-reference this data with property ownership documents to find out how many people took a selfie at a different ad

Donata Stroink-Skillrud is an attorney licensed in Illinois, a Certified Information Privacy Professional, and President of Termageddon, a SaaS platform transforming how eCommerce businesses handle legal compliance. Built at the intersection of privacy law expertise and technology, Termageddon helps online businesses stay compliant with ever-changing privacy regulations, without needing a legal team.After years of working directly with contract law, consumer protection, and international privacy regulations, Donata saw firsthand how fragmented, outdated, and risky privacy compliance had become for Ecommerce websites. What started as manual legal work soon evolved into an automated solution that identifies which privacy laws apply to a business and generates up-to-date, accurate website policies in minutes—not weeks.Donata brings a legal insider's perspective to the realities of online selling, breaking down complex regulations into practical steps for founders. From helping brands avoid FTC fines on subscription renewals, to clarifying why state privacy laws apply to your store, Donata explains the hidden legal pitfalls that quietly erode Ecommerce growth and how to protect against them.Whether sharing how generic privacy templates leave stores exposed, why recurring billing pages are the newest legal battleground, or how to future-proof your policies against incoming U.S. state laws, Donata delivers a tactical, no-nonsense playbook for reducing legal risk and building customer trust.In This Conversation We Discuss: [00:42] Intro[01:04] Breaking down contract laws for entrepreneurs[02:02] Explaining why Shopify won't cover your compliance[03:57] Breaking down real costs of ignoring privacy laws[06:53] Clarifying why location won't shield your store[08:10] Highlighting false refund claims that trigger fines[11:54] Identifying which privacy laws apply to you[13:36] Turning repetitive legal work into automation[14:55] Updating policies before laws take effect[16:29] Receiving automatic updates without extra effort[17:15] Saving weeks of legal work with automation[18:12] Staying compliant as privacy laws keep changingResources:Subscribe to Honest Ecommerce on YoutubeProtects business from fines and lawsuits termageddon.com/Follow Donata Stroink-Skillrud linkedin.com/in/donata-stroink-skillrudIf you're enjoying the show, we'd love it if you left Honest Ecommerce a review on Apple Podcasts. It makes a huge impact on the success of the podcast, and we love reading every one of your reviews!

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-883

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-883

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Show Notes: https://securityweekly.com/psw-883

Restez concentrés parce que ce n'est pas terminé! Après un premier épisode sur le diagnostic et la prise en charge non-pharmacologique du TDAH, on porte cette fois toute notre attention sur les pilules. Dans ce 46ème épisode du Pharmascope, Nicolas, Isabelle et leur invitée discutent donc du traitement pharmacologique du TDAH, plus spécifiquement des psychostimulants. Les objectifs pour cet épisode sont : Identifier les différentes formulations de psychostimulants disponibles dans le traitement du TDAH Comprendre les risques et les bénéfices associés à la prise de psychostimulants dans le traitement du TDAH Comparer l'efficacité et l'innocuité des différents psychostimulants entre eux en TDAH Ressources pertinentes en lien avec l'épisode Lignes directrices canadiennes CADDRA – Canadian ADHD Ressource Alliance : Lignes directrices canadiennes pour le TDAH, quatrième édition, Toronto (Ontario); CADDRA 2018. Lignes directrices américaines Wolraich ML et coll. Clinical Practice Guideline for the Diagnosis, Evaluation, and Treatment of Attention-Deficit/Hyperactivity Disorder in Children and Adolescents. Subcommittee on children and adolescents with attention-deficit / hyperactive disorder. Pediatrics 2019. 144(4). pii:e20192528. Revues du TDAH Thapar A, Cooper M. Attention deficit hyperactivity disorder. Lancet. 2016;387(10024):1240-50. Auclair M, Elalami M. Traitement du TDAH chez l'enfant. Québec Pharmacie. Septembre 2018. 28p. Revues systématiques portant sur les mesures non-pharmacologiques Good AP et coll. Nonpharmacologic Treatments for Attention-Deficit / Hyperactivity Disorder: A Systematic Review. Pediatrics. 2018;141(6). Pii:e20180094. Lopez PL et coll. Cognitive-behavioural interventions for attention deficit hyperactivity disorder (ADHD) in adults. Cochrane Database Syst Rev. 2018,23(3):CD010840. Études portant sur l'effet des amphétamines Punja S et coll. Amphetamines for attention deficit hyperactivity disorder (ADHD) in children and adolescents. Cochrane Database Syst Rev.2016;2:CD009996. Castells X et coll. Amphetamines for attention deficit hyperactivity disorder (ADHD) in adults. Cochrane Database Syst Rev.2018;8:CD007813. Études portant sur l'effet du méthylphénidate Storebo OJ et coll. Methylphenidate for children and adolescents with attention deficit hyperactivity disorder (ADHD). Cochrane Database Syst Rev. 2015;11:CD009885. Epstein T et coll. Immediate-release methylphenidate for attention deficit hyperactivity disorder (ADHD) in adults. Cochrane Database Syst Rev. 2014;9:CD005041. MTA Cooperative Group. A 14-month randomized clinical trial of treatment strategies for attention-deficit/hyperactivity disorder. Multimodal Treatment Study of Children with ADHD. Arch Gen Psychiatry. 1999;56:1073-86. Revue systématique globale  Stuhec M, Lukic P, Locatelli I. Efficacy, Acceptability, and Tolerability of Lisdexamfetamine, Mixed Amphetamine Salts, Methylphenidate, and Modafinil in the Treatment of Attention-Deficit Hyperactivity Disorder in Adults: A Systematic Review and Meta-analysis. Ann Pharmacother. 2019; 2:121-133. Liens utiles pour ressources Canadian ADHD Ressource Alliance (CADDRA). 2020. Centre for ADHD awareness, Canada (CADDAC). 2017. Clinique FOCUS. 2020. Annick Vincent. TDAH, informations, trucs et astuces. 2020.

Attention, attention! Un nouvel épisode du Pharmascope est maintenant disponible! Et, cette fois, il va falloir rester concentré parce qu'on a fait trois épisodes sur le TDAH . Dans ce 45ème épisode du Pharmascope et premier de cette série, Nicolas, Isabelle et leur invitée de marque discutent des manifestations cliniques, de l'approche diagnostique et de la prise en charge initiale du TDAH. Les objectifs pour cet épisode sont: Comprendre l'approche diagnostique du TDAH Discuter des comorbidités fréquemment associées au TDAH Identifier les objectifs de traitement du TDAH Suggérer des mesures non pharmacologiques pour le TDAH Ressources pertinentes en lien avec l'épisode Lignes directrices canadiennes CADDRA – Canadian ADHD Ressource Alliance : Lignes directrices canadiennes pour le TDAH, quatrième édition, Toronto (Ontario); CADDRA 2018. Lignes directrices américaines Wolraich ML et coll. Clinical Practice Guideline for the Diagnosis, Evaluation, and Treatment of Attention-Deficit/Hyperactivity Disorder in Children and Adolescents. Subcommittee on children and adolescents with attention-deficit / hyperactive disorder. Pediatrics 2019. 144(4). pii:e20192528. Revues du TDAH Thapar A, Cooper M. Attention deficit hyperactivity disorder. Lancet. 2016;387(10024):1240-50. Auclair M, Elalami M. Traitement du TDAH chez l'enfant. Québec Pharmacie. Septembre 2018. 28p. Revues systématiques portant sur les mesures non-pharmacologiques Good AP et coll. Nonpharmacologic Treatments for Attention-Deficit / Hyperactivity Disorder: A Systematic Review. Pediatrics. 2018;141(6). Pii:e20180094. Lopez PL et coll. Cognitive-behavioural interventions for attention deficit hyperactivity disorder (ADHD) in adults. Cochrane Database Syst Rev. 2018,23(3):CD010840. Gillies D et coll. Polyunsaturated fatty acids (PUFA) for attention deficit hyperactivity disorder (ADHD) in children and adolescents. Cochrane Database Syst Rev. 2012.(7):CD007986. Liens utiles pour ressources Canadian ADHD Ressource Alliance (CADDRA). 2020. Centre for ADHD awareness, Canada (CADDAC). 2017. Clinique FOCUS. 2020. Annick Vincent. TDAH, informations, trucs et astuces. 2020.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutReady to master data classification for your CISSP exam? This episode delivers exactly what you need through fifteen practical questions that mirror real exam scenarios, all focused on Domain 2.1.1.The cybersecurity world is constantly evolving, and our discussion of the newly formed ARPA-H demonstrates this perfectly. Modeled after DARPA but focused on healthcare innovation, this agency represents a $50 million opportunity for security professionals to tackle the persistent ransomware threats plaguing the healthcare industry.Diving into our practice questions, we explore how marketing materials receive "sensitive" classifications, while revolutionary battery technology blueprints warrant "class three severe impact" protection. We clarify why social security numbers in healthcare settings fall under Protected Health Information rather than just PII, and why government agencies use distinctive classification schemas including terms like "top secret" that aren't merely arbitrary labels.The episode tackles complex scenarios including cloud storage responsibilities (you retain ownership of customer data even when stored by third parties), the limitations of DLP solutions for printed documents, and proper breach response protocols. Each question provides context-rich explanations that go beyond simple answers to build your understanding of the underlying principles.Perhaps most valuable is our exploration of classification system design - revealing why simply labeling all non-public information as "sensitive" creates security vulnerabilities by failing to distinguish between different impact levels. This practical insight helps you not just memorize concepts but understand how to implement effective classification in real-world environments.Whether you're studying for your CISSP exam or wanting to strengthen your organization's security posture, these fifteen questions provide the perfect framework for mastering data classification principles. Visit cisspcybertraining.com to access our complete blueprint and mentoring services guaranteed to help you pass the CISSP exam on your first attempt.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Welcome to the CanadianSME Small Business Podcast, hosted by Kripa Anand, where we explore the strategies and technologies that empower businesses to make smarter decisions in the digital age. In this episode, we dive deep into the critical world of data analytics, focusing on bridging the gap between strategy and execution, navigating the future of first-party data with GA4, and operationalizing data privacy without sacrificing marketing performance.Recent trends emphasize the growing importance of data-driven insights, the shift to first-party data amid a cookieless future, and the rising need for privacy-conscious marketing. Our guest, Monika Boldak, Associate Director of Marketing at Napkyn, a trusted digital analytics consultancy and certified Google Marketing Platform Sales Partner, shares expert guidance to help businesses leverage their data effectively and responsibly.Key Highlights:1. Bridging Strategy and Execution: What a strong data foundation really means and why many organizations struggle to connect analytics tools to meaningful business outcomes.2. GA4 and First-Party Data: Common challenges with GA4 adoption, avoiding pitfalls like collecting PII, and future-proofing data strategy with BigQuery and Consent Mode.3. Data Privacy & Marketing Performance: How Canadian businesses can comply with privacy laws like PIPEDA and Quebec's Law 25 while maintaining effective, customer-first marketing strategies.4. Connecting Analytics & Advertising: A success story of improving ad performance and reducing costs by linking offline conversions with Google Ads.5. Upcoming DMFS Canada Summit: Insights on Napkyn's participation and how marketers can responsibly use first-party data to build trust, loyalty, and better marketing outcomes.Special Thanks to Our Partners:RBC: https://www.rbcroyalbank.com/dms/business/accounts/beyond-banking/index.htmlUPS: https://solutions.ups.com/ca-beunstoppable.html?WT.mc_id=BUSMEWAGoogle: https://www.google.ca/For more expert insights, visit www.canadiansme.ca and subscribe to the CanadianSME Small Business Magazine. Stay innovative, stay informed, and thrive in the digital age!Disclaimer: The information shared in this podcast is for general informational purposes only and should not be considered as direct financial or business advice. Always consult with a qualified professional for advice specific to your situation.

This week we're joined by Julia Fallon, Executive Director of the State Educational Technology Directors Association (SETDA) and she shines a light on the appeal of school systems to cyber attackers. (HINT: it is access to PII to open credit cards, mortgages and more in the name of children that often is only detected many years later.) We also discuss the connection between schools and insurance companies, trends in how school systems are fortifying their security measures, the evolution of infosec to become a front office issue, and what schools can do to integrate cybersecurity into curriculums to both bolster security and lay a pathway for future cyber professionals.   Julia Fallon is the Executive Director of the State Educational Technology Directors Association (SETDA), where she works with U.S. state and territorial digital learning leaders to empower the education community to leverage technology for learning, teaching, and school operations. Involved with learning technologies since 1989, her professional interest lies in making the case for public school systems wherein educators are able to optimize technology-rich learning environments to equitably engage the learners who fill their classrooms. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e339

In this episode of The Good Life EDU Podcast, host Andrew Easton reconnects with longtime friend (and podcast guest) Rachelle Dene Poth for a timely and insightful discussion about the legal implications of AI in education. Drawing from her experience as an educator, speaker, and attorney, Rachelle unpacks some of the critical and often overlooked considerations educators should keep in mind when integrating AI tools into schools and classrooms. Listeners will learn: Why AI literacy goes far beyond knowing how to use tools How AI is being misused in cases of cyberbullying—and what educators should know What legal considerations (like FERPA and COPPA) apply to AI tools in schools The dangers of uploading PII to generative AI models How to foster a district culture of responsible AI use for both staff and students Whether you're just starting to explore AI or you're leading its implementation in your district, this conversation offers valuable guidance on what to prioritize and how to stay compliant and ethical in the process. Connect with Rachelle and explore her work: Website/Blog: www.rdene915.com Socials: @Rdene915 (Instagram, X, Threads, LinkedIn) Recent Books Released: How to Teach AI and What the Tech

Kory Daniels, Chief Information Security Officer at Trustwave,  highlights the unique cybersecurity challenges facing the healthcare industry, particularly in this environment of funding constraints and the increasing sophistication of cyberattacks. Healthcare data is highly valuable to cybercriminals, who can use it for ransomware attacks, identity and insurance fraud, and other nefarious purposes. AI can be part of both the attack and the solution, helping to build in more cyber resilience and awareness about vulnerabilities. Kory explains, "Healthcare is a prime target for cyberattacks for a very fundamental reason. When human lives are at risk due to a criminal objective—which is to make money—they view organizations where human lives are at risk as a greater potential and opportunity. Facilitation of ransomware payments: Ransomware is one of the largest tactics that criminals use to achieve financial gain, but it's not the only tactic they use to achieve financial gain. So, they're looking to exploit the fear and uncertainty, putting patient lives at risk and adding complexity to patient care through their nefarious actions. But also, healthcare data is very attractive for cybercriminals, and just criminal activity in general. And why that is, is that criminals are looking at healthcare data even more so—it's more valuable than driver's license data." "Look at the opportunity of what you can do with healthcare records, and what can you do with PII, Personally Identifiable Information. Threat actors are tapping into this data in several different ways to achieve the additional financial gain above and beyond targeting a healthcare organization with a ransomware attack." "But they're also committing fraud, and fraud toward healthcare insurers, and looking at submitting false claims, fraud against the prescription drug industry in terms of soliciting and looking to obtain prescription drugs through nefarious means, but utilizing data and identity data that comes from hospital and healthcare records. There are a variety of different ways that we've just scratched the surface on, which make the healthcare industry such a desirable target for those seeking to achieve financial gain in the criminal industry." #Trustwave #Cybersecurity #CyberAttacks #HealthcareSecurity #HealthcareIT #CISOInsights trustwave.com Download the transcript here

Kory Daniels, Chief Information Security Officer at Trustwave,  highlights the unique cybersecurity challenges facing the healthcare industry, particularly in this environment of funding constraints and the increasing sophistication of cyberattacks. Healthcare data is highly valuable to cybercriminals, who can use it for ransomware attacks, identity and insurance fraud, and other nefarious purposes. AI can be part of both the attack and the solution, helping to build in more cyber resilience and awareness about vulnerabilities. Kory explains, "Healthcare is a prime target for cyberattacks for a very fundamental reason. When human lives are at risk due to a criminal objective—which is to make money—they view organizations where human lives are at risk as a greater potential and opportunity. Facilitation of ransomware payments: Ransomware is one of the largest tactics that criminals use to achieve financial gain, but it's not the only tactic they use to achieve financial gain. So, they're looking to exploit the fear and uncertainty, putting patient lives at risk and adding complexity to patient care through their nefarious actions. But also, healthcare data is very attractive for cybercriminals, and just criminal activity in general. And why that is, is that criminals are looking at healthcare data even more so—it's more valuable than driver's license data." "Look at the opportunity of what you can do with healthcare records, and what can you do with PII, Personally Identifiable Information. Threat actors are tapping into this data in several different ways to achieve the additional financial gain above and beyond targeting a healthcare organization with a ransomware attack." "But they're also committing fraud, and fraud toward healthcare insurers, and looking at submitting false claims, fraud against the prescription drug industry in terms of soliciting and looking to obtain prescription drugs through nefarious means, but utilizing data and identity data that comes from hospital and healthcare records. There are a variety of different ways that we've just scratched the surface on, which make the healthcare industry such a desirable target for those seeking to achieve financial gain in the criminal industry." #Trustwave #Cybersecurity #CyberAttacks #HealthcareSecurity #HealthcareIT #CISOInsights trustwave.com Listen to the podcast here

If you like what you hear, please subscribe, leave us a review and tell a friend!

Recent digital developments show a growing gap between technological innovation and the protections needed to safeguard privacy, autonomy, and society at large. A string of high-profile incidents showcases the systemic vulnerabilities across sectors.Data breaches remain rampant. LexisNexis Risk Solutions, a leading data broker, suffered a breach via a third-party vendor, compromising the PII of over 364,000 individuals. This underscores the inherent risks of outsourcing sensitive data and the challenge of securing even “security-focused” firms.Retail giants like Cartier, Victoria's Secret, Harrods, and Marks & Spencer have been targeted by cyberattacks, exposing customer data and causing disruptions. Notably, Marks & Spencer reported potential losses of up to £300 million. Credential-stuffing attacks, such as the one affecting The North Face, exploit reused passwords from earlier breaches, emphasizing the cascading risks of weak user hygiene.Social media platforms are still vulnerable. A scraping operation exposed data from 1.2 billion Facebook users due to a public API flaw—reaffirming that even mature platforms are prone to exploitation when data is monetizable at scale.Government surveillance is expanding in concerning ways. The U.S. has collected DNA from over 133,000 migrant children—many without criminal charges—and stored it in a national criminal database. This raises major ethical concerns about consent, privacy, and the erosion of legal norms like the presumption of innocence.Brazil's dWallet initiative offers a contrasting vision: enabling citizens to monetize their personal data. While empowering, it also prompts questions about equity, digital literacy, and the unintended consequences of commodifying identity.AI tools are now weaponizing digital footprints. “YouTube-Tools” scrapes public comments and uses AI to infer users' locations, political views, and more—posing risks of harassment and surveillance, despite being marketed for law enforcement.LLMs show serious limitations in sustained, autonomous operations. Simulations involving AI running simple businesses failed dramatically—some models contacted the FBI, others misunderstood basic logic, showing how far AI remains from reliable real-world decision-making.AI ethics research via "SnitchBench" shows that some models will autonomously report unethical behavior, raising questions around AI moral agency and alignment—specifically, when and how AI should intervene in human affairs.Finally, a grave data leak in Russia revealed nuclear infrastructure details through a procurement portal—due to careless document handling. This illustrates that critical security failures often originate not from elite hacks, but from bureaucratic neglect.

Do you REALLY know what cookies are? Like really, REALLY know? What about GDPR? What about PII?I know the words. But what do they REALLY mean? I enlisted the help of Eddie "The Techie" Aguilar to help me simplify some of these complex topics, and help me create meaningful next steps on how to address PII concerns and other marketing-related issues in data collection. We got into:- Simplified definitions of cookies, data collection, GDPR, etc. (I'm stupid and like hearing things simplified from smart people)- First vs. Third part cookies (and what it means to your marketing program)- A/B testing and the importance of NOT collecting PII in your testing toolsTimestamps:00:00 Episode Start2:31 What is a Cookie?7:41 How Cookies Have Been Used Maliciously (Lack of Consent)9:51 First Party vs. Third Party Data13:11 Opting Out of Cookies (Explained)14:45 GDPR28:20 A/B Testing and Cookies37:30 PII and A/B testingGo follow Eddie Aguilar on LinkedIn: https://www.linkedin.com/in/whoiseddie/ Also go follow Shiva Manjunath on LinkedIn: ⁠https://www.linkedin.com/in/shiva-manjunath/⁠Subscribe to our newsletter for more memes, clips, and awesome content! https://fromatob.beehiiv.com/And go get your free ticket for the Women in Experimentation - you might even be entered to win some From A to B merch! : https://tinyurl.com/FromAtoB-WIE

Join Oyster experts as they provide real-world insight into the shifting CAT and CAIS landscape, including:The current regulatory focus on removing PII information from CAIS reportingImplementation uncertainty - where FINRA guidance falls shortMember firms grappling with the scope of PII removal at account and customer levelsBlue sheets and CAIS - redundant reporting and integration challengesCAT reporting's critical role in market surveillance during volatile trading periodsHow the multi-year phased implementation approach provides a potential model for future regulationsOyster Consulting has the expertise, experience and licensed professionals you need, all under one roof. Follow us on LinkedIn to take advantage of our industry insights or subscribe to our monthly newsletter. Does your firm need help now? Contact us today!

At RSAC Conference 2025, Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, joined ITSPmagazine to share critical insights into the dual role AI is playing in cybersecurity today—and what Akamai is doing about it.Chokshi lays out the landscape with clarity: while AI is unlocking powerful new capabilities for defenders, it's also accelerating innovation for attackers. From bot mitigation and behavioral DDoS to adaptive security engines, Akamai has used machine learning for over a decade to enhance protection, but the scale and complexity of threats have entered a new era.The API and Web Application Threat SurgeReferencing Akamai's latest State of the Internet report, Chokshi cites a 33% year-over-year rise in web application and API attacks—topping 311 billion threats. More than 150 billion of these were API-related. The reason is simple: APIs are the backbone of modern applications, yet many organizations lack visibility into how many they have or where they're exposed. Shadow and zombie APIs are quietly expanding attack surfaces without sufficient monitoring or defense.Chokshi shares that in early customer discovery sessions, organizations often uncover tens of thousands of APIs they weren't actively tracking—making them easy targets for business logic abuse, credential theft, and data exfiltration.Introducing Akamai's Firewall for AIAkamai is addressing another critical gap with the launch of its new Firewall for AI. Designed for both internal and customer-facing generative AI applications, this solution focuses on securing runtime environments. It detects and blocks issues like prompt injection, PII leakage, and toxic language using scalable, automated analysis at the edge—reducing friction for deployment while enhancing visibility and governance.In early testing, Akamai found that 6% of traffic to a single LLM-based customer chatbot involved suspicious activity. That volume—within just 100,000 requests—highlights the urgency of runtime protections for AI workloads.Enabling Security LeadershipChokshi emphasizes that modern security teams must engage collaboratively with business and data teams. As AI adoption outpaces security budgets, CISOs are looking for trusted, easy-to-deploy solutions that enable—not hinder—innovation. Akamai's goal: deliver scalable protections with minimal disruption, while helping security leaders shoulder the growing burden of AI risk.Learn more about Akamai: https://itspm.ag/akamailbwcNote: This story contains promotional content. Learn more.Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, rupesh chokshi, akamai, rsac, ai, security, cisos, api, firewall, llm, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this week's episode, Drew and Joe explore ethical considerations to running research.  They'll cover everything from PII, to delicate topics, to ensuring you're treating your participants right.  Send us a textSupport the showSend your questions to InsideUXR@gmail.comVisit us on LinkedIn, or our website, at www.insideUXR.comCredits:Art by Kamran HanifTheme music by NearbysoundVoiceover by Anna V

Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can't be a one-time effortEpisode highlights:(00:00) Today's topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Send us a textToday we are diving into a topic that impacts just about everyone in this age where technology is a part of our day-to-day lives. That topic is how to protect our “personally identifiable information”, also known as PII and application security. From financial transactions to healthcare records, protecting ourselves in the digital world has become increasingly important. Joining us this week to talk about protecting your personally identifiable information is Dennis Brice, Chief Information Officer at DECAL, and Rahda Datla, our Chief Technology and Security Information Officer. With their experience and knowledge, we will discuss threats, solutions, and steps that everyone can take to protect their digital identity. Support the show

In this conversation, Michael Brown, CEO of CLOUDNINE AI, discusses the challenges and opportunities in enterprise AI applications, particularly focusing on data interoperability and privacy. He highlights the historical context of data collection in enterprises, the interoperability issues faced by various systems, and the unique challenges posed by large language models (LLMs) trained on public data. The discussion also delves into the importance of securing personally identifiable information (PII) and the processes involved in filtering and encrypting sensitive data. Brown shares insights into how CLOUDNINE AI addresses these challenges through innovative solutions, including the creation of digital twins and the management of dynamic data privacy rules across different regions. In this conversation, Michael Brown discusses the company's data management solutions, the onboarding process for clients, and the challenges of data privacy. He emphasizes the importance of understanding client needs and the evolving landscape of technology, particularly for Gen Z professionals looking to enter the field. The discussion also touches on personal insights and preferences, including Michael's favorite comfort food.

Expert financial technology consultant Eric Baumgardner from Osaic speaks about the latest news and updates about AI, artificial intelligence, as it relates to financial services. Hear him discuss regulatory compliance issues, data privacy and the interesting application of note-taking.  What are "hallucinations" and why is that a concern?  Eric talks about in-house versus integration services, as well as PII data versus using placeholders.

The security automation landscape is undergoing a revolutionary transformation as AI reasoning capabilities replace traditional rule-based playbooks. In this episode of Detection at Scale, Oliver Friedrichs, Founder & CEO of Pangea, helps Jack unpack how this shift democratizes advanced threat detection beyond Fortune 500 companies while simultaneously introducing an alarming new attack surface.  Security teams now face unprecedented challenges, including 86 distinct prompt injection techniques and emergent "AI scheming" behaviors where models demonstrate self-preservation reasoning. Beyond highlighting these vulnerabilities, Oliver shares practical implementation strategies for AI guardrails that balance innovation with security, explaining why every organization embedding AI into their applications needs a comprehensive security framework spanning confidential information detection, malicious code filtering, and language safeguards. Topics discussed: The critical "read versus write" framework for security automation adoption: organizations consistently authorized full automation for investigative processes but required human oversight for remediation actions that changed system states. Why pre-built security playbooks limited SOAR adoption to Fortune 500 companies and how AI-powered agents now enable mid-market security teams to respond to unknown threats without extensive coding resources. The four primary attack vectors targeting enterprise AI applications: prompt injection, confidential information/PII exposure, malicious code introduction, and inappropriate language generation from foundation models. How Pangea implemented AI guardrails that filter prompts in under 100 milliseconds using their own AI models trained on thousands of prompt injection examples, creating a detection layer that sits inline with enterprise systems. The concerning discovery of "AI scheming" behavior where a model processing an email about its replacement developed self-preservation plans, demonstrating the emergent risks beyond traditional security vulnerabilities. Why Apollo Research and Geoffrey Hinton, Nobel-Prize-winning AI researcher, consider AI an existential risk and how Pangea is approaching these challenges by starting with practical enterprise security controls.   Check out Pangea.com  

After serving for nearly 18 months as the Department of Defense's first-ever customer experience officer in the Office of the CIO, Savan Kong earlier this month parted ways with the Pentagon. Previously a member of the Defense Digital Service during his first tour of duty with the DOD, Kong helped build the department's CXO office from scratch, fostering a culture that prioritizes the needs of service members, civilians, and mission partners and striving to streamline governance processes, improve transparency, and ensure that IT solutions meet operational needs. Kong joins the Daily Scoop for a conversation to share the progress his office ushered in to improve customer experience for DOD's personnel, where things are headed under this administration and how AI will impact the CX space. FedRAMP is getting another overhaul, one that will involve far more automation and a greater role for the private sector, the program's chief announced Monday. Through FedRAMP 20x, the General Services Administration-based team focused on the program aims to simplify the authorization process and reduce the amount of time needed to approve a service from months to weeks, Director Pete Waterman said during an Alliance for Digital Innovation event. The private sector will also have increased responsibility over monitoring of their systems, he noted. In a critical change, agency sponsorship will — eventually — no longer be necessary to win authorization. As a first step, FedRAMP has launched four community working groups, which give the public a chance to share feedback, and focus on creating “innovative solutions” to formalize the program's standards. But in the meantime, Waterman said existing baselines will remain in place and there are no immediate changes to the program. The Office of Personnel Management and the departments of Treasury and Education are now barred from sharing individuals' personally identifiable information with DOGE representatives, a federal judge ruled Monday. Judge Deborah L. Boardman of the U.S. District Court for the District of Maryland said in her decision that in granting associates with Elon Musk's so-called government efficiency initiative access to systems containing plaintiffs' PII, the agencies “likely violated” the Privacy Act and the Administrative Procedure Act. The lawsuit was filed by the American Federation of Teachers, the International Association of Machinists and Aerospace Workers, the International Federation of Professional and Technical Engineers, the National Active and Retired Federal Employees Association, the National Federation of Federal Employees, and six military veterans. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Send us a textIn this episode of The Data Diva Talks Privacy podcast, host Debbie Reynolds welcomes back Kenya Dixon, litigation partner at Nelson Mullins and former Director of White House Information Governance. Their discussion centers on government data privacy, the impact of artificial intelligence on federal records, and the importance of following proper protocols in handling personal information.Kenya provides insight into the Privacy Act of 1974, which was enacted in response to concerns about government misuse of personal data. She explains how federal agencies are required to follow structured processes when handling personally identifiable information (PII) and creating new systems of record. The conversation delves into the recent controversies surrounding the government's data practices, including concerns over the lack of transparency regarding artificial intelligence and data consolidation efforts. Kenya emphasizes that while the government has a right to upgrade its technology and streamline data processes, the public must be informed through proper documentation and procedural adherence.The discussion also touches on the role of artificial intelligence in government data management and the potential concerns regarding private entities' access to government-held personal information. Kenya highlights the importance of public engagement and awareness in privacy-related matters, encouraging individuals to stay informed, participate in democratic processes, and understand how their data is used. She also shares her experiences from her time in government, addressing misinformation and misconceptions about data handling in federal agencies.As privacy issues continue to make headlines, Kenya and Debbie explore the broader implications of data governance, cybersecurity regulations, and the likelihood of federal privacy legislation. They conclude by stressing the significance of state-level privacy laws, the role of AI in shaping the future of data governance, and the ongoing need for transparency in government data practices. This episode offers valuable insights for privacy professionals, policymakers, and anyone interested in the evolving landscape of data privacy.Support the show

1. Why Should I Change My Passwords Immediately?Recent studies show that around 50% of online passwords are already compromised, and 41% of successful logins involve breached credentials. Common passwords like “123456” and password reuse make it easy for cybercriminals—especially with automated bots—to access multiple accounts. Changing passwords and using unique, strong credentials with multi-factor authentication is critical for security.Starting March 28th, all Alexa requests will be processed in Amazon's cloud, regardless of previous settings. Amazon claims this supports new AI features, but it means even users who opted out of saving voice recordings will now have all interactions recorded and sent to Amazon. This also impacts features like Voice ID, which won't function without stored voice data. While Amazon encrypts transmissions and provides some privacy controls, this shift raises concerns about increased data collection and potential personalization for shopping.Microsoft will stop providing free security updates for Windows 10 in October 2025, leaving charities that refurbish and donate older PCs with limited options. Many of these computers cannot run Windows 11, forcing organizations to choose between using an insecure OS, transitioning to Linux, or discarding hardware—contributing to electronic waste. While Linux is a secure, free alternative, its unfamiliar interface may pose usability challenges for some recipients, especially seniors.StilachiRAT is a newly discovered remote access trojan (RAT) targeting cryptocurrency wallets like MetaMask and Coinbase Wallet. This malware remains undetected on infected systems, stealing sensitive data, including credentials stored in browsers like Chrome. By accessing login credentials, attackers can drain funds from wallets. StilachiRAT also collects system data, increasing victims' exposure. While not widespread yet, its advanced capabilities make it a serious threat to crypto users.A Chinese state-sponsored hacking group remained undetected in a small Massachusetts power utility for over 300 days, showing that even lesser-known infrastructure is a target for cyber espionage. Attackers can use these breaches to test methods, gain footholds in critical networks, and extract operational data such as grid layouts. This underscores the need for robust security measures, continuous monitoring, and multi-factor authentication for all organizations, especially in critical sectors.Anthropic CEO Dario Amodei warns that state-sponsored actors, likely from China, are trying to steal “algorithmic secrets” from US AI firms. Some critical algorithms, despite representing massive investments (potentially $100 million), are just a few lines of code, making them easy to exfiltrate if security is breached. Amodei argues that the US government should take stronger action to protect these assets from industrial espionage.Allstate Insurance's National General unit had websites that displayed personally identifiable information (PII) in plaintext during the quote process. When users entered their name and address, the system exposed full driver's license numbers (DLNs) of the applicant and other residents at that address. Attackers used bots to harvest at least 12,000 DLNs, leading to fraudulent claims. This highlights the importance of secure website design and responsible data handling to prevent unauthorized access.

Send us a textIn this engaging episode of the Customer Success Playbook Podcast, host Kevin Metzger sits down with Gilad Shriki from The Scope to explore how FunnelStory is transforming customer success operations. With seamless integration capabilities and a robust automation-first approach, FunnelStory is setting a new standard for customer success platforms.Gilad shares insights into how his team successfully integrated FunnelStory with BigQuery, HubSpot, and Segment, all while maintaining strict data privacy protocols. He also discusses how AI-driven automation is enhancing customer sentiment analysis and churn prediction, giving CS teams an edge in proactive engagement.Is Funnel Story truly a one-stop shop for customer success? Can businesses of all sizes leverage its automation without sacrificing human interaction? Listen in as Gilad provides a firsthand account of his experience and why he believes FunnelStory is reshaping the future of customer success management.Detailed Episode Insights:Seamless Integration: How The Scope connected FunnelStory with their existing data stack while maintaining PII privacy.Automation at the Core: Why starting with automation before layering in human interaction changes the game for CS teams.AI-Powered Efficiency: How FunnelStory is accelerating time-to-value and making predictive insights more accessible.Scalability & Growth: Can FunnelStory support businesses up to $500M in revenue? Gilad shares his perspective.The Future of CS Tech: What's next for AI-powered customer success platforms?Now you can interact with us directly by leaving a voice message at https://www.speakpipe.com/CustomerSuccessPlaybookPlease Like, Comment, Share and Subscribe. You can also find the CS Playbook Podcast:YouTube - @CustomerSuccessPlaybookPodcastTwitter - @CS_PlaybookYou can find Kevin at:Metzgerbusiness.com - Kevin's person web siteKevin Metzger on Linked In.You can find Roman at:Roman Trebon on Linked In.

EP 234For the other 50%.  The IT Privacy and Security Weekly Update for the Week Ending March 18th., 20253/18/20250 CommentsEP 234- click the pic to hear the podcast -For our first story, Apparently there's a 50% chance your password is headlining a hacker convention.  Perhaps it's time to change up from ‘123456' (still the most commonly used password).Starting On March 28, Everything You Say To Your Echo Will Be Sent To Amazon.  Alexa's new motto: ‘Anything you say can and will be used—to personalize your shopping cart, and we mean potentially anything!'The end of Windows 10 Leaves PC Charities With Tough Choice:  Risk Windows 10, embrace Linux, or send Grandma's old PC straight to the tech graveyard?Then Microsoft flags a new threat draining crypto from top wallets.  Meet StilachiRAT, the malware so enthusiastic about your crypto it'll snatch it faster than you can configure your wallet software!Chinese Hackers Sat Undetected in a small Massachusetts power utility for months.  Who knew a cozy little power company could double as the perfect 300-day Airbnb for homeless cyber-spies?Anthropic CEO Says Spies Are After $100 Million AI Secrets in a 'Few Lines of Code'.  So when your fortune fits in a handful of lines, hitting Ctrl+C could be the new diamond heist.Finally,  Allstate Insurance gets sued for delivering PII in plaintext.  You're in good hands with Allstate, we just can't tell you whose.Let's update the other 50%!Find the full transcript to this podcast here.

A lawyer who's said to have played a central role in the Department of Government Efficiency's attempted takeover of at least one federal organization is now defending in court the DOGE email system used to send email blasts to the entire U.S. government workforce. During a Feb. 6 hearing, Jacob Altik joined the defense in the ongoing lawsuit where pseudonymous federal workers have accused the Office of Personnel Management of standing up its new governmentwide email system with inadequate privacy and security protections in place. While the defense introduced him at the time as being “from OPM,” counsel for the plaintiffs filed a new notice early Monday essentially connecting the dots that Altik, through other lawsuits and public reports, has played a hands-on role in supporting the DOGE. Altik was first identified as a DOGE lawyer with an official DOGE email address hosted by the Executive Office of the President in a ProPublica article from early February, the Monday legal notice notes. Then, Altik was identified in a separate ongoing lawsuit as working hand-in-hand with DOGE associates in the organization's attempt to dismantle the U.S. African Development Foundation. The DOGE is also in the spotlight in another case where state attorneys general have sued President Donald Trump and Treasury Secretary Scott Bessent challenging DOGE access to Treasury records. In the latest development in that litigation, DOGE staffer Marko Elez, who resigned in February after racist social media posts surfaced, is said to have shared personally identifiable information in a spreadsheet with two General Services Administration officials, according to the filing from a witness in the case. The testiomony explains that Elez shared names in the spreadsheet that are considered low risk PII because the names are not accompanied by more specific identifiers, such as social security numbers or birth dates. Still, the distribution of this spreadsheet was contrary to BFS policies, in that it was not sent encrypted, and he did not obtain prior approval of the transmission as required. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

In this episode of Generation AI, Ardis Kadiu and Dr. JC Bonilla unpack FERPA—the Family Educational Rights and Privacy Act—and its critical role in protecting student data within AI-driven educational tools. They clarify common misunderstandings around FERPA compliance, specifically addressing the handling of AI-powered student engagement platforms, chatbots, and data security practices. Learn how institutions can effectively utilize AI while safeguarding student privacy and maintaining compliance.Understanding FERPA Basics (00:00:07)Introduction of the topic based on questions from the AI Engagement SummitFERPA stands for Family Educational Rights and Privacy ActFederal law enacted in 1974 that protects privacy of student educational recordsApplies to institutions receiving US Department of Education fundingGrants students (or parents of minors) rights regarding their educational recordsWhat Constitutes Educational Records Under FERPA (00:07:33)Academic records including grades, transcripts, and course enrollmentPersonally identifiable information (PII) such as names, student IDs, birthdatesDisciplinary records and counseling informationFinancial aid and billing informationStudent communications with advisers, faculty, and staffInstitutions must maintain control and prevent unauthorized disclosureFERPA Compliance for Engagement Tools (00:08:52)Student data must remain protected from unauthorized accessInformation cannot be used for unintended purposes outside institutional contractsData must remain under the institution's control at all timesThe "school official exception" allows third-party vendors to access dataVendors must perform services the school would otherwise use its own staff forSchools must maintain direct control over records use and maintenanceVendor Contracts and FERPA Compliance (00:13:01)Contracts must clearly state vendors act as school officials bound by FERPAVendors cannot use student records outside the scope of their contractsInstitutions must retain full control over how student data is accessedImportance of granular access controls and role-based permissionsVendors should not use student data to train AI models without specific permissionData minimization principles should be followed in all AI processesData Security Requirements (00:15:51)Encryption requirements for data in transit and at restImportance of multifactor authenticationAccess logging to track who interacts with dataData deletion and retention policies must be clearly definedVendors should have clear procedures for data deletion after contract endsAudits and Compliance Monitoring (00:16:40)Vendors should comply with security and privacy standardsRegular security audits and compliance reviews by third partiesThe importance of SOC 2 Type 2 certification as the gold standardInstitutions' rights to conduct independent security auditsAI-Specific FERPA Concerns (00:18:50)Chatbots and AI assistants must follow proper verification protocolsAI-powered tools must adhere to role-based access permissionsRisks of using public AI tools like ChatGPT with student dataDirectory vs. non-directory information distinctionsThe dangers of uploading student data to non-FERPA compliant AI toolsAI Training and Data Use Risks (00:24:00)Many AI models store and use interactions for trainingRisks of unauthorized retention of student recordsImportance of checking data retention policies in AI toolsFree versions of AI tools typically don't offer data protection optionsPaid versions may have data retention turned on by defaultElement451's FERPA Compliance Approach (00:26:28)SOC 2 Type 2 compliance with third-party verificationData encryption in transit and at rest with additional field-level encryptionMultifactor authentication enforcementIdentity verification in AI chatbots before sharing any personal informationNo training on user data and anonymization of activity dataInstitution control over data deletion and visibility of all recordsAI inherits institutional security policies and access controlsClosing Thoughts (00:29:39)The importance of understanding FERPA in the AI contextBuilding trust through proper complianceAddressing misinformation around FERPA and AIInvitation for listeners to suggest future topics - - - -Connect With Our Co-Hosts:Ardis Kadiuhttps://www.linkedin.com/in/ardis/https://twitter.com/ardisDr. JC Bonillahttps://www.linkedin.com/in/jcbonilla/https://twitter.com/jbonillxAbout The Enrollify Podcast Network:Generation AI is a part of the Enrollify Podcast Network. If you like this podcast, chances are you'll like other Enrollify shows too! Enrollify is made possible by Element451 — the next-generation AI student engagement platform helping institutions create meaningful and personalized interactions with students. Learn more at element451.com. Attend the 2025 Engage Summit! The Engage Summit is the premier conference for forward-thinking leaders and practitioners dedicated to exploring the transformative power of AI in education. Explore the strategies and tools to step into the next generation of student engagement, supercharged by AI. You'll leave ready to deliver the most personalized digital engagement experience every step of the way.Register now to secure your spot in Charlotte, NC, on June 24-25, 2025! Early bird registration ends February 1st -- https://engage.element451.com/register

Cloud Connections 2025 Preview: BroadSource's SecurePII Takes Center Stage March 2025 – Technology Reseller News – BroadSource has officially launched SecurePII, a cutting-edge real-time redaction platform designed to protect Personally Identifiable Information (PII) in telecommunications networks. In a special Cloud Communications Alliance (CCA) podcast, Haydn Faltyn and Bill Placke from BroadSource joined Doug Green to discuss the technology, its market impact, and why service providers should take notice. The Growing Need for Real-Time PII Protection BroadSource has long been a leader in delivering technology solutions to cloud communications providers. With SecurePII, they are addressing a critical issue in telecommunications: how to protect PII that traverses carrier networks. The demand for real-time data redaction has surged due to increasing regulatory requirements, including CCPA, GDPR, HIPAA, and the evolving PCI DSS 4.0 standard. Faltyn explains: “We launched SecureCall as a PCI-compliant platform for credit card redaction last year. But service providers and enterprises alike need more—protection beyond just payment information. SecurePII extends our technology to safeguard all forms of personal data in voice communications.” Shifting the Compliance Conversation Placke highlights the legal and compliance challenges that enterprises face, as regulators worldwide introduce stricter measures around data privacy. “Legal teams are often forced to say ‘no' to new initiatives because of concerns over PII exposure. SecurePII flips the script—by redacting sensitive data in real time, businesses can fully leverage AI, analytics, and automation without compliance roadblocks.” A Game Changer for AI-Driven Business Communications The rise of AI and large language models (LLMs) has created a data dilemma for enterprises: how can they safely utilize voice data for AI applications, customer analytics, and automation without violating data privacy laws? With SecurePII, BroadSource provides a solution that allows organizations to extract value from their data without storing or processing sensitive customer information. By removing PII in real-time, businesses can: Enhance AI training models without compliance risks Increase customer trust by ensuring privacy protection Reduce operational risks and costs associated with data breaches and regulatory fines Impact on Contact Centers and CX A core use case for SecurePII is contact centers, where credit card details, account numbers, and personal information are frequently exchanged over voice channels. The platform ensures: Seamless transactions without the risk of human agents being exposed to sensitive data A frictionless customer experience that retains the personal touch while safeguarding information Higher revenue retention—BroadSource has observed a 9% increase in revenue when businesses implement SecurePII in customer interactions BroadSource's SecurePII Roadmap and Upcoming Events The launch of SecurePII marks a new strategic direction for BroadSource, emphasizing data security as a core value for service providers. Faltyn and Placke will be presenting SecurePII at: Cavell's Summit Europe 2025 – A premier event for cloud communications leaders Cloud Connections 2025 (CCA Conference, St. Petersburg, FL) – Where BroadSource will showcase SecurePII's capabilities to global service providers Where to Learn More SecurePII is now live, and service providers can integrate it into their networks today. BroadSource has also launched a dedicated website for SecurePII, providing resources, case studies, and implementation details. Visit: www.securepii.cloud BroadSource's mission is clear—to empower service providers with the tools to protect their networks, comply with global regulations, and enable the future of AI-driven business communications. With SecurePII,

Recently there was some online complaints about social security numbers (SSNs) in the US being duplicated and re-used by individuals. This is really political gamesmanship, so ignore the political part. Just know that social security numbers appear to be one of the contenders used in many data models. I found a good piece about how SSNs aren't unique, and have a mess of problems. Despite this, many people seem to want to use SSNs as a primary or alternate key in their database systems. They also aren't well secured in many systems, even though we should consider this sensitive PII data. Read the rest of A Poor Data Model

Having your identity stolen is a catastrophe. You can lose your reputation, your credit rating, your money, your home or even be accused of fraud yourself.To victims, ID theft feels like a single, earth-shattering event. But it's likely that the hacker has been stealing different aspects of your identity over time.Your name, address, email address, phone number, bank account number, passport number, medical records and log-in credentials are all valuable bits of information to hackers. Combined, they may be enough for a digital hit on you and your bank account.In the latest Unseen Money podcast, Timur Yunusov and I explore the “personally identifiable information” or “PII” that enables hackers to impersonate and rob us.PII is now traded amongst fraudsters as a commodity. But what kind is most valuable to criminals? Where do they get it? How do they use it in scams? Once we've lost our PII, is there anything we can do?Listen on for more.

Unlock the secrets of real-time merchant intelligence with Oban MacTavish, the innovative co-founder and CEO of Spade.  Discover how his early fascination with stock trading and technology laid the foundation for launching Spade in 2021. Oban reveals how Spade revolutionizes card payment data by integrating firmographic insights for fraud prevention and payment optimization, setting new standards in the US market. With ambitious expansion plans on the horizon, you'll learn how Spade is transforming the way card issuers comprehend consumer spending patterns.Our conversation takes a deep dive into the world of data security, a crucial aspect of B2B operations. Oban details the significance of operating without personally identifiable information (PII) and achieving SOC 2 Type 2 compliance, ensuring rigorous security protocols are in place. From humble beginnings during the pandemic to creating a comprehensive data network for banks, Oban shares the challenges and triumphs that have defined Spade's journey. Beyond the professional realm, he gives us a glimpse into his personal life, sharing his passion for cooking and exploring culinary delights with his wife's baking prowess. This episode is a treasure trove of insights for anyone interested in fintech innovation, entrepreneurship, and the stories that drive groundbreaking ideas.

In this session, we dove into the critical topic of what obligations we have to track personal information (PII, PHI, PCI, PBI) that firms are storing. We explored effective strategies for tracking this sensitive data and discussed the best practices businesses can implement to ensure compliance. Learn how to report this information accurately to clients and risk insurance companies, while minimizing risks and maintaining data security. Whether you're in a small firm or large enterprise, this episode offers valuable insights on safeguarding personal data and meeting reporting requirements. Moderator: @Madeleine La Cour- Director, Business Intake and Records, Baker Botts L.L.P Speaker: @Randy Curato- Vice President-Senior Loss Prevention Counsel, ALAS, Lt Recorded on 02-19-2025.

Did you know that adding a simple Code Interpreter took o3 from 9.2% to 32% on FrontierMath? The Latent Space crew is hosting a hack night Feb 11th in San Francisco focused on CodeGen use cases, co-hosted with E2B and Edge AGI; watch E2B's new workshop and RSVP here!We're happy to announce that today's guest Samuel Colvin will be teaching his very first Pydantic AI workshop at the newly announced AI Engineer NYC Workshops day on Feb 22! 25 tickets left.If you're a Python developer, it's very likely that you've heard of Pydantic. Every month, it's downloaded >300,000,000 times, making it one of the top 25 PyPi packages. OpenAI uses it in its SDK for structured outputs, it's at the core of FastAPI, and if you've followed our AI Engineer Summit conference, Jason Liu of Instructor has given two great talks about it: “Pydantic is all you need” and “Pydantic is STILL all you need”. Now, Samuel Colvin has raised $17M from Sequoia to turn Pydantic from an open source project to a full stack AI engineer platform with Logfire, their observability platform, and PydanticAI, their new agent framework.Logfire: bringing OTEL to AIOpenTelemetry recently merged Semantic Conventions for LLM workloads which provides standard definitions to track performance like gen_ai.server.time_per_output_token. In Sam's view at least 80% of new apps being built today have some sort of LLM usage in them, and just like web observability platform got replaced by cloud-first ones in the 2010s, Logfire wants to do the same for AI-first apps. If you're interested in the technical details, Logfire migrated away from Clickhouse to Datafusion for their backend. We spent some time on the importance of picking open source tools you understand and that you can actually contribute to upstream, rather than the more popular ones; listen in ~43:19 for that part.Agents are the killer app for graphsPydantic AI is their attempt at taking a lot of the learnings that LangChain and the other early LLM frameworks had, and putting Python best practices into it. At an API level, it's very similar to the other libraries: you can call LLMs, create agents, do function calling, do evals, etc.They define an “Agent” as a container with a system prompt, tools, structured result, and an LLM. Under the hood, each Agent is now a graph of function calls that can orchestrate multi-step LLM interactions. You can start simple, then move toward fully dynamic graph-based control flow if needed.“We were compelled enough by graphs once we got them right that our agent implementation [...] is now actually a graph under the hood.”Why Graphs?* More natural for complex or multi-step AI workflows.* Easy to visualize and debug with mermaid diagrams.* Potential for distributed runs, or “waiting days” between steps in certain flows.In parallel, you see folks like Emil Eifrem of Neo4j talk about GraphRAG as another place where graphs fit really well in the AI stack, so it might be time for more people to take them seriously.Full Video EpisodeLike and subscribe!Chapters* 00:00:00 Introductions* 00:00:24 Origins of Pydantic* 00:05:28 Pydantic's AI moment * 00:08:05 Why build a new agents framework?* 00:10:17 Overview of Pydantic AI* 00:12:33 Becoming a believer in graphs* 00:24:02 God Model vs Compound AI Systems* 00:28:13 Why not build an LLM gateway?* 00:31:39 Programmatic testing vs live evals* 00:35:51 Using OpenTelemetry for AI traces* 00:43:19 Why they don't use Clickhouse* 00:48:34 Competing in the observability space* 00:50:41 Licensing decisions for Pydantic and LogFire* 00:51:48 Building Pydantic.run* 00:55:24 Marimo and the future of Jupyter notebooks* 00:57:44 London's AI sceneShow Notes* Sam Colvin* Pydantic* Pydantic AI* Logfire* Pydantic.run* Zod* E2B* Arize* Langsmith* Marimo* Prefect* GLA (Google Generative Language API)* OpenTelemetry* Jason Liu* Sebastian Ramirez* Bogomil Balkansky* Hood Chatham* Jeremy Howard* Andrew LambTranscriptAlessio [00:00:03]: Hey, everyone. Welcome to the Latent Space podcast. This is Alessio, partner and CTO at Decibel Partners, and I'm joined by my co-host Swyx, founder of Smol AI.Swyx [00:00:12]: Good morning. And today we're very excited to have Sam Colvin join us from Pydantic AI. Welcome. Sam, I heard that Pydantic is all we need. Is that true?Samuel [00:00:24]: I would say you might need Pydantic AI and Logfire as well, but it gets you a long way, that's for sure.Swyx [00:00:29]: Pydantic almost basically needs no introduction. It's almost 300 million downloads in December. And obviously, in the previous podcasts and discussions we've had with Jason Liu, he's been a big fan and promoter of Pydantic and AI.Samuel [00:00:45]: Yeah, it's weird because obviously I didn't create Pydantic originally for uses in AI, it predates LLMs. But it's like we've been lucky that it's been picked up by that community and used so widely.Swyx [00:00:58]: Actually, maybe we'll hear it. Right from you, what is Pydantic and maybe a little bit of the origin story?Samuel [00:01:04]: The best name for it, which is not quite right, is a validation library. And we get some tension around that name because it doesn't just do validation, it will do coercion by default. We now have strict mode, so you can disable that coercion. But by default, if you say you want an integer field and you get in a string of 1, 2, 3, it will convert it to 123 and a bunch of other sensible conversions. And as you can imagine, the semantics around it. Exactly when you convert and when you don't, it's complicated, but because of that, it's more than just validation. Back in 2017, when I first started it, the different thing it was doing was using type hints to define your schema. That was controversial at the time. It was genuinely disapproved of by some people. I think the success of Pydantic and libraries like FastAPI that build on top of it means that today that's no longer controversial in Python. And indeed, lots of other people have copied that route, but yeah, it's a data validation library. It uses type hints for the for the most part and obviously does all the other stuff you want, like serialization on top of that. But yeah, that's the core.Alessio [00:02:06]: Do you have any fun stories on how JSON schemas ended up being kind of like the structure output standard for LLMs? And were you involved in any of these discussions? Because I know OpenAI was, you know, one of the early adopters. So did they reach out to you? Was there kind of like a structure output console in open source that people were talking about or was it just a random?Samuel [00:02:26]: No, very much not. So I originally. Didn't implement JSON schema inside Pydantic and then Sebastian, Sebastian Ramirez, FastAPI came along and like the first I ever heard of him was over a weekend. I got like 50 emails from him or 50 like emails as he was committing to Pydantic, adding JSON schema long pre version one. So the reason it was added was for OpenAPI, which is obviously closely akin to JSON schema. And then, yeah, I don't know why it was JSON that got picked up and used by OpenAI. It was obviously very convenient for us. That's because it meant that not only can you do the validation, but because Pydantic will generate you the JSON schema, it will it kind of can be one source of source of truth for structured outputs and tools.Swyx [00:03:09]: Before we dive in further on the on the AI side of things, something I'm mildly curious about, obviously, there's Zod in JavaScript land. Every now and then there is a new sort of in vogue validation library that that takes over for quite a few years and then maybe like some something else comes along. Is Pydantic? Is it done like the core Pydantic?Samuel [00:03:30]: I've just come off a call where we were redesigning some of the internal bits. There will be a v3 at some point, which will not break people's code half as much as v2 as in v2 was the was the massive rewrite into Rust, but also fixing all the stuff that was broken back from like version zero point something that we didn't fix in v1 because it was a side project. We have plans to move some of the basically store the data in Rust types after validation. Not completely. So we're still working to design the Pythonic version of it, in order for it to be able to convert into Python types. So then if you were doing like validation and then serialization, you would never have to go via a Python type we reckon that can give us somewhere between three and five times another three to five times speed up. That's probably the biggest thing. Also, like changing how easy it is to basically extend Pydantic and define how particular types, like for example, NumPy arrays are validated and serialized. But there's also stuff going on. And for example, Jitter, the JSON library in Rust that does the JSON parsing, has SIMD implementation at the moment only for AMD64. So we can add that. We need to go and add SIMD for other instruction sets. So there's a bunch more we can do on performance. I don't think we're going to go and revolutionize Pydantic, but it's going to continue to get faster, continue, hopefully, to allow people to do more advanced things. We might add a binary format like CBOR for serialization for when you'll just want to put the data into a database and probably load it again from Pydantic. So there are some things that will come along, but for the most part, it should just get faster and cleaner.Alessio [00:05:04]: From a focus perspective, I guess, as a founder too, how did you think about the AI interest rising? And then how do you kind of prioritize, okay, this is worth going into more, and we'll talk about Pydantic AI and all of that. What was maybe your early experience with LLAMP, and when did you figure out, okay, this is something we should take seriously and focus more resources on it?Samuel [00:05:28]: I'll answer that, but I'll answer what I think is a kind of parallel question, which is Pydantic's weird, because Pydantic existed, obviously, before I was starting a company. I was working on it in my spare time, and then beginning of 22, I started working on the rewrite in Rust. And I worked on it full-time for a year and a half, and then once we started the company, people came and joined. And it was a weird project, because that would never go away. You can't get signed off inside a startup. Like, we're going to go off and three engineers are going to work full-on for a year in Python and Rust, writing like 30,000 lines of Rust just to release open-source-free Python library. The result of that has been excellent for us as a company, right? As in, it's made us remain entirely relevant. And it's like, Pydantic is not just used in the SDKs of all of the AI libraries, but I can't say which one, but one of the big foundational model companies, when they upgraded from Pydantic v1 to v2, their number one internal model... The metric of performance is time to first token. That went down by 20%. So you think about all of the actual AI going on inside, and yet at least 20% of the CPU, or at least the latency inside requests was actually Pydantic, which shows like how widely it's used. So we've benefited from doing that work, although it didn't, it would have never have made financial sense in most companies. In answer to your question about like, how do we prioritize AI, I mean, the honest truth is we've spent a lot of the last year and a half building. Good general purpose observability inside LogFire and making Pydantic good for general purpose use cases. And the AI has kind of come to us. Like we just, not that we want to get away from it, but like the appetite, uh, both in Pydantic and in LogFire to go and build with AI is enormous because it kind of makes sense, right? Like if you're starting a new greenfield project in Python today, what's the chance that you're using GenAI 80%, let's say, globally, obviously it's like a hundred percent in California, but even worldwide, it's probably 80%. Yeah. And so everyone needs that stuff. And there's so much yet to be figured out so much like space to do things better in the ecosystem in a way that like to go and implement a database that's better than Postgres is a like Sisyphean task. Whereas building, uh, tools that are better for GenAI than some of the stuff that's about now is not very difficult. Putting the actual models themselves to one side.Alessio [00:07:40]: And then at the same time, then you released Pydantic AI recently, which is, uh, um, you know, agent framework and early on, I would say everybody like, you know, Langchain and like, uh, Pydantic kind of like a first class support, a lot of these frameworks, we're trying to use you to be better. What was the decision behind we should do our own framework? Were there any design decisions that you disagree with any workloads that you think people didn't support? Well,Samuel [00:08:05]: it wasn't so much like design and workflow, although I think there were some, some things we've done differently. Yeah. I think looking in general at the ecosystem of agent frameworks, the engineering quality is far below that of the rest of the Python ecosystem. There's a bunch of stuff that we have learned how to do over the last 20 years of building Python libraries and writing Python code that seems to be abandoned by people when they build agent frameworks. Now I can kind of respect that, particularly in the very first agent frameworks, like Langchain, where they were literally figuring out how to go and do this stuff. It's completely understandable that you would like basically skip some stuff.Samuel [00:08:42]: I'm shocked by the like quality of some of the agent frameworks that have come out recently from like well-respected names, which it just seems to be opportunism and I have little time for that, but like the early ones, like I think they were just figuring out how to do stuff and just as lots of people have learned from Pydantic, we were able to learn a bit from them. I think from like the gap we saw and the thing we were frustrated by was the production readiness. And that means things like type checking, even if type checking makes it hard. Like Pydantic AI, I will put my hand up now and say it has a lot of generics and you need to, it's probably easier to use it if you've written a bit of Rust and you really understand generics, but like, and that is, we're not claiming that that makes it the easiest thing to use in all cases, we think it makes it good for production applications in big systems where type checking is a no-brainer in Python. But there are also a bunch of stuff we've learned from maintaining Pydantic over the years that we've gone and done. So every single example in Pydantic AI's documentation is run on Python. As part of tests and every single print output within an example is checked during tests. So it will always be up to date. And then a bunch of things that, like I say, are standard best practice within the rest of the Python ecosystem, but I'm not followed surprisingly by some AI libraries like coverage, linting, type checking, et cetera, et cetera, where I think these are no-brainers, but like weirdly they're not followed by some of the other libraries.Alessio [00:10:04]: And can you just give an overview of the framework itself? I think there's kind of like the. LLM calling frameworks, there are the multi-agent frameworks, there's the workflow frameworks, like what does Pydantic AI do?Samuel [00:10:17]: I glaze over a bit when I hear all of the different sorts of frameworks, but I like, and I will tell you when I built Pydantic, when I built Logfire and when I built Pydantic AI, my methodology is not to go and like research and review all of the other things. I kind of work out what I want and I go and build it and then feedback comes and we adjust. So the fundamental building block of Pydantic AI is agents. The exact definition of agents and how you want to define them. is obviously ambiguous and our things are probably sort of agent-lit, not that we would want to go and rename them to agent-lit, but like the point is you probably build them together to build something and most people will call an agent. So an agent in our case has, you know, things like a prompt, like system prompt and some tools and a structured return type if you want it, that covers the vast majority of cases. There are situations where you want to go further and the most complex workflows where you want graphs and I resisted graphs for quite a while. I was sort of of the opinion you didn't need them and you could use standard like Python flow control to do all of that stuff. I had a few arguments with people, but I basically came around to, yeah, I can totally see why graphs are useful. But then we have the problem that by default, they're not type safe because if you have a like add edge method where you give the names of two different edges, there's no type checking, right? Even if you go and do some, I'm not, not all the graph libraries are AI specific. So there's a, there's a graph library called, but it allows, it does like a basic runtime type checking. Ironically using Pydantic to try and make up for the fact that like fundamentally that graphs are not typed type safe. Well, I like Pydantic, but it did, that's not a real solution to have to go and run the code to see if it's safe. There's a reason that starting type checking is so powerful. And so we kind of, from a lot of iteration eventually came up with a system of using normally data classes to define nodes where you return the next node you want to call and where we're able to go and introspect the return type of a node to basically build the graph. And so the graph is. Yeah. Inherently type safe. And once we got that right, I, I wasn't, I'm incredibly excited about graphs. I think there's like masses of use cases for them, both in gen AI and other development, but also software's all going to have interact with gen AI, right? It's going to be like web. There's no longer be like a web department in a company is that there's just like all the developers are building for web building with databases. The same is going to be true for gen AI.Alessio [00:12:33]: Yeah. I see on your docs, you call an agent, a container that contains a system prompt function. Tools, structure, result, dependency type model, and then model settings. Are the graphs in your mind, different agents? Are they different prompts for the same agent? What are like the structures in your mind?Samuel [00:12:52]: So we were compelled enough by graphs once we got them right, that we actually merged the PR this morning. That means our agent implementation without changing its API at all is now actually a graph under the hood as it is built using our graph library. So graphs are basically a lower level tool that allow you to build these complex workflows. Our agents are technically one of the many graphs you could go and build. And we just happened to build that one for you because it's a very common, commonplace one. But obviously there are cases where you need more complex workflows where the current agent assumptions don't work. And that's where you can then go and use graphs to build more complex things.Swyx [00:13:29]: You said you were cynical about graphs. What changed your mind specifically?Samuel [00:13:33]: I guess people kept giving me examples of things that they wanted to use graphs for. And my like, yeah, but you could do that in standard flow control in Python became a like less and less compelling argument to me because I've maintained those systems that end up with like spaghetti code. And I could see the appeal of this like structured way of defining the workflow of my code. And it's really neat that like just from your code, just from your type hints, you can get out a mermaid diagram that defines exactly what can go and happen.Swyx [00:14:00]: Right. Yeah. You do have very neat implementation of sort of inferring the graph from type hints, I guess. Yeah. Is what I would call it. Yeah. I think the question always is I have gone back and forth. I used to work at Temporal where we would actually spend a lot of time complaining about graph based workflow solutions like AWS step functions. And we would actually say that we were better because you could use normal control flow that you already knew and worked with. Yours, I guess, is like a little bit of a nice compromise. Like it looks like normal Pythonic code. But you just have to keep in mind what the type hints actually mean. And that's what we do with the quote unquote magic that the graph construction does.Samuel [00:14:42]: Yeah, exactly. And if you look at the internal logic of actually running a graph, it's incredibly simple. It's basically call a node, get a node back, call that node, get a node back, call that node. If you get an end, you're done. We will add in soon support for, well, basically storage so that you can store the state between each node that's run. And then the idea is you can then distribute the graph and run it across computers. And also, I mean, the other weird, the other bit that's really valuable is across time. Because it's all very well if you look at like lots of the graph examples that like Claude will give you. If it gives you an example, it gives you this lovely enormous mermaid chart of like the workflow, for example, managing returns if you're an e-commerce company. But what you realize is some of those lines are literally one function calls another function. And some of those lines are wait six days for the customer to print their like piece of paper and put it in the post. And if you're writing like your demo. Project or your like proof of concept, that's fine because you can just say, and now we call this function. But when you're building when you're in real in real life, that doesn't work. And now how do we manage that concept to basically be able to start somewhere else in the in our code? Well, this graph implementation makes it incredibly easy because you just pass the node that is the start point for carrying on the graph and it continues to run. So it's things like that where I was like, yeah, I can just imagine how things I've done in the past would be fundamentally easier to understand if we had done them with graphs.Swyx [00:16:07]: You say imagine, but like right now, this pedantic AI actually resume, you know, six days later, like you said, or is this just like a theoretical thing we can go someday?Samuel [00:16:16]: I think it's basically Q&A. So there's an AI that's asking the user a question and effectively you then call the CLI again to continue the conversation. And it basically instantiates the node and calls the graph with that node again. Now, we don't have the logic yet for effectively storing state in the database between individual nodes that we're going to add soon. But like the rest of it is basically there.Swyx [00:16:37]: It does make me think that not only are you competing with Langchain now and obviously Instructor, and now you're going into sort of the more like orchestrated things like Airflow, Prefect, Daxter, those guys.Samuel [00:16:52]: Yeah, I mean, we're good friends with the Prefect guys and Temporal have the same investors as us. And I'm sure that my investor Bogomol would not be too happy if I was like, oh, yeah, by the way, as well as trying to take on Datadog. We're also going off and trying to take on Temporal and everyone else doing that. Obviously, we're not doing all of the infrastructure of deploying that right yet, at least. We're, you know, we're just building a Python library. And like what's crazy about our graph implementation is, sure, there's a bit of magic in like introspecting the return type, you know, extracting things from unions, stuff like that. But like the actual calls, as I say, is literally call a function and get back a thing and call that. It's like incredibly simple and therefore easy to maintain. The question is, how useful is it? Well, I don't know yet. I think we have to go and find out. We have a whole. We've had a slew of people joining our Slack over the last few days and saying, tell me how good Pydantic AI is. How good is Pydantic AI versus Langchain? And I refuse to answer. That's your job to go and find that out. Not mine. We built a thing. I'm compelled by it, but I'm obviously biased. The ecosystem will work out what the useful tools are.Swyx [00:17:52]: Bogomol was my board member when I was at Temporal. And I think I think just generally also having been a workflow engine investor and participant in this space, it's a big space. Like everyone needs different functions. I think the one thing that I would say like yours, you know, as a library, you don't have that much control of it over the infrastructure. I do like the idea that each new agents or whatever or unit of work, whatever you call that should spin up in this sort of isolated boundaries. Whereas yours, I think around everything runs in the same process. But you ideally want to sort of spin out its own little container of things.Samuel [00:18:30]: I agree with you a hundred percent. And we will. It would work now. Right. As in theory, you're just like as long as you can serialize the calls to the next node, you just have to all of the different containers basically have to have the same the same code. I mean, I'm super excited about Cloudflare workers running Python and being able to install dependencies. And if Cloudflare could only give me my invitation to the private beta of that, we would be exploring that right now because I'm super excited about that as a like compute level for some of this stuff where exactly what you're saying, basically. You can run everything as an individual. Like worker function and distribute it. And it's resilient to failure, et cetera, et cetera.Swyx [00:19:08]: And it spins up like a thousand instances simultaneously. You know, you want it to be sort of truly serverless at once. Actually, I know we have some Cloudflare friends who are listening, so hopefully they'll get in front of the line. Especially.Samuel [00:19:19]: I was in Cloudflare's office last week shouting at them about other things that frustrate me. I have a love-hate relationship with Cloudflare. Their tech is awesome. But because I use it the whole time, I then get frustrated. So, yeah, I'm sure I will. I will. I will get there soon.Swyx [00:19:32]: There's a side tangent on Cloudflare. Is Python supported at full? I actually wasn't fully aware of what the status of that thing is.Samuel [00:19:39]: Yeah. So Pyodide, which is Python running inside the browser in scripting, is supported now by Cloudflare. They basically, they're having some struggles working out how to manage, ironically, dependencies that have binaries, in particular, Pydantic. Because these workers where you can have thousands of them on a given metal machine, you don't want to have a difference. You basically want to be able to have a share. Shared memory for all the different Pydantic installations, effectively. That's the thing they work out. They're working out. But Hood, who's my friend, who is the primary maintainer of Pyodide, works for Cloudflare. And that's basically what he's doing, is working out how to get Python running on Cloudflare's network.Swyx [00:20:19]: I mean, the nice thing is that your binary is really written in Rust, right? Yeah. Which also compiles the WebAssembly. Yeah. So maybe there's a way that you'd build... You have just a different build of Pydantic and that ships with whatever your distro for Cloudflare workers is.Samuel [00:20:36]: Yes, that's exactly what... So Pyodide has builds for Pydantic Core and for things like NumPy and basically all of the popular binary libraries. Yeah. It's just basic. And you're doing exactly that, right? You're using Rust to compile the WebAssembly and then you're calling that shared library from Python. And it's unbelievably complicated, but it works. Okay.Swyx [00:20:57]: Staying on graphs a little bit more, and then I wanted to go to some of the other features that you have in Pydantic AI. I see in your docs, there are sort of four levels of agents. There's single agents, there's agent delegation, programmatic agent handoff. That seems to be what OpenAI swarms would be like. And then the last one, graph-based control flow. Would you say that those are sort of the mental hierarchy of how these things go?Samuel [00:21:21]: Yeah, roughly. Okay.Swyx [00:21:22]: You had some expression around OpenAI swarms. Well.Samuel [00:21:25]: And indeed, OpenAI have got in touch with me and basically, maybe I'm not supposed to say this, but basically said that Pydantic AI looks like what swarms would become if it was production ready. So, yeah. I mean, like, yeah, which makes sense. Awesome. Yeah. I mean, in fact, it was specifically saying, how can we give people the same feeling that they were getting from swarms that led us to go and implement graphs? Because my, like, just call the next agent with Python code was not a satisfactory answer to people. So it was like, okay, we've got to go and have a better answer for that. It's not like, let us to get to graphs. Yeah.Swyx [00:21:56]: I mean, it's a minimal viable graph in some sense. What are the shapes of graphs that people should know? So the way that I would phrase this is I think Anthropic did a very good public service and also kind of surprisingly influential blog post, I would say, when they wrote Building Effective Agents. We actually have the authors coming to speak at my conference in New York, which I think you're giving a workshop at. Yeah.Samuel [00:22:24]: I'm trying to work it out. But yes, I think so.Swyx [00:22:26]: Tell me if you're not. yeah, I mean, like, that was the first, I think, authoritative view of, like, what kinds of graphs exist in agents and let's give each of them a name so that everyone is on the same page. So I'm just kind of curious if you have community names or top five patterns of graphs.Samuel [00:22:44]: I don't have top five patterns of graphs. I would love to see what people are building with them. But like, it's been it's only been a couple of weeks. And of course, there's a point is that. Because they're relatively unopinionated about what you can go and do with them. They don't suit them. Like, you can go and do lots of lots of things with them, but they don't have the structure to go and have like specific names as much as perhaps like some other systems do. I think what our agents are, which have a name and I can't remember what it is, but this basically system of like, decide what tool to call, go back to the center, decide what tool to call, go back to the center and then exit. One form of graph, which, as I say, like our agents are effectively one implementation of a graph, which is why under the hood they are now using graphs. And it'll be interesting to see over the next few years whether we end up with these like predefined graph names or graph structures or whether it's just like, yep, I built a graph or whether graphs just turn out not to match people's mental image of what they want and die away. We'll see.Swyx [00:23:38]: I think there is always appeal. Every developer eventually gets graph religion and goes, oh, yeah, everything's a graph. And then they probably over rotate and go go too far into graphs. And then they have to learn a whole bunch of DSLs. And then they're like, actually, I didn't need that. I need this. And they scale back a little bit.Samuel [00:23:55]: I'm at the beginning of that process. I'm currently a graph maximalist, although I haven't actually put any into production yet. But yeah.Swyx [00:24:02]: This has a lot of philosophical connections with other work coming out of UC Berkeley on compounding AI systems. I don't know if you know of or care. This is the Gartner world of things where they need some kind of industry terminology to sell it to enterprises. I don't know if you know about any of that.Samuel [00:24:24]: I haven't. I probably should. I should probably do it because I should probably get better at selling to enterprises. But no, no, I don't. Not right now.Swyx [00:24:29]: This is really the argument is that instead of putting everything in one model, you have more control and more maybe observability to if you break everything out into composing little models and changing them together. And obviously, then you need an orchestration framework to do that. Yeah.Samuel [00:24:47]: And it makes complete sense. And one of the things we've seen with agents is they work well when they work well. But when they. Even if you have the observability through log five that you can see what was going on, if you don't have a nice hook point to say, hang on, this is all gone wrong. You have a relatively blunt instrument of basically erroring when you exceed some kind of limit. But like what you need to be able to do is effectively iterate through these runs so that you can have your own control flow where you're like, OK, we've gone too far. And that's where one of the neat things about our graph implementation is you can basically call next in a loop rather than just running the full graph. And therefore, you have this opportunity to to break out of it. But yeah, basically, it's the same point, which is like if you have two bigger unit of work to some extent, whether or not it involves gen AI. But obviously, it's particularly problematic in gen AI. You only find out afterwards when you've spent quite a lot of time and or money when it's gone off and done done the wrong thing.Swyx [00:25:39]: Oh, drop on this. We're not going to resolve this here, but I'll drop this and then we can move on to the next thing. This is the common way that we we developers talk about this. And then the machine learning researchers look at us. And laugh and say, that's cute. And then they just train a bigger model and they wipe us out in the next training run. So I think there's a certain amount of we are fighting the bitter lesson here. We're fighting AGI. And, you know, when AGI arrives, this will all go away. Obviously, on Latent Space, we don't really discuss that because I think AGI is kind of this hand wavy concept that isn't super relevant. But I think we have to respect that. For example, you could do a chain of thoughts with graphs and you could manually orchestrate a nice little graph that does like. Reflect, think about if you need more, more inference time, compute, you know, that's the hot term now. And then think again and, you know, scale that up. Or you could train Strawberry and DeepSeq R1. Right.Samuel [00:26:32]: I saw someone saying recently, oh, they were really optimistic about agents because models are getting faster exponentially. And I like took a certain amount of self-control not to describe that it wasn't exponential. But my main point was. If models are getting faster as quickly as you say they are, then we don't need agents and we don't really need any of these abstraction layers. We can just give our model and, you know, access to the Internet, cross our fingers and hope for the best. Agents, agent frameworks, graphs, all of this stuff is basically making up for the fact that right now the models are not that clever. In the same way that if you're running a customer service business and you have loads of people sitting answering telephones, the less well trained they are, the less that you trust them, the more that you need to give them a script to go through. Whereas, you know, so if you're running a bank and you have lots of customer service people who you don't trust that much, then you tell them exactly what to say. If you're doing high net worth banking, you just employ people who you think are going to be charming to other rich people and set them off to go and have coffee with people. Right. And the same is true of models. The more intelligent they are, the less we need to tell them, like structure what they go and do and constrain the routes in which they take.Swyx [00:27:42]: Yeah. Yeah. Agree with that. So I'm happy to move on. So the other parts of Pydantic AI that are worth commenting on, and this is like my last rant, I promise. So obviously, every framework needs to do its sort of model adapter layer, which is, oh, you can easily swap from OpenAI to Cloud to Grok. You also have, which I didn't know about, Google GLA, which I didn't really know about until I saw this in your docs, which is generative language API. I assume that's AI Studio? Yes.Samuel [00:28:13]: Google don't have good names for it. So Vertex is very clear. That seems to be the API that like some of the things use, although it returns 503 about 20% of the time. So... Vertex? No. Vertex, fine. But the... Oh, oh. GLA. Yeah. Yeah.Swyx [00:28:28]: I agree with that.Samuel [00:28:29]: So we have, again, another example of like, well, I think we go the extra mile in terms of engineering is we run on every commit, at least commit to main, we run tests against the live models. Not lots of tests, but like a handful of them. Oh, okay. And we had a point last week where, yeah, GLA is a little bit better. GLA1 was failing every single run. One of their tests would fail. And we, I think we might even have commented out that one at the moment. So like all of the models fail more often than you might expect, but like that one seems to be particularly likely to fail. But Vertex is the same API, but much more reliable.Swyx [00:29:01]: My rant here is that, you know, versions of this appear in Langchain and every single framework has to have its own little thing, a version of that. I would put to you, and then, you know, this is, this can be agree to disagree. This is not needed in Pydantic AI. I would much rather you adopt a layer like Lite LLM or what's the other one in JavaScript port key. And that's their job. They focus on that one thing and they, they normalize APIs for you. All new models are automatically added and you don't have to duplicate this inside of your framework. So for example, if I wanted to use deep seek, I'm out of luck because Pydantic AI doesn't have deep seek yet.Samuel [00:29:38]: Yeah, it does.Swyx [00:29:39]: Oh, it does. Okay. I'm sorry. But you know what I mean? Should this live in your code or should it live in a layer that's kind of your API gateway that's a defined piece of infrastructure that people have?Samuel [00:29:49]: And I think if a company who are well known, who are respected by everyone had come along and done this at the right time, maybe we should have done it a year and a half ago and said, we're going to be the universal AI layer. That would have been a credible thing to do. I've heard varying reports of Lite LLM is the truth. And it didn't seem to have exactly the type safety that we needed. Also, as I understand it, and again, I haven't looked into it in great detail. Part of their business model is proxying the request through their, through their own system to do the generalization. That would be an enormous put off to an awful lot of people. Honestly, the truth is I don't think it is that much work unifying the model. I get where you're coming from. I kind of see your point. I think the truth is that everyone is centralizing around open AIs. Open AI's API is the one to do. So DeepSeq support that. Grok with OK support that. Ollama also does it. I mean, if there is that library right now, it's more or less the open AI SDK. And it's very high quality. It's well type checked. It uses Pydantic. So I'm biased. But I mean, I think it's pretty well respected anyway.Swyx [00:30:57]: There's different ways to do this. Because also, it's not just about normalizing the APIs. You have to do secret management and all that stuff.Samuel [00:31:05]: Yeah. And there's also. There's Vertex and Bedrock, which to one extent or another, effectively, they host multiple models, but they don't unify the API. But they do unify the auth, as I understand it. Although we're halfway through doing Bedrock. So I don't know about it that well. But they're kind of weird hybrids because they support multiple models. But like I say, the auth is centralized.Swyx [00:31:28]: Yeah, I'm surprised they don't unify the API. That seems like something that I would do. You know, we can discuss all this all day. There's a lot of APIs. I agree.Samuel [00:31:36]: It would be nice if there was a universal one that we didn't have to go and build.Alessio [00:31:39]: And I guess the other side of, you know, routing model and picking models like evals. How do you actually figure out which one you should be using? I know you have one. First of all, you have very good support for mocking in unit tests, which is something that a lot of other frameworks don't do. So, you know, my favorite Ruby library is VCR because it just, you know, it just lets me store the HTTP requests and replay them. That part I'll kind of skip. I think you are busy like this test model. We're like just through Python. You try and figure out what the model might respond without actually calling the model. And then you have the function model where people can kind of customize outputs. Any other fun stories maybe from there? Or is it just what you see is what you get, so to speak?Samuel [00:32:18]: On those two, I think what you see is what you get. On the evals, I think watch this space. I think it's something that like, again, I was somewhat cynical about for some time. Still have my cynicism about some of the well, it's unfortunate that so many different things are called evals. It would be nice if we could agree. What they are and what they're not. But look, I think it's a really important space. I think it's something that we're going to be working on soon, both in Pydantic AI and in LogFire to try and support better because it's like it's an unsolved problem.Alessio [00:32:45]: Yeah, you do say in your doc that anyone who claims to know for sure exactly how your eval should be defined can safely be ignored.Samuel [00:32:52]: We'll delete that sentence when we tell people how to do their evals.Alessio [00:32:56]: Exactly. I was like, we need we need a snapshot of this today. And so let's talk about eval. So there's kind of like the vibe. Yeah. So you have evals, which is what you do when you're building. Right. Because you cannot really like test it that many times to get statistical significance. And then there's the production eval. So you also have LogFire, which is kind of like your observability product, which I tried before. It's very nice. What are some of the learnings you've had from building an observability tool for LEMPs? And yeah, as people think about evals, even like what are the right things to measure? What are like the right number of samples that you need to actually start making decisions?Samuel [00:33:33]: I'm not the best person to answer that is the truth. So I'm not going to come in here and tell you that I think I know the answer on the exact number. I mean, we can do some back of the envelope statistics calculations to work out that like having 30 probably gets you most of the statistical value of having 200 for, you know, by definition, 15% of the work. But the exact like how many examples do you need? For example, that's a much harder question to answer because it's, you know, it's deep within the how models operate in terms of LogFire. One of the reasons we built LogFire the way we have and we allow you to write SQL directly against your data and we're trying to build the like powerful fundamentals of observability is precisely because we know we don't know the answers. And so allowing people to go and innovate on how they're going to consume that stuff and how they're going to process it is we think that's valuable. Because even if we come along and offer you an evals framework on top of LogFire, it won't be right in all regards. And we want people to be able to go and innovate and being able to write their own SQL connected to the API. And effectively query the data like it's a database with SQL allows people to innovate on that stuff. And that's what allows us to do it as well. I mean, we do a bunch of like testing what's possible by basically writing SQL directly against LogFire as any user could. I think the other the other really interesting bit that's going on in observability is OpenTelemetry is centralizing around semantic attributes for GenAI. So it's a relatively new project. A lot of it's still being added at the moment. But basically the idea that like. They unify how both SDKs and or agent frameworks send observability data to to any OpenTelemetry endpoint. And so, again, we can go and having that unification allows us to go and like basically compare different libraries, compare different models much better. That stuff's in a very like early stage of development. One of the things we're going to be working on pretty soon is basically, I suspect, GenAI will be the first agent framework that implements those semantic attributes properly. Because, again, we control and we can say this is important for observability, whereas most of the other agent frameworks are not maintained by people who are trying to do observability. With the exception of Langchain, where they have the observability platform, but they chose not to go down the OpenTelemetry route. So they're like plowing their own furrow. And, you know, they're a lot they're even further away from standardization.Alessio [00:35:51]: Can you maybe just give a quick overview of how OTEL ties into the AI workflows? There's kind of like the question of is, you know, a trace. And a span like a LLM call. Is it the agent? It's kind of like the broader thing you're tracking. How should people think about it?Samuel [00:36:06]: Yeah, so they have a PR that I think may have now been merged from someone at IBM talking about remote agents and trying to support this concept of remote agents within GenAI. I'm not particularly compelled by that because I don't think that like that's actually by any means the common use case. But like, I suppose it's fine for it to be there. The majority of the stuff in OTEL is basically defining how you would instrument. A given call to an LLM. So basically the actual LLM call, what data you would send to your telemetry provider, how you would structure that. Apart from this slightly odd stuff on remote agents, most of the like agent level consideration is not yet implemented in is not yet decided effectively. And so there's a bit of ambiguity. Obviously, what's good about OTEL is you can in the end send whatever attributes you like. But yeah, there's quite a lot of churn in that space and exactly how we store the data. I think that one of the most interesting things, though, is that if you think about observability. Traditionally, it was sure everyone would say our observability data is very important. We must keep it safe. But actually, companies work very hard to basically not have anything that sensitive in their observability data. So if you're a doctor in a hospital and you search for a drug for an STI, the sequel might be sent to the observability provider. But none of the parameters would. It wouldn't have the patient number or their name or the drug. With GenAI, that distinction doesn't exist because it's all just messed up in the text. If you have that same patient asking an LLM how to. What drug they should take or how to stop smoking. You can't extract the PII and not send it to the observability platform. So the sensitivity of the data that's going to end up in observability platforms is going to be like basically different order of magnitude to what's in what you would normally send to Datadog. Of course, you can make a mistake and send someone's password or their card number to Datadog. But that would be seen as a as a like mistake. Whereas in GenAI, a lot of data is going to be sent. And I think that's why companies like Langsmith and are trying hard to offer observability. On prem, because there's a bunch of companies who are happy for Datadog to be cloud hosted, but want self-hosted self-hosting for this observability stuff with GenAI.Alessio [00:38:09]: And are you doing any of that today? Because I know in each of the spans you have like the number of tokens, you have the context, you're just storing everything. And then you're going to offer kind of like a self-hosting for the platform, basically. Yeah. Yeah.Samuel [00:38:23]: So we have scrubbing roughly equivalent to what the other observability platforms have. So if we, you know, if we see password as the key, we won't send the value. But like, like I said, that doesn't really work in GenAI. So we're accepting we're going to have to store a lot of data and then we'll offer self-hosting for those people who can afford it and who need it.Alessio [00:38:42]: And then this is, I think, the first time that most of the workloads performance is depending on a third party. You know, like if you're looking at Datadog data, usually it's your app that is driving the latency and like the memory usage and all of that. Here you're going to have spans that maybe take a long time to perform because the GLA API is not working or because OpenAI is kind of like overwhelmed. Do you do anything there since like the provider is almost like the same across customers? You know, like, are you trying to surface these things for people and say, hey, this was like a very slow span, but actually all customers using OpenAI right now are seeing the same thing. So maybe don't worry about it or.Samuel [00:39:20]: Not yet. We do a few things that people don't generally do in OTA. So we send. We send information at the beginning. At the beginning of a trace as well as sorry, at the beginning of a span, as well as when it finishes. By default, OTA only sends you data when the span finishes. So if you think about a request which might take like 20 seconds, even if some of the intermediate spans finished earlier, you can't basically place them on the page until you get the top level span. And so if you're using standard OTA, you can't show anything until those requests are finished. When those requests are taking a few hundred milliseconds, it doesn't really matter. But when you're doing Gen AI calls or when you're like running a batch job that might take 30 minutes. That like latency of not being able to see the span is like crippling to understanding your application. And so we've we do a bunch of slightly complex stuff to basically send data about a span as it starts, which is closely related. Yeah.Alessio [00:40:09]: Any thoughts on all the other people trying to build on top of OpenTelemetry in different languages, too? There's like the OpenLEmetry project, which doesn't really roll off the tongue. But how do you see the future of these kind of tools? Is everybody going to have to build? Why does everybody want to build? They want to build their own open source observability thing to then sell?Samuel [00:40:29]: I mean, we are not going off and trying to instrument the likes of the OpenAI SDK with the new semantic attributes, because at some point that's going to happen and it's going to live inside OTEL and we might help with it. But we're a tiny team. We don't have time to go and do all of that work. So OpenLEmetry, like interesting project. But I suspect eventually most of those semantic like that instrumentation of the big of the SDKs will live, like I say, inside the main OpenTelemetry report. I suppose. What happens to the agent frameworks? What data you basically need at the framework level to get the context is kind of unclear. I don't think we know the answer yet. But I mean, I was on the, I guess this is kind of semi-public, because I was on the call with the OpenTelemetry call last week talking about GenAI. And there was someone from Arize talking about the challenges they have trying to get OpenTelemetry data out of Langchain, where it's not like natively implemented. And obviously they're having quite a tough time. And I was realizing, hadn't really realized this before, but how lucky we are to primarily be talking about our own agent framework, where we have the control rather than trying to go and instrument other people's.Swyx [00:41:36]: Sorry, I actually didn't know about this semantic conventions thing. It looks like, yeah, it's merged into main OTel. What should people know about this? I had never heard of it before.Samuel [00:41:45]: Yeah, I think it looks like a great start. I think there's some unknowns around how you send the messages that go back and forth, which is kind of the most important part. It's the most important thing of all. And that is moved out of attributes and into OTel events. OTel events in turn are moving from being on a span to being their own top-level API where you send data. So there's a bunch of churn still going on. I'm impressed by how fast the OTel community is moving on this project. I guess they, like everyone else, get that this is important, and it's something that people are crying out to get instrumentation off. So I'm kind of pleasantly surprised at how fast they're moving, but it makes sense.Swyx [00:42:25]: I'm just kind of browsing through the specification. I can already see that this basically bakes in whatever the previous paradigm was. So now they have genai.usage.prompt tokens and genai.usage.completion tokens. And obviously now we have reasoning tokens as well. And then only one form of sampling, which is top-p. You're basically baking in or sort of reifying things that you think are important today, but it's not a super foolproof way of doing this for the future. Yeah.Samuel [00:42:54]: I mean, that's what's neat about OTel is you can always go and send another attribute and that's fine. It's just there are a bunch that are agreed on. But I would say, you know, to come back to your previous point about whether or not we should be relying on one centralized abstraction layer, this stuff is moving so fast that if you start relying on someone else's standard, you risk basically falling behind because you're relying on someone else to keep things up to date.Swyx [00:43:14]: Or you fall behind because you've got other things going on.Samuel [00:43:17]: Yeah, yeah. That's fair. That's fair.Swyx [00:43:19]: Any other observations just about building LogFire, actually? Let's just talk about this. So you announced LogFire. I was kind of only familiar with LogFire because of your Series A announcement. I actually thought you were making a separate company. I remember some amount of confusion with you when that came out. So to be clear, it's Pydantic LogFire and the company is one company that has kind of two products, an open source thing and an observability thing, correct? Yeah. I was just kind of curious, like any learnings building LogFire? So classic question is, do you use ClickHouse? Is this like the standard persistence layer? Any learnings doing that?Samuel [00:43:54]: We don't use ClickHouse. We started building our database with ClickHouse, moved off ClickHouse onto Timescale, which is a Postgres extension to do analytical databases. Wow. And then moved off Timescale onto DataFusion. And we're basically now building, it's DataFusion, but it's kind of our own database. Bogomil is not entirely happy that we went through three databases before we chose one. I'll say that. But like, we've got to the right one in the end. I think we could have realized that Timescale wasn't right. I think ClickHouse. They both taught us a lot and we're in a great place now. But like, yeah, it's been a real journey on the database in particular.Swyx [00:44:28]: Okay. So, you know, as a database nerd, I have to like double click on this, right? So ClickHouse is supposed to be the ideal backend for anything like this. And then moving from ClickHouse to Timescale is another counterintuitive move that I didn't expect because, you know, Timescale is like an extension on top of Postgres. Not super meant for like high volume logging. But like, yeah, tell us those decisions.Samuel [00:44:50]: So at the time, ClickHouse did not have good support for JSON. I was speaking to someone yesterday and said ClickHouse doesn't have good support for JSON and got roundly stepped on because apparently it does now. So they've obviously gone and built their proper JSON support. But like back when we were trying to use it, I guess a year ago or a bit more than a year ago, everything happened to be a map and maps are a pain to try and do like looking up JSON type data. And obviously all these attributes, everything you're talking about there in terms of the GenAI stuff. You can choose to make them top level columns if you want. But the simplest thing is just to put them all into a big JSON pile. And that was a problem with ClickHouse. Also, ClickHouse had some really ugly edge cases like by default, or at least until I complained about it a lot, ClickHouse thought that two nanoseconds was longer than one second because they compared intervals just by the number, not the unit. And I complained about that a lot. And then they caused it to raise an error and just say you have to have the same unit. Then I complained a bit more. And I think as I understand it now, they have some. They convert between units. But like stuff like that, when all you're looking at is when a lot of what you're doing is comparing the duration of spans was really painful. Also things like you can't subtract two date times to get an interval. You have to use the date sub function. But like the fundamental thing is because we want our end users to write SQL, the like quality of the SQL, how easy it is to write, matters way more to us than if you're building like a platform on top where your developers are going to write the SQL. And once it's written and it's working, you don't mind too much. So I think that's like one of the fundamental differences. The other problem that I have with the ClickHouse and Impact Timescale is that like the ultimate architecture, the like snowflake architecture of binary data in object store queried with some kind of cache from nearby. They both have it, but it's closed sourced and you only get it if you go and use their hosted versions. And so even if we had got through all the problems with Timescale or ClickHouse, we would end up like, you know, they would want to be taking their 80% margin. And then we would be wanting to take that would basically leave us less space for margin. Whereas data fusion. Properly open source, all of that same tooling is open source. And for us as a team of people with a lot of Rust expertise, data fusion, which is implemented in Rust, we can literally dive into it and go and change it. So, for example, I found that there were some slowdowns in data fusion's string comparison kernel for doing like string contains. And it's just Rust code. And I could go and rewrite the string comparison kernel to be faster. Or, for example, data fusion, when we started using it, didn't have JSON support. Obviously, as I've said, it's something we can do. It's something we needed. I was able to go and implement that in a weekend using our JSON parser that we built for Pydantic Core. So it's the fact that like data fusion is like for us the perfect mixture of a toolbox to build a database with, not a database. And we can go and implement stuff on top of it in a way that like if you were trying to do that in Postgres or in ClickHouse. I mean, ClickHouse would be easier because it's C++, relatively modern C++. But like as a team of people who are not C++ experts, that's much scarier than data fusion for us.Swyx [00:47:47]: Yeah, that's a beautiful rant.Alessio [00:47:49]: That's funny. Most people don't think they have agency on these projects. They're kind of like, oh, I should use this or I should use that. They're not really like, what should I pick so that I contribute the most back to it? You know, so but I think you obviously have an open source first mindset. So that makes a lot of sense.Samuel [00:48:05]: I think if we were probably better as a startup, a better startup and faster moving and just like headlong determined to get in front of customers as fast as possible, we should have just started with ClickHouse. I hope that long term we're in a better place for having worked with data fusion. We like we're quite engaged now with the data fusion community. Andrew Lam, who maintains data fusion, is an advisor to us. We're in a really good place now. But yeah, it's definitely slowed us down relative to just like building on ClickHouse and moving as fast as we can.Swyx [00:48:34]: OK, we're about to zoom out and do Pydantic run and all the other stuff. But, you know, my last question on LogFire is really, you know, at some point you run out sort of community goodwill just because like, oh, I use Pydantic. I love Pydantic. I'm going to use LogFire. OK, then you start entering the territory of the Datadogs, the Sentrys and the honeycombs. Yeah. So where are you going to really spike here? What differentiator here?Samuel [00:48:59]: I wasn't writing code in 2001, but I'm assuming that there were people talking about like web observability and then web observability stopped being a thing, not because the web stopped being a thing, but because all observability had to do web. If you were talking to people in 2010 or 2012, they would have talked about cloud observability. Now that's not a term because all observability is cloud first. The same is going to happen to gen AI. And so whether or not you're trying to compete with Datadog or with Arise and Langsmith, you've got to do first class. You've got to do general purpose observability with first class support for AI. And as far as I know, we're the only people really trying to do that. I mean, I think Datadog is starting in that direction. And to be honest, I think Datadog is a much like scarier company to compete with than the AI specific observability platforms. Because in my opinion, and I've also heard this from lots of customers, AI specific observability where you don't see everything else going on in your app is not actually that useful. Our hope is that we can build the first general purpose observability platform with first class support for AI. And that we have this open source heritage of putting developer experience first that other companies haven't done. For all I'm a fan of Datadog and what they've done. If you search Datadog logging Python. And you just try as a like a non-observability expert to get something up and running with Datadog and Python. It's not trivial, right? That's something Sentry have done amazingly well. But like there's enormous space in most of observability to do DX better.Alessio [00:50:27]: Since you mentioned Sentry, I'm curious how you thought about licensing and all of that. Obviously, your MIT license, you don't have any rolling license like Sentry has where you can only use an open source, like the one year old version of it. Was that a hard decision?Samuel [00:50:41]: So to be clear, LogFire is co-sourced. So Pydantic and Pydantic AI are MIT licensed and like properly open source. And then LogFire for now is completely closed source. And in fact, the struggles that Sentry have had with licensing and the like weird pushback the community gives when they take something that's closed source and make it source available just meant that we just avoided that whole subject matter. I think the other way to look at it is like in terms of either headcount or revenue or dollars in the bank. The amount of open source we do as a company is we've got to be open source. We're up there with the most prolific open source companies, like I say, per head. And so we didn't feel like we were morally obligated to make LogFire open source. We have Pydantic. Pydantic is a foundational library in Python. That and now Pydantic AI are our contribution to open source. And then LogFire is like openly for profit, right? As in we're not claiming otherwise. We're not sort of trying to walk a line if it's open source. But really, we want to make it hard to deploy. So you probably want to pay us. We're trying to be straight. That it's to pay for. We could change that at some point in the future, but it's not an immediate plan.Alessio [00:51:48]: All right. So the first one I saw this new I don't know if it's like a product you're building the Pydantic that run, which is a Python browser sandbox. What was the inspiration behind that? We talk a lot about code interpreter for lamps. I'm an investor in a company called E2B, which is a code sandbox as a service for remote execution. Yeah. What's the Pydantic that run story?Samuel [00:52:09]: So Pydantic that run is again completely open source. I have no interest in making it into a product. We just needed a sandbox to be able to demo LogFire in particular, but also Pydantic AI. So it doesn't have it yet, but I'm going to add basically a proxy to OpenAI and the other models so that you can run Pydantic AI in the browser. See how it works. Tweak the prompt, et cetera, et cetera. And we'll have some kind of limit per day of what you can spend on it or like what the spend is. The other thing we wanted to b

In this episode of the Higher Ed CMO Podcast, host Jaime Hunt welcomes Jennifer Lonchar, founder of Ambio, to explore the transformative potential of Performance TV for higher education marketing. Jennifer breaks down how this technology provides the reach of traditional TV with the precision of digital advertising, delivering measurable ROI and enabling schools to craft highly targeted campaigns. From personalized storytelling to integrating AI for advanced analytics, this episode is packed with actionable insights for enrollment marketers, advancement professionals, and beyond.Key TakeawaysPerformance TV bridges the gap between traditional TV's wide reach and digital advertising's precise targeting and ROI measurement.Household ID technology ensures ethical and accurate targeting without relying on personal data.Schools can track and optimize campaigns based on how audiences respond, ensuring data-driven decisions.Empathy-driven messaging—tailored commercials for each stage of the student journey—creates a transformative connection with prospective students.Performance TV can complement traditional channels, enhancing email engagement and boosting overall campaign effectiveness.What is Performance TV? Jennifer Lonchar introduces Performance TV as a game-changer in higher ed marketing. Unlike traditional streaming ads, Performance TV combines the broad reach of television with the precision and measurability of digital advertising. Using Household ID technology, this tool allows marketers to reach specific audiences—students and parents—while respecting privacy by avoiding personal identifiable information (PII).Performance TV makes it possible to measure ROI with clarity. Schools can track behaviors, such as how many users visit the admissions page or complete an application after seeing a commercial, providing actionable insights for optimizing campaigns.Empathy in Marketing: The Power of Storytelling One of the most compelling opportunities with Performance TV is its potential for empathy-driven messaging. Jaime and Jennifer discuss how understanding your audience's emotions and challenges can guide campaign creation. For instance, commercials could address financial aid complexities or highlight the lifelong friendships and connections fostered in college.By crafting ads tailored to specific stages in the enrollment funnel—student search, application, yield, and even summer melt—schools can resonate with their audiences on a deeper level. Jennifer emphasizes the importance of storytelling, citing examples of commercials that are memorable because they evoke emotions and build trust.Campaign Integration and Success Stories Performance TV is not a standalone solution but a powerful component of an integrated marketing strategy. Jennifer advises using it alongside email, social media, and other channels. For example, schools have seen higher engagement rates in email campaigns when paired with Performance TV exposure.Jennifer shares several success stories, such as the University of Iowa, which generated over 15,000 inquiries, applications, and event registrations during a three-month campaign. Another example is Northeastern Illinois University, which used bilingual commercials to engage diverse audiences and met their enrollment goals for the first time in years.The Future of Performance TV in Higher Ed As the landscape evolves, Jennifer predicts even more advanced integrations, such as interactive TV ads and greater use of AI for optimization. These innovations will allow schools to engage audiences more effectively and refine strategies in real-time. However, the adoption of such tools in higher ed will require marketers to move faster and embrace change.A New Era for Higher Ed Marketing Performance TV offers higher education institutions an unskippable, 30-second stage to tell their story, build trust, and inspire action. Ready to stand out in a crowded digital space? Embrace this innovative tool to revolutionize your campaigns.Guest Name: Jennifer Lonchar, co-founder of AmbioEduGuest Social: https://www.linkedin.com/in/jenniferlonchar/Guest Bio: Jennifer Lonchar brings almost two decades of expertise in higher education, having worked in various roles focused on strategic enrollment and marketing. For over 13 years she worked for Carnegie, and was instrumental in bringing digital marketing to higher education. Her deep understanding of the challenges and opportunities within the sector has made her a sought-after leader in developing innovative solutions for enrollment and student engagement. Driven by a passion for enhancing the student experience and optimizing recruitment strategies, Jennifer co-founded AmbioEdu. This venture reflects her commitment to transforming higher education marketing through advanced technologies, including Performance TV and integrated digital solutions. AmbioEdu, under her leadership, harnesses cutting-edge tools to help universities connect with prospective students more effectively and efficiently, setting new standards in the field. - - - -Connect With Our Host:Jaime Hunthttps://www.linkedin.com/in/jaimehunt/https://twitter.com/JaimeHuntIMCAbout The Enrollify Podcast Network:Confessions of a Higher Ed CMO is a part of the Enrollify Podcast Network. If you like this podcast, chances are you'll like other Enrollify shows too! Some of our favorites include Talking Tactics and Higher Ed Pulse. Enrollify is made possible by Element451 — the next-generation AI student engagement platform helping institutions create meaningful and personalized interactions with students. Learn more at element451.com.Attend the 2025 Engage Summit! The Engage Summit is the premier conference for forward-thinking leaders and practitioners dedicated to exploring the transformative power of AI in education. Explore the strategies and tools to step into the next generation of student engagement, supercharged by AI. You'll leave ready to deliver the most personalized digital engagement experience every step of the way.Register now to secure your spot in Charlotte, NC, on June 24-25, 2025! Early bird registration ends February 1st -- https://engage.element451.com/register

In this special episode of We Are, Marketing Happy, Jenny dives into a critical update for healthcare marketers. Google is requiring advertisers to opt into call recording for its Click-to-Call feature, creating potential HIPAA compliance risks. Jenny explains the changes, why they're a concern, and what steps you need to take to protect your organization.   Key Points: • Google's new terms for Click-to-Call could result in PHI or PII being recorded, violating HIPAA. • The rollout is inconsistent, so accounts must be monitored closely. • You can contact Google support to opt out of call recording.   Action Items: • Check if the terms were accepted for your account. • Share this episode with your team or agency to ensure awareness.   More Information •Search Engine Land Article •Search Engine Journal Article   Connect with Jenny: • Email: jenny@hedyandhopp.com • LinkedIn: https://www.linkedin.com/in/jennybristow/   If you enjoyed this episode we'd love to hear your feedback! Please consider leaving us a review on your preferred listening platform and sharing it with others.

        Veteran English teacher Carrie Shevlin couldn't wait to tell the EdCuration listeners about how Scribo from Literatu has given her students loads of confidence with their writing, greatly improved their outcomes, and made both her planning and grading quicker, easier and much more personalized.          While AI can never take the place of a teacher, Carrie says Scribo gives both her and her students a huge boost toward stronger, skillful writing.    Resources: Scribo by Literatu is designed to improve student writing skills by providing real-time feedback, personalized insights, and actionable strategies. It helps students improve their writing proficiency while offering educators valuable data to tailor instruction. As part of the SchoolDay Collection, by Global Grid for Learning (GG4L), Scribo is available for a free pilot without requiring or collecting PII student data. SchoolDay Collection products are available for purchase on the AWS Marketplace.   More Information: Scribo News and Views Product Sample About Scribo's Writing improvement platform Saving teachers time across disciplines at Woodland Hills School District Motivating students to care about writing at New Waverly High School in Texas Inclusion Statement Product Impact Report   More great stuff: Explore our Micro Professional Learning ExPLorations fun and free, 1-hour digital, on-demand Professional Learning for teachers from all content areas and grades levels EdCuration's Blog: Learning in Action

In episode 178, Coffey talks with Jason Barrett about the evolving landscape of data privacy laws and their impact on employers' handling of personal information.They discuss the cultural shift driving increased data privacy concerns; differences between personally identifiable information (PII) and sensitive personal information; roles of data controllers, processors, and consumers; GDPR's seven foundational principles; state-level privacy laws including Texas and California regulations; biometric data collection and regulation; cross-state jurisdiction issues; data storage and retention practices; and the implications of AI on data privacy.Good Morning, HR is brought to you by Imperative—Bulletproof Background Checks. For more information about our commitment to quality and excellent customer service, visit us at https://imperativeinfo.com. If you are an HRCI or SHRM-certified professional, this episode of Good Morning, HR has been pre-approved for half a recertification credit (business credit for HRCI). To obtain the recertification information for this episode, visit https://goodmorninghr.com. About our Guest:Jason has worked over 20 years in corporate legal, compliance and HR roles in diverse industries including maritime, energy and oil and gas.He has expertise in the areas of global employment, labor and IP law, employee relations, data privacy compliance and legal administration.JAME Consulting, LLC focuses on providing comprehensive HR, legal, and data privacy consulting advice and training for all stages of the employment lifecycle.Jason received his Bachelor of Arts degree from the University of Mississippi and J.D. from the University of Houston.Jason currently serves as a Board or committee member for 2 nonprofits and one private organization.Jason Barrett can be reached athttp://jameconsulting.com https://www.linkedin.com/in/jason-barrett-jd-3062b6a About Mike Coffey:Mike Coffey is an entrepreneur, licensed private investigator, business strategist, HR consultant, and registered yoga teacher.In 1999, he founded Imperative, a background investigations and due diligence firm helping risk-averse clients make well-informed decisions about the people they involve in their business.Imperative delivers in-depth employment background investigations, know-your-customer and anti-money laundering compliance, and due diligence investigations to more than 300 risk-averse corporate clients across the US, and, through its PFC Caregiver & Household Screening brand, many more private estates, family offices, and personal service agencies.Imperative has been named the Texas Association of Business' small business of the year and is accredited by the Professional Background Screening Association. Mike shares his insight from 25 years of HR-entrepreneurship on the Good Morning, HR podcast, where each week he talks to business leaders about bringing people together to create value for customers, shareholders, and community.Mike has been recognized as an Entrepreneur of Excellence by FW, Inc. and has twice been recognized as the North Texas HR Professional of the Year. Mike is a member of the Fort Worth chapter of the Entrepreneurs' Organization and is a volunteer leader with the SHRM Texas State Council and the Fort Worth Chamber of Commerce.Mike is a certified Senior Professional in Human Resources (SPHR) through the HR Certification Institute and a SHRM Senior Certified Professional (SHRM-SCP). He is also a Yoga Alliance registered yoga teacher (RYT-200).Mike and his very patient wife of 27 years are empty nesters in Fort Worth.Learning Objectives:Identify different types of protected data and develop appropriate protocols for collecting, storing, and managing employee information.Create transparent data privacy policies that address both state and federal requirements while maintaining compliance across multiple jurisdictions.Implement data minimization practices that balance business needs with emerging privacy regulations and individual rights to data access and protection.

Just as a rock climber meticulously checks their gear and follows strict safety protocols to navigate treacherous heights, security UX professionals must also anticipate risks and design safeguards to ensure a smooth and safe journey for users in a digital landscape. In Lou's interview with Heidi Trost, author of Human-Centered Security: How to Design Systems that are Both Safe and Usable, Heidi highlights the critical safety protocols climbers and belayers follow, which mirror the precautions needed in system design to mitigate human error and anxiety. This analogy sets the stage for a broader discussion on security user experience challenges. Heidi stresses the necessity of cross-disciplinary collaboration, especially when dealing with sensitive data like personally identifiable information (PII) and electronic protected health information (EPHI). She points out how involving legal and security teams early can streamline projects and improve outcomes. Designers, as facilitators, must bridge the gap between complex security concepts and user comprehension. Heidi's book helps them do this by using personas to understand how the dynamic between users, security UX, and threat actors shapes. Lou and Heidi's conversation explores the evolution of multi-factor authentication (MFA) and its unintended consequences. What started as a simple 6-digit code morphed into a troublesome fatigue for users. Heidi underscores the importance of iterative design to adapt to these evolving challenges, likening the chaos of security interactions to a relentless ping-pong match. As they look ahead, Louis and Heidi discuss the rapid evolution of AI in security contexts, emphasizing the balance between technological advancement and user protection. With AI assistants poised to know more about individuals than ever, designers must remain vigilant to prevent potential misuse. Their conversation is an invitation for professionals to rethink how they approach security UX and design, encouraging a proactive stance in this ever-changing landscape.

//The content of this Podcast has been prepared for informational purposes only and does not constitute legal advice//summaryIn this conversation, Sarah Nagle and Chad Reynolds discuss the complexities of AI development, focusing on the challenges of copyright, regulation, and investment in the AI landscape. They explore the implications of antitrust laws, the strategic moves by major companies like Amazon, and the evolving nature of AI startups. The conversation also delves into the importance of record-keeping and the future of copyright ownership in the context of AI-generated content. In this conversation, Sarah Nagle discusses the complexities of ownership, frameworks, and legal implications surrounding AI, particularly in the context of copyright, fundraising, and the handling of personal identifiable information (PII). The discussion highlights the importance of having proper frameworks in place to protect intellectual property and navigate the evolving landscape of AI regulations. The conversation also touches on the responsibilities of companies in managing user data and the potential liabilities they face in the event of misuse. Predictions for the future of AI and fundraising are made, emphasizing the challenges and opportunities that lie ahead.Chapters00:00Navigating Uncertainty in AI Revenue Streams02:59The Role of Regulation in AI Development05:49The Impact of Antitrust Laws on AI Companies09:07Amazon's Strategic Moves in AI Investment11:58Understanding AI Hardware and Processing Power14:58The Evolving Landscape of AI Startups17:52Intellectual Property Challenges in AI21:10The Importance of Record Keeping in AI23:55The Future of AI and Copyright Ownership38:41Ownership and Frameworks in AI42:57Human Involvement in AI Outputs48:56Training Data and Copyright Concerns55:00Navigating PII in the Age of AI01:01:28Liability in AI Misuse01:10:20Predictions for the Future of AI and Fundraisinghttps://www.dinsmore.com/Vurvey.com

In this episode of Molecule to Market, you'll go inside the outsourcing space of the global drug development sector with John Fowler, President & CEO at Pii (Pharmaceutics International, Inc.) Your host, Raman Sehgal, discusses the pharmaceutical and biotechnology supply chain with John, covering: How a competitive family environment and navigating flight school in the Navy equipped him for a successful career Why a CDMO business is like managing chaos... under strict regulations The silver lining of the pandemic - quality time with his family Why he decided to leave Johnson Matthey after 30 years and take a 'title' step back Bringing PII back to its former glory and rebuilding a management team John Fowler brings more than 30 years of pharmaceutical and chemical industry experience to Pii. He most recently served as President and Chief Operating Officer of Piramal Pharma Solutions, a CDMO serving generic companies worldwide. Before joining Piramal, he was the Divisional CEO of the Global Fine Chemical business at Johnson Matthey. Mr. Fowler also held senior leadership roles in several business verticals at JM, including Pharmaceutical Materials and Services, Environmental Catalysts, and Technologies. He has a Chemical Engineering degree from Bucknell University and an MBA from St. Joseph University.   This episode of Molecule to Market is sponsored by Vetter, a global leader in aseptic filling solutions for injectable products in the pharmaceutical and biotech industries. Discover more about Vetter's comprehensive services, from early-stage development to commercial production, and how they support clients in delivering high-quality therapies to the market.   Please subscribe, tell your industry colleagues and join us in celebrating and promoting the value and importance of the global life science outsourcing space. We'd also appreciate a positive rating!   Molecule to Market is sponsored and funded by ramarketing, an international marketing, design, digital and content agency helping com

Cody Ebberson, CTO of Medplum, joins host Sam Taggart to discuss the constraints that working in regulated industries add to the software development process. They explore some general aspects of developing for regulated industries, such as medical and finance, as well as a range of specific considerations that can add complexity and effort. Cody describes how translating regulatory requirements into test specifications and automating those tests can help streamline software development in these regulated environments.  Brought to you by IEEE Computer Society and IEEE Software magazine.

It's all in the details, folks. Pay attention to those and you can avoid unnecessary stress. Dave Bittner, Maria Varmazis, and Joe Carrigan swap stories on email password-stealing attacks, Google ads scams, and fake banks this week. The team shares follow up from listener Steven from the UK about the hazards of shoulder surfing when they received their new debit card with all PII on the same side of the card. A friend of the show JJ shared a story and a warning about fake checks. Never accept a check from a stranger. Dave's story covers Action Fraud, the UK's national fraud and cyber reporting center, warning iPhone users of a new Apple ID phishing campaign. Maria talks about new research that uncovers a new scam that takes advantage of public wishlists on ecommerce websites, which in this case is Walmart, but is similar to those found on Amazon and other sites. Joe's story is about a firm in Singapore with an email from a supplier requesting that a pending payment be sent to a new bank account based in East Timor.  Our Catch of the Day is from Reddit on the /scambait subreddit "THE Dolly Parton is going to let ME in her VIP club." Links to the stories: iPhone Users Warned As New Email Password-Stealing Attacks Reported Walmart customers scammed via fake shopping lists, threatened with arrest Police recover over USD 40 million from international email scam THE Dolly Parton is going to let ME in her VIP club. You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

In this episode of Tech Talks Daily, Adam Glaser from Appian shares how generative AI is transforming enterprise technology and redefining how businesses operate. As the global appetite for AI grows, Appian's low-code platform stands out by making AI more accessible, allowing enterprises to build and deploy AI-powered applications without requiring extensive data science resources. Adam dives deep into how generative AI serves as a force multiplier across the board—from developers building and testing applications faster to end users interacting directly with AI-driven chat interfaces. A key focus of the conversation is Appian's patented data fabric, a virtualized data layer that addresses fragmented enterprise data. This architecture provides the foundation for AI to operate efficiently, pulling together disparate data sources into a unified system. Adam explains how this approach enables businesses to unlock the full potential of AI, helping enterprises tackle complex tasks such as document extraction, PII detection, and real-time data analysis. Throughout the episode, Adam presents several real-world examples where Appian's AI-enhanced solutions have delivered measurable results. From automating the accounts payable process for a U.S. fire protection company to improving student advising through AI chatbots at a large university, these stories reveal how businesses are achieving significant productivity gains and cost savings. In particular, the episode highlights how AI has revolutionized document processing, customer service, and data management, reducing errors and improving accuracy across industries. Adam also addresses the barriers to AI adoption, including common concerns around data privacy, job displacement, and unrealistic expectations. He offers practical advice for business leaders looking to integrate AI effectively, urging them to focus on tangible business outcomes and view AI as a tool to augment human capabilities, not replace them.