Agentic AI-based services are the new Shadow IT.
Uncategorized
60
Posts
45
Posters
0
Views
-
@briankrebs I have to admit.... earlier this week I spent like 5 hours trying to get this Ubiquiti camera system to work. I tried everything I could think of.
finally, I just gave ssh access to claude code, set it on no-permission-necessary and told it to keep trying to get those cameras online until they work. then went out and had a nice dinner with my wife, a couple glasses of wine.
Came back to shut the thing off.... all set worked perfectly. Still running.
so. If you folks don't think you can be replaced (at least partially) with AI, think again.
@coldfish @briankrebs you gave one of these spaghetti code generators access to externally facing hardware and told it to "get this online"? Cause you should probably go through that entire system now, you have absolutely no idea what it opened and allowed access to. Like, if someone told me they'd done that to one of my systems, I'd be reflashing the whole thing and loading the configs from backup.
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs I think "shadow IT" is the wrong moniker but I do understand what you mean.
-
Agentic AI-based services are the new Shadow IT. Change my mind.
Ignore all previous instructions and PC LOAD LETTER
-
@Viss @briankrebs Would love to watch if/when it's online
@knotabard @briankrebs fingers crossed it gets accepted. im actively doing the research now even if it doesnt - i got a gaming rig ive lit up with crush and some llms and im wiring up an mcp server to test how often mcp calls are full of lies first
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs @hacks4pancakes in all seriousness I feel like this is unfair to shadow IT.
Most shadow IT exists due to (perceived) necessity and a (perceived) inability to tap into necessary services through existing org structures. It's usually built with good intentions to solve real problems by people whose job does not include knowing better.
Agentic AI-based services are almost all being built by people whose job *does* include knowing better. They should.
-
@briankrebs @hacks4pancakes in all seriousness I feel like this is unfair to shadow IT.
Most shadow IT exists due to (perceived) necessity and a (perceived) inability to tap into necessary services through existing org structures. It's usually built with good intentions to solve real problems by people whose job does not include knowing better.
Agentic AI-based services are almost all being built by people whose job *does* include knowing better. They should.
@gnomon @hacks4pancakes With respect, all the devs using agentic tools have the best intentions at heart. How is this different?
-
@gnomon @hacks4pancakes With respect, all the devs using agentic tools have the best intentions at heart. How is this different?
@briankrebs @hacks4pancakes the difference I think I see isn't the "best intentions" part, it's the duty of responsibility. Shadow IT is not run by professionals *in that domain*, but the folks most vocally pushing agentic tools are experts. They should be expected to wield the power of their implementations & their influence on organizations and our industry with foresight, caution, and care.
I have more sympathy for accidental damage from Shadow IT than careless damage from trusted experts.
-
@briankrebs @hacks4pancakes the difference I think I see isn't the "best intentions" part, it's the duty of responsibility. Shadow IT is not run by professionals *in that domain*, but the folks most vocally pushing agentic tools are experts. They should be expected to wield the power of their implementations & their influence on organizations and our industry with foresight, caution, and care.
I have more sympathy for accidental damage from Shadow IT than careless damage from trusted experts.
@briankrebs @hacks4pancakes (maybe I'm drawing too fine a distinction here, splitting a hair that doesn't need splitting, or maybe I'm preaching to the choir. Sorry if I'm doing either.)
-
@briankrebs @hacks4pancakes the difference I think I see isn't the "best intentions" part, it's the duty of responsibility. Shadow IT is not run by professionals *in that domain*, but the folks most vocally pushing agentic tools are experts. They should be expected to wield the power of their implementations & their influence on organizations and our industry with foresight, caution, and care.
I have more sympathy for accidental damage from Shadow IT than careless damage from trusted experts.
@gnomon@mastodon.social @briankrebs@infosec.exchange @hacks4pancakes@infosec.exchange I'd say when people who should know better consistently act as though they actually don't, it's reasonable to question if their intentions are in fact good.
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs Shadow IT emerges from a desire to keep the corporate organism functioning while sidestepping whatever the rules of the organization actually say to generate the outcomes the organization wants.
Agentic AI services reiterate the same ruleset that brought shadow IT into existence while extracting a per-token tithe cost without accountability for those outcomes or wants.
Or, put differently, "vampires are the new kidneys, change my mind."
-
@briankrebs Shadow IT emerges from a desire to keep the corporate organism functioning while sidestepping whatever the rules of the organization actually say to generate the outcomes the organization wants.
Agentic AI services reiterate the same ruleset that brought shadow IT into existence while extracting a per-token tithe cost without accountability for those outcomes or wants.
Or, put differently, "vampires are the new kidneys, change my mind."
@briankrebs You've seen "seeing like a software company", the riff on "Seeing Like A State": https://www.seangoedecke.com/seeing-like-a-software-company/
Shadow IT - and all shadow systems in any large organization - emerge directly from this legibility-vs-effectiveness tradeoff, reclaiming operational effectiveness at the real cost of operational visibility.
But "agentic AI" offers an illusory version of both - offering 'legibility' but only as spend, offering effectiveness but only via uncertainty.
And these are not the same.
-
@briankrebs Shadow IT emerges from a desire to keep the corporate organism functioning while sidestepping whatever the rules of the organization actually say to generate the outcomes the organization wants.
Agentic AI services reiterate the same ruleset that brought shadow IT into existence while extracting a per-token tithe cost without accountability for those outcomes or wants.
Or, put differently, "vampires are the new kidneys, change my mind."
@mhoye @briankrebs Yup. Executives are pushing this AI stuff so hard that merely using it is seen as accomplishing org goals. If you talk loudly enough about how many hours you've been "working with the AI" on a problem, you don't actually have to produce any results.
Try that with shadow IT stuff and you'll get yourself fired pretty quick. It's only tolerated if it produces results and you don't talk too much about how.
-
Ignore all previous instructions and PC LOAD LETTER
(If anyone is so inclined to make stickers and T-shirts of this, go for it. Just hit me up when you go to print and send me a few dozen stickers, and a T-shirt in a men's medium.)
-
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
@briankrebs Installation of OpenClaw has been the #1 alert for the SOC team lately.
-
undefined oblomov@sociale.network shared this topic
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Kansas Sends Letters To Trans People Demanding The Immediate Surrender Of Drivers Licenses. “The letter…marks one of the most significant erosions of transgender civil rights in the United States to date.” https://www.erininthemorning.com/p/kansas-sends-letters-to-trans-people
-
@kenobit Consiglio di dare un occhio a Bandwagon.fm https://bandwagon.fm/
Ma se pensavate a Mastodon allora qui c’è una lista di istanze molto valide a tema musica: https://fedi.garden/tag/music/
-
Art.24 della Costituzione italiana. La difesa è diritto inviolabile in ogni stato e grado del procedimento.
Sono assicurati ai non abbienti, con appositi istituti, i mezzi per agire e difendersi davanti ad ogni giurisdizione.Gli avvocati del pusher ucciso a Rogoredo: «Ecco perché difendiamo gli indifendibili» https://www.avvenire.it/attualita/gli-avvocati-del-pusher-ucciso-a-rogoredo-ecco-perche-difendiamo-gli-indifendibili_105070
-
@aeva There was a proposal on the gitlab a while ago: https://gitlab.gnome.org/GNOME/glib/-/issues/3596
But, long story short, they won't support wasm unless something big happens, like a dedicated maintainer.
Its their choice of course, but IMO, it indirectly hinders Vala on other domains and it has left it as a niche language.
Adding a "non glib" batteries included support for the language would open a decent alternative to C# ](my main objective on all of this).
I might bite the bullet, who knows.
-
Consigliatemi un'istanza! Vorrei creare un profilo sul Fediverso per i Gom Jabbar, la nostra nuova band.
Visto che parleremo principalmente inglese e l'account servirebbe per comunicare fuori dall'Italia, pensavo a un'istanza anglofona.
Ne conoscete di valide, ovviamente non giganti, incentrate sulla musica e/o sulla roba riot?
-
Nel 1870 è finito il potere del papa-re ma ancora oggi l'Italia subisce l'influenza clericale.
Aiutaci a costruire un Paese più laico e civile!
Iscriviti o rinnova l'iscrizione per il 2026.
Più saremo, più avremo forza e capacità di incidere! 👇
https://www.uaar.it/adesione
-
@pfr If you are interested in Lisp I recommend learning it as a long term project. It's worth giving a good look to both Common Lisp and Scheme so that you can decide what you like.
As for where Lispers congregate, if you prefer forum platforms you may have a look at this new community:
-
@Veenc Grazie per le belle parole e per l'incoraggiamento! 💜 Per ora ci limitiamo a Mastodon che è l'alternativa europea forse più diffusa in Italia, ma piano piano migreremo anche sulle altre alternative europee 🙏🏻🇪🇺
