As AI tools become more sophisticated, IT professionals find themselves speared on the horns of a dilemma: AI might make them more productive…but it also might automate them right out of a job.

IT Brew sat down with Christopher Mims, tech columnist for the Wall Street Journal, to discuss his new book, How to AI, which delves into the evolution of AI and how it has impacted the modern workplace.

Mims seeds the book with practical “laws” for AI, including “AI is a feature, not a product,” and “Don’t trust it, and always verify its work.”

While his examples of AI integration often focus on people in non-technical roles, much of his advice applies just as effectively to sysadmins, developers, and others busy figuring out how the technology can improve their workflows.

How Mims thinks you can future-proof your career.—NK

Where does the cybersecurity buck stop? Some experts point to third- or even fourth-party vendor plugins as a possible culprit for gaps in organizational security.

Those seeking to eliminate vulnerabilities in their cybersecurity infrastructure may want to seek assurance that the plug-ins provided by outside vendors are mitigating risk appropriately. This includes “fourth-party” vendors that provide data and tools used by subcontractors and others.

Erik Bloch, VP of security at Illumio, told IT Brew that “everybody’s leveraging third parties today” for critical data, but not everyone has visibility into what those vendors are doing.

“We’re seeing more and more of this where [attackers are] going after third parties,” Bloch said. “They don’t have to go after you if they know your data is stored somewhere else, right?”

How to mitigate these risks.—CN

Like parents on the playground, IT pros handling AI have a crucial decision to make: Is it time to remove this little one from the sandbox?

In the case of IT, this means AI models that are not yet trusted to access different parts of the network, which may hold sensitive data, so they’re isolated in a secure testing environment.

Leveraging AI without putting the company in a vulnerable position means putting guardrails into place. That’s why it’s necessary to have a sandbox for network and staging development, Ledger’s CTO Charles Guillemet told IT Brew. Running a security evaluation before deployment is always a good idea for professionals who want to leverage AI to its fullest extent.

“AI [tools] are not deterministic, and there are different studies that prove that AI could do the opposite of what you [wanted] under certain circumstances, so definitely you can’t really trust an AI,” Guillemet said. “If you implement an AI, give it access to sensitive data, but also to the internet and so on…you would expect the AI to keep this data confidential. There is no way to ensure this and to enforce this, so you need to create the conditions that will prevent the AI [from doing] that.”

Why segmentation is key.—CN

AI and cloud computing are adding new complexity to virtual environments. Here’s how emerging workloads, containerization, and automation are changing infrastructure expectations for IT teams.