Avoiding blind trust in digital workflows

As an industry, we’ve poured billions into #ZeroTrust for users, devices, and networks. But when it comes to software - the thing powering every modern business, we’ve made one glaring exception: OPEN SOURCE SOFTWARE! Every day, enterprises ingest unvetted, unauthenticated code from strangers on the internet. No questions asked. No provenance checked. No validation enforced. We assume OSS is safe because everyone uses it. But last week’s #npm attacks should be a wake-up call. That’s not Zero Trust. That’s blind trust. If 80% of your codebase is open source, it’s time to extend Zero Trust to the software supply chain. That means: • Pin every dependency. • Delay adoption of brand-new versions. • Pull trusted versions of OSS libraries where available. #Google's Assured OSS offering is a good one for this. • Assess health and risk of malicious behavior before you approve a package. • Don’t just scan for CVEs—ask if the code is actually exploitable. Use tools that give you evidence and control, not just noise. I wrote more about this in the blog linked 👇 You can’t have a Zero Trust architecture while implicitly trusting 80% of your code. It's time to close the gap and mandate Zero Trust for OSS. #OSS #npmattacks #softwaresupplychainsecurity

Monday WFM Tip 4: The Hidden Danger Lurking in Your WFM Data Back in 2022, I wrote 100 WFM tips for Call Centre Helper Magazine: https://lnkd.in/epKaPg2m. Over the coming weeks, I intend to expand on each of these tips with further thoughts. Ever caught yourself nodding confidently at those beautifully formatted reports from your WFM solution? The clean lines, the precise percentages, the reassuring graphs that tell you everything is under control? We've all been there. But here's the uncomfortable truth... your WFM data might be lying to you. I've learned that blind trust in WFM solution data is a risky business strategy. As I often say "The 1st rule of forecasting is that all forecasts are wrong." But there's more to it than just forecasting accuracy. The issue runs deeper. Every data point in your WFM ecosystem has travelled through multiple systems, been transformed by various algorithms, and passed through several human hands before landing in your reports. Each transition creates an opportunity for errors to creep in. So how do we protect ourselves from making critical business decisions based on flawed data? Regular Source Validation: Establish a cadence for checking data at various input sources. Are your AHT calculations capturing after-call work accurately? Is your shrinkage accounting for all offline activities? These small discrepancies compound quickly. Cross-System Reconciliation: Your WFM solution shouldn't exist in isolation. Regular comparison with CRM data, telephony records, and quality management systems helps identify inconsistencies before they become problematic assumptions. Calibration Integration: This is where most organisations miss a trick. Your operational calibration sessions aren't just for quality monitoring-they're gold mines for validating WFM data authenticity. Incorporate specific WFM data validation into these sessions for a more holistic approach. Good things happen when we stop seeing WFM data as an infallible source of truth and start treating it as a useful but imperfect tool requiring constant refinement. What data assumptions might be lurking in your WFM reports today? When was the last time you validated your solution's outputs against raw source data? How might regular calibration improve your data integrity? If you liked this post and would like to discover more of my thoughts on Workforce Management topics: https://lnkd.in/e4gTRARz

𝗧𝗵𝗲 𝗺𝗼𝗿𝗲 𝘄𝗲 𝘁𝗿𝘂𝘀𝘁 𝗔𝗜, 𝘁𝗵𝗲 𝗹𝗲𝘀𝘀 𝘄𝗲 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻 𝗶𝘁. That’s the paradox from a recent Carnegie Mellon study. Just as AI becomes smarter and more “accurate,” we become less critical. Less likely to challenge, verify, or think for ourselves. That should worry every transformation leader. Because in regulated spaces like banking and fintech, 𝗯𝗹𝗶𝗻𝗱 𝘁𝗿𝘂𝘀𝘁 = 𝗿𝗲𝗮𝗹 𝗿𝗶𝘀𝗸. The best leaders I work with aren’t asking, “Can we use AI here?” They’re asking, “How do we use it without losing our judgement?” Here’s what I recommend: • Treat AI as a 𝘁𝗵𝗼𝘂𝗴𝗵𝘁 𝗽𝗮𝗿𝘁𝗻𝗲𝗿, not an answer engine. • Keep your 𝗱𝗼𝗺𝗮𝗶𝗻 𝗲𝘅𝗽𝗲𝗿𝘁𝘀 𝗶𝗻 𝘁𝗵𝗲 𝗹𝗼𝗼𝗽 - especially compliance and ops. • Build in 𝗳𝗿𝗶𝗰𝘁𝗶𝗼𝗻 - pause points that force teams to question outputs. • And rethink how you define “smart”. - It’s not about knowing answers. It’s about knowing what questions to ask. AI isn’t replacing critical thinking. It’s raising the stakes for it. How are you or your team keeping sharp while adopting AI? 👇 Drop your favourite check or technique below. #AI #Transformation #Fintech #Banking #Compliance #DigitalLeadership #KarakorPerspective

Blind trust is not a virtue in tech. It’s a shortcut to chaos. Today, AI is quickly being woven into every layer of decision making, we need fewer cheerleaders and more questioners. The ability to ask sharp, inconvenient, evidence seeking questions is not a “nice to have.” It is a survival skill. Skepticism is not cynicism. It is how we uncover what AI hides behind layers of probability and patterns. It is what reveals when a model was trained on biased data but sold as neutral. It is what exposes when automation is pitched as intelligence but delivers little more than glorified output checking. It is how we remind ourselves that AI may be fast, but speed without scrutiny is just error at scale. Here’s the question not enough people are asking: - What problem are we solving? - Is the problem even worth solving with AI? - Could it be solved through simpler, more transparent means? If you’re in testing, product, engineering or leadership, and you’re not asking: • What problem are we solving and for whom? • Why do we think AI is the right solution? • What data was used to train this model? • What edge cases were ignored? • Who benefits from this decision and who loses? • What are we not measuring that we should? Then you’re not engaging with AI. You’re surrendering to it. The best minds in the industry are not the loudest voices hyping the future. They are the quiet forces holding the present accountable. Ask better questions. Demand evidence. Challenge the solution. Make skepticism your superpower. That’s how we build trust in AI. Not through marketing slides. But through curiosity, courage and conviction. #softwaretesting #softwareengineering #aiethics #criticalthinking #trustworthyai #brijeshsays

Last month, a platform team told me something brutal. “We love AI. But there’s no way we’re letting it touch prod.” Why? Because every time they tested an agent, it behaved differently. Same prompt. Different outcome. In one case, it even skipped a critical approval step. At Kubiya.ai, we took a different path: every AI request compiles into a deterministic DAG. Same input, same output. Every time. This one design decision changed everything. Now, engineers run incident workflows, CI/CD tasks, and even permission escalations, without babysitting. They no longer have to trust AI blindly; they can just trust the plan. One thing is clear today: If you're serious about AI in production, you can’t compromise on determinism.

Why do AI models hallucinate?🤔 OpenAI's latest research paper reveals why AI systems confidently provide incorrect answers, and it changes everything about enterprise AI strategy. Research shows language models don't hallucinate because they're broken. They hallucinate because we trained them to guess confidently rather than admit uncertainty. Think about it: On a multiple-choice test, guessing might get you points. Leaving it blank guarantees zero. Our AI evaluation systems work the same way, rewarding confident wrong answers over honest "I don't know" responses. Most companies select AI using accuracy benchmarks that literally reward the behavior that destroys trust. We're optimizing for confident guessing instead of reliable uncertainty. This creates a massive blind spot for AI-Native organizations: → Strategic decisions based on confident but incorrect AI analysis → Compliance risks from fabricated but authoritative-sounding guidance → Employee trust erosion when AI confidently delivers false information → Legal liability from AI hallucinations in customer-facing applications. The real test for AI, especially agentic systems, isn’t how fast they respond, but whether they know when to hold back. Enterprise adoption won’t be driven by new features or raw speed. It will be driven by trust, the ability of agents to signal doubt as confidently as they deliver answers📈 At Beam AI, we tackle hallucinations by combining structured workflows with agent reasoning and continuous evaluation. Instead of relying on AI to guess, our agents follow SOP-based flows, apply intelligence only where judgment is needed, and escalate to humans when confidence is low. Every output is evaluated against accuracy criteria, and agents learn from feedback to improve over time. The result: automation you can trust, even in complex, high-stakes environments.

“𝐀𝐬𝐬𝐮𝐦𝐞 𝐧𝐨𝐭𝐡𝐢𝐧𝐠. 𝐕𝐞𝐫𝐢𝐟𝐲 𝐞𝐯𝐞𝐫𝐲𝐭𝐡𝐢𝐧𝐠.” That’s the foundation of 𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭. And in today’s globally distributed, tech-enabled supply chains, it’s no longer just a cybersecurity term. It’s a business mindset. One that’s quickly becoming non-negotiable. 🔐 Supply chains today (to achieve speed and efficiency) operate across: • Cloud systems • IoT networks • Third-party vendors • Remote teams Each adds value but also introduces new vulnerabilities. What I’m noticing in future-ready organisations is a mindset shift: From “trust by default” → to “trust by design.” Here’s what that looks like 👇 ✅ Continuous verification — Every device, user, and application is authenticated. No assumptions. ✅ Least-privilege access — No blanket permissions. Roles and context define access. ✅ End-to-end visibility — Real-time monitoring to detect, respond, and recover; not just prevent. But this isn’t just IT’s problem. Supply chain leaders need to ask: • Are our partner integrations creating blind spots? • How secure is the data we exchange daily? • What’s our plan when trust is compromised? In the best-run operations, Zero Trust is not a tech project but embedded in culture, design, and decision-making. 🧠 It’s not about paranoia. It’s about preparedness. And building confidence into every link of the chain. Given the criticality of digital integration and sharing of data for supply chain efficiency, would love to know how you are rethinking trust and access across your supply network. #supplychainsecurity #zerotrustarchitecture #digitalresilience #digitalsupplychain #supplychainefficiency

Talk to most general contractors or owners and ask why BIM adoption stalls. You’ll hear about tools. Standards. File formats. Interoperability. But the real issue starts earlier. The project team doesn’t trust each other enough to share. Here’s what I see on most large construction projects: The MEP subcontractor models everything, but keeps the real file local The architect uploads exports, not source files The GC runs clash detection separately The client expects a coordinated handover, but no one owns it Every party says: “We’ll share later… once we’re ready” Everyone is waiting. Everyone is protecting scope. Everyone is working in silos. By the time “later” arrives, it’s already too late. What’s the cost of that delay? Version mismatches that cause rework onsite Weeks lost coordinating between stakeholders who should’ve been aligned Data dead-ends where files don’t connect across systems Handover chaos that’s nobody’s job, but everyone’s problem And once it falls apart, teams say: “See? Digital doesn’t work.” But what didn’t work wasn’t BIM. It was the governance. When we roll out Catenda on projects, we don’t start with technology. We start with behavior. We ask: Who shares models, and when? How are issues resolved, and by who? What are the default behaviors, not just the documented ones? Because if your workflows depend on people acting against their incentives, you don’t have a workflow. You have wishful thinking. The fix isn’t just openBIM or CDEs or integrations. The fix is getting every stakeholder to believe that collaboration creates more value than isolation. It’s slow. It’s political. It doesn’t always work. But when it does, everything changes. If you're rolling out BIM standards, tools, or platforms, ask yourself: Are we solving for the tool? Or are we solving for the trust? Because fragmentation isn’t a technical bug. It’s a cultural default.

Everyone's Using AI – But Do You Know Where Your Data Is Going? Or more critically... who’s viewing it? Most organisations are embracing ChatGPT – but few understand the operational risk behind the buzz. LLMs are powerful. But without proper governance, they're a liability. Security teams are worried, CIOs are unsure, and sales leaders are using tools they don't fully control. Most companies allow – or worse, ignore – AI use without understanding where and how data flows. The consequences? - Confidential data leaked through public LLMs - GDPR violations from uncontrolled data residency - Shadow IT and no audit trail - Blind trust in "safe" tools like Microsoft Copilot Treat AI tools as you would any enterprise software: audit, govern, and integrate them properly. So what’s the safest setup? Here’s the LLM Risk Hierarchy every exec must know: - Public ChatGPT on a home network - Public ChatGPT on company network - ChatGPT Teams/Enterprise - OpenAI API (Hosted Platform) - Azure OpenAI API - Self-Hosted Azure OpenAI Want to know where Microsoft Co-Pilot and Zapier fits? See the Carousel. AI security isn’t optional. Every AI workflow is a data workflow. And every data workflow needs governance. If you are confused by AI and data security, worry no more. See the carousel. Interested in speaking AI? DM me for a chat.