The world needs better data protection tech

Welcome to Runtime! Today: the most pressing problem in enterprise tech has nothing to do with finding GPUs, Microsoft's OpenAI investment comes under regulatory scrutiny, and the quote of the week.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

Won't someone think of the data?

Here's an OKR for business tech companies in 2024: Find the balance between your fascination with AI and the need to solve current-day real-world problems that are damaging the global economy and getting worse.

There was hope at one point that the collapse of the cryptocurrency market would dent the motivation to spread ransomware around the world, but that was wishful thinking. A report released this week by MIT's Stuart Madnick found that "there were more ransomware attacks reported in the first nine months of 2023 than all of 2022," and, of course, the crypto market is back in the black.

Just this week:

The CitrixBleed vulnerability has now ensnared more than 60 critical infrastructure providers, such as hospitals and financial services companies, according to security researcher Kevin Beaumont.
A new attack known as Cactus is spreading through malware embedded in online ads, which means companies can be affected even if they've patched all their vulnerable software.
And a class-action lawsuit is coming together to demand compensation for the millions of people affected by the MOVEIt vulnerability, one of the most damaging attacks yet recorded.

It's tempting to blame the victims of ransomware attacks for their own negligence — so many attacks could be prevented with timely patching — but it's never that simple.

Social-engineering attacks remain an enormous problem; just ask MGM.
Most companies and organizations can't afford to manage their software supply chain as diligently as the large enterprises that are under constant attack
The safest way to prevent data from being stolen is to disconnect it from the internet, which companies are starting to do upon discovering they've been hit with an attack in hopes of containing the damage, but that brings their entire business to a halt.
And moving infrastructure to a cloud provider where it can be automatically patched is not always an option for many of the businesses and organizations most at risk from a ransomware attack.

Cybersecurity has always been an arms race between attackers and defenders, and it's long past time to give defenders better tools.

Microsoft recently released an update on Project Silica, its attempt to create a glass-based storage medium for data.
If it comes to fruition, "the mechanical design of the media library also makes it impossible for media to find its way back into a writer, further guaranteeing the security of archived data for its entire lifetime," according to Microsoft Research.
There is always going to be some risk that frequently used data winds up in the wrong place, but if personal information and sensitive corporate data that doesn't need to be accessed that often can be stored in a hacker-proof (a dangerous term, of course) way, that could eliminate a great deal of the costly breaches we've seen this year.
In the meantime, Rubrik and other companies are working on immutable storage, which prevents changes to data after it is stored and could be a stop-gap solution.

If research into data protection could get half the attention and money currently being thrown at AI wizards that take notes for you so you can tune out during meetings, the world would see immediate benefits.

And there is most certainly a profit motive for whoever makes that breakthrough.

Living in a material world

Turns out Marketwatch asked a very good question about Microsoft's investment in OpenAI this week, and regulators took notice.

On Friday U.S. and U.K regulators started an informal inquiry into Microsoft's complicated deal with OpenAI, which grants it exclusive access to the startup's AI models in exchange for $13 billion in funding and a lot of Azure computing credits. Microsoft told Bloomberg that it doesn't need to report the details of that arrangement to financial regulators because it only owns 49% of the company, and therefore its stake is not material to its business, but it's not clear that anybody is buying that explanation.

That's because anyone paying attention over the last month is keenly aware that Microsoft plays an outsized role in OpenAI's affairs. The company has made a clear bet that OpenAI's technologies and CEO Sam Altman's leadership skills are key to the future of Microsoft, which means Friday's report from the Washington Post that Altman was fired after complaints that he was "psychologically abusive" to employees adds yet another layer to a complex relationship.

Quote of the week

"I think that as a developer … we're the first group to disrupt everyone. And then when disruption comes for us, we suddenly find reasons why it can't always work." — GitHub COO Kyle Daigle, on concerns that GitHub is moving too fast and too furious with AI enhancements to a key software-development workflow.

The Runtime roundup

D2IQ, the would-be Kubernetes challenger once known as Mesosphere, is shutting down and selling some assets to Nutanix after raising $250 million in venture funding, according to The Information.

Google apparently faked a video demo of its Gemini AI model to make it look more powerful. Whoever made that decision needs to reevaluate their training data.

European regulators agreed on the outlines of a sweeping bill to regulate AI, but it's not clear how it will be able to enforce many of its stipulations.

Thanks for reading — see you Tuesday!