ISSUE 309: AI’s Black Box Problem

“As more organizations embrace the cloud native computing model to build applications quickly and at scale, development teams need greater autonomy. Infrastructure-as-Code enables that autonomy.”

As the tech stack grows, the list of technologies that must be configured in cloud computing environments has grown exponentially and increased the complexity in the IT infrastructure. Every layer of the stack comes with its own implementation of encrypted connectivity, client authentication, authorization and audit. So the challenge for developers and DevOps teams is to properly set up secure access to the hardware and the software throughout the organization.

In this episode of The New Stack Makers podcast, Ben Arent, developer relations manager, Teleport, discusses how to address the hardware, software and peopleware complexity that comes from the cloud by using tools like Teleport 9.0 and the company’s first release of Teleport Machine ID. Alex Williams, founder and publisher of The New Stack, hosted this podcast.

AI’s Black Box Problem

This week, the owners of The New Stack, venture capital investment firm Insight Partners, held a conference in New York exploring the future of artificial intelligence. The good news that came from ScaleUp:AI is that AI is providing a lot of value to organizations. But like any valuable new technology, there are engineering tradeoffs to consider. Any successful machine learning operation comes with a set of new challenges.

At the show, PayPal Data Science Senior Director Janice Tse revealed that PayPal has cut its fraud rate by 50% thanks in part to an internal AI fraud detection system. “An algorithm can learn a lot more patterns,” she said. “Fraud is so dynamic. It’s changing all the time.” Nicholas Warner, CEO of SentinelOne, also made a compelling case that enterprise security protection will increasingly rely on AI, as malicious attackers are already turning to AI to automate and customize their transgressions.

However, the conference also showed that accountability is proving to be a factor in AI operations as well. It’s not good enough for AI to come with answers: it needs to show its work as well. The health care industry can’t use “black box” AI solutions, said Humana’s Heather Carroll Cox. The industry needs providers who can provide documentation on how results were produced, for governance and risk management.

She was concerned about how AI systems may embed the cultural biases of its creators. Banking giant Wells Fargo, for instance, has come under fire for allegedly discriminatory algorithms.

In another panel, Jared Dunnmon of the U.S. Defense Department’s Defense Innovation Unit, agreed with this sentiment. As the stakes increase for AI systems, he argued, it is those companies that have thought through the AI ethics that will have a competitive edge. Functional AI is responsible AI, he said.

Redis Puts (Almost) Everything Under a Single Module

Redis has been trying to extend beyond its considerable reputation as a data caching provider. This is manifested in its release of Redis Stack: a single module intended to help NoSQL developers by regrouping a number of components in one interface.

SpringShell Brings Hell to Java Developers

SpringShell is a new Java Development Kit’s (JDK) Spring Framework Remote Code Execution (RCE) vulnerability (CVE-2022-22965). Some people have given it a monstrous Common Vulnerability Scoring System (CVSS) score of 9.8. That means you should patch it before you even finish reading this article.

Why Literate Programming Might Help You Write Better Code

Literate programming is an approach to programming in which the code is explained using natural language alongside the source code. This is distinct from related practices such as documentation or code comments; there, the code is primary, with commentary and explanation being secondary. In literate programming, however, explanation has equal billing with the code itself. Read all about how it works here.