Hello Leaders,

With the daylight savings returning this weekend, you will lose an hour of sleep. However, we don't want you to lose sleep over missing critical news. That's why we are reviewing dozens of headlines to highlight a handful that your IT leadership must act on.

​

1. Search engines and LLMs cache could expose your data

Lasso, an Israeli cybersecurity company, discovered that contents of its private Github repositories were showing up in Microsoft’s Bing search engine. These repositories were mistakenly configured as public for a brief period. Bing and Copilot likely picked them up during that period. Even though the repositories were later made private, Bing and Copilot retained the data in their cache / memory.

​

While there are ways to request removal of personal data from LLMs, removing enterprise data can be tricky. Removing data from search engines, however, is relatively easier. For example, here is a link to Google's removal request process:https://support.google.com/webmasters/topic/9164606​
​

Actions you could take

Review the access policy of your repositories and public facing systems. When adjusting the policy, test major search engines and LLMs for potential data leak.
​

Further Reading

​https://www.computerworld.com/article/3808609/openai-opposes-data-deletion-demand-in-india-citing-us-legal-constraints.html​
​

2. Modernize your legacy code using AI

In recent months the LLMs have shown significant improvement in its ability to write code. This week one user shared an executable file of Visual Basic code, written 27 years ago, with Claude. Claude converted it to Python and the code worked in first try.

​
While this was likely not as sophisticated as an enterprise business application, but the result is of significant importance. Government and financial institutions continue to run COBOL code written several decades ago. Similarly, healthcare organizations have legacy systems written in MUMPS which continue to exist.
​

Actions you could take

• With models continuously evolving, regularly experiment with AI to modernize your legacy code. Further, with AI models becoming multi-modal, consider supplementing the code with screenshots, input and output samples, documentation, etc. to improve code quality.
• Supporting legacy code without documentation can be challenging. LLMs can also be used to generate documentation, search for specific functions, find vulnerabilities etc.
  ​

Further Readinghttps://www.reddit.com/r/ClaudeAI/comments/1iyumpf/i_uploaded_a_27yearold_exe_file_to_claude_37_and/?rdt=40238​

​https://arxiv.org/pdf/2410.24119​

​https://arxiv.org/pdf/2412.01333​

​
​3. VMWare vulnerability

Broadcom has notified customers of 3 vulnerabilities because of which a threat actors could access the hypervisor through a guest virtual machine. However, this is only possible where the attacker has privileged access to a virtual machine’s guest OS.

​
These vulnerabilities are impacting VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform.

​
​Actions you could take

Consider adopting this Zero Trust strategy developed jointly by DoD and Microsoft - https://dodcio.defense.gov/Portals/0/Documents/Library/ZTCapabilitiesActivities.pdf

​
​Further Reading

​https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390​

​https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004​

​
​

4. Turing award winners caution

Winners of 2024 Turing award, Andrew G. Barto and Richard S. Sutton, for their work in reinforced learning, criticized current AI developments as “too fast, too untested, and too profit-oriented.”

​
​Actions you could take

Review your AI Governance framework and ensure you are prioritizing responsible AI principles instead of quick wins.

​
​Further Reading

​https://www.ft.com/content/d8f85d40-2c5b-4a2b-b113-87fa8e30f61b​