This is the published version of Forbes’ CIO newsletter, which offers the latest news for chief innovation officers and other technology-focused leaders. Click here to get it delivered to your inbox every Thursday.
The long-awaited announcement of Apple’s full entry into the generative AI space finally came this week, and investors and fans have responded with enthusiasm.
At Apple’s annual Worldwide Developers Conference on Monday, CEO Tim Cook unveiled “Apple Intelligence,” the company’s banner name for the generative AI functions coming to Apple products. Apple Intelligence will be available on users’ newer model iPhones, Macs and iPads, and will be able to improve email writing; generate images, emojis and video slideshows from a typed or spoken prompt; easily search photo and email data; and upgrade the Siri assistant to have more recall and contextual capabilities. OpenAI’s ChatGPT will also be integrated into the phone and available to users.
In its announcement, Apple addressed the privacy concerns many users have about generative AI technology. Because of the compute power needed, certain generative AI functions happen in the cloud, meaning user data travels somewhere out of their control. Forbes senior contributor John Koetsier writes many of the Apple Intelligence functions will happen on devices themselves, so that data stays local. Forbes senior reporter Robert Hart adds that Apple is also prepared for a future of higher-level generative AI applications, developing a new privacy-preserving way of sending encrypted data to cloud servers when necessary. The ChatGPT integration with Apple Intelligence is not automatic, Koetsier writes; users will need to give permission to share their data with ChatGPT before their query is sent.
Analysts and investors have been enthusiastic about Apple Intelligence. (One notable person who isn’t so far is Elon Musk.) Apple Intelligence will run on the next iteration of iOS and will need at least an iPhone 15, which launched last September. Analysts say the beta launch of Apple Intelligence this fall could drive many users to upgrade their devices, which in turn bolsters Apple’s revenues. This week, Apple stock hit an all-time high with shares crossing $200 for the first time ever. That enthusiasm bolstered Apple’s market cap, briefly surpassing Microsoft as the world’s most valuable company, and putting it in position to easily slide back into the top slot.
While Apple is far from the first company to integrate AI into its product, the way it’s adding the technology is different. The privacy aspects alone solve a major problem many users have seen with the technology,but will Apple’s latest incentives be enough to convince users to make long-deferred upgrades to their devices? In April, Consumer Intelligence Research Partners reported Apple was getting only a third of new smartphone activations. After the iPhone 15 launched in September, CBS News reported Wedbush Securities estimated 250 million phones had not been upgraded in four or more years. Those numbers are likely to change soon.
Generative AI aside, cybersecurity is a critical function for every company. As companies started recognizing threats posed in this arena decades ago, many added chief information security officers to their C-suites, separate and apart from their CIOs. J.J. Guy, cofounder and CEO of cybersecurity platform Sevco Security, told me it’s time to do away with the CISO role and move everything related to IT under the CIO’s leadership. An excerpt from our conversation is later in this newsletter.
NOTABLE EARNINGS
Apple isn’t the only company to see its value soar this week. Oracle saw its stock skyrocket more than 10%—increasing CEO Larry Ellison’s net worth by more than $15 billion—after it reported earnings Wednesday morning. While the enterprise software giant actually missed analysts’ expectations and saw just 3% year-over-year revenue growth, the company also announced some of the largest sales contracts in its history. It’s partnering with Microsoft and OpenAI to bring the generative AI startup more computing capacity, while Oracle is also bringing its database to Google Cloud. Analysts responded positively to the developments, even though Oracle has quite a massive backlog of work to perform. “The AI narrative is powerful enough to lift sentiment,” UBS analysts said in a note reported by CNBC.
ARTIFICIAL INTELLIGENCE
The battle over copyrighted content and generative AI continues. AI-powered search startup Perplexity appears to be plagiarizing journalists’ work through newly launched feature Perplexity Pages, which lets people curate content on a particular topic. Multiple posts that have been “curated” by the Perplexity team on its platform are strikingly similar to original stories from multiple publications, including Forbes, CNBC and Bloomberg—the only attributions are small, easy-to-miss logos that link out to them.
When questioned about a “story” that was eerily similar to an exclusive and premium article published by Forbes, Perplexity CEO Aravind Srinivas said the new product feature had some “rough edges.” As Forbes Chief Content Officer Randall Lane writes, “it’s the perfect case study for this critical moment,” highlighting the ethical challenges in generative AI and how its misuse threatens the integrity of journalism.
This isn’t the first time a publisher has taken issue with a generative AI company for output that is too similar to copyrighted content. Nonfiction writers filed a class action lawsuit against OpenAI and Microsoft in November, claiming that they trained ChatGPT and its later versions on copyrighted materials from their works and academic journals without consent. The New York Times filed a similar lawsuit against OpenAI and Microsoft in December.
LEGAL ISSUES
Just as Elon Musk started broadcasting his issues with Apple’s integration with OpenAI, he quietly ended another fight he’d started with the company. On Tuesday, Musk withdrew the lawsuit he filed against OpenAI in March that accused the company of abandoning its non-profit promise. (Incidentally, the withdrawal came a day before a judge was set to hear OpenAI argue its motion to dismiss the case.) Musk, who was an OpenAI cofounder in 2015, stepped away from the company in 2018. He has frequently criticized OpenAI cofounder and CEO Sam Altman for making OpenAI a for-profit entity—especially since the company has a close relationship with Microsoft, which has been a major benefactor and partner. There was no explanation for the lawsuit’s dismissal, but considering Musk’s posts about the Apple partnership, his feud with OpenAI is likely far from over.
BITS + BYTES
Why Sevco Security CEO J.J. Guy Says The CISO Needs To Go
Sevco Security CEO J.J. Guy has had a long career in cybersecurity, and he says that the current organizational structure with both a CIO and CISO sets companies up for failure. Streamlining both IT operations and security under one department is the best way to combat today’s security threats, he told me. This excerpt from our conversation has been edited for length, clarity and continuity. A longer version is available here.
What do you see as the biggest issue in the way companies handle cybersecurity?
Guy: Twenty years ago, we started the process of splitting security out into a separate organization. At the time, we were thinking of it as an independent audit activity on top of IT, where it keeps the independence of security. About 10 years ago, we elevated security leaders to the CISO to give them more visibility and recognize the increased importance of security to overall corporate influence. We also started investing a lot into security. Security teams as a whole have gained a lot of discipline over the course of the 10 years since then.
Now, where our world is today, we’re starting to reach the point of diminishing returns on continued investment in security. The same kind of investments are not going to see the same level of increases in security programs because we built on top of a weak foundation. We’re to the point where security has to depend on IT to improve their identification. CISOs, for example, are accountable for the security of every single device on the enterprise network, but who’s responsible for giving them the list of those devices? IT, and IT does not have an accurate inventory of all the devices that the organization owns. It is an incredibly difficult position for any CISO out there because they are accountable for a list of assets that they don’t even know what they are. They don’t have the tools, resources, responsibility and organizational alignment to do so. Their colleagues over in IT do, but as they go over to IT and ask for it, they get nothing but big blank stares.
Bringing that back to vulnerabilities, the CISO is responsible for ensuring that all the most critical vulnerabilities across an organization are fixed, but it is IT that owns the remediation of those vulnerabilities. And in many organizations, the remediation doesn’t work, or it’s not working effectively, or it’s not efficient. There’s all sorts of challenges associated with it in the execution of the operations. What normally works out is the IT team says, ‘Hey listen, we’ve got a service desk. They’re working as fast as they can. Those guys are working hard. You just give us a list of the most important vulnerabilities, Mr. CISO, and we will put them in the queue and work those tickets as quickly as we can.’
You know what happens? The backlog of vulnerabilities grows and grows, and suddenly we’re having to talk about, ‘I need more technology to prioritize vulnerabilities.’ No, you don’t. You need to go fix your remediation problems. But that’s IT’s responsibility, it’s not the CISO’s. And CISO can’t tell the CIO, ‘Hey guys, you’re screwing it up and you’ve got issues over here,’ because you have this whole organizational challenge between the accountability and responsibility. Nobody is saying, ‘Let’s go dig in and find the root cause.’
There are major security risks out there that companies face, like malware, ransomware, phishing hacks. What is the bigger threat? The issues with the organizational structures, or these bad actors?
The solutions and activities necessary to counter those threats are the same as any other security issue. And 100%, organizations would be much better positioned by first cleaning up their organizational challenges before trying to go attack those things directly. Those things are the threat of the day, and they’re going to ebb and flow over time. The challenges in responding to them and mitigating the risks associated with them are the same as everything else I'm describing. Where would I start with responding to phishing attacks? Organization? It’s always an org problem. These are not technology problems. They are org problems.
What kind of advice would you give to a CIO or CISO who is thinking along the same lines that you are, but is not quite sure where to begin to bring things under one organization?
Get out of the day-to-day technology that we all deal with, that preoccupies us. Sit down and draw the org chart. Build a RACI model. For any one of the core activities that are top level, understand where those cross departmental lines, and then zero in on those. Have an honest conversation with your colleagues. Let’s not be constrained by the old way of thinking and the way it’s always been done, because clearly the way it’s always been done didn’t work very well for us. We all know disparity in accountability and responsibility leads to problems, and we all know that the security programs we have today aren’t going to continue to scale. We’re not there yet. Put those things together and identify some of the root challenges of an org and a team structure that makes it faster, more efficient, simpler, more effective, and start the conversation.
FACTS + COMMENTS
Facebook and Instagram parent company Meta faces legal challenges in Europe over plans to use both public and non-public data to train its AI models, which the company says is permissible under current privacy laws.
11: Number of countries in which challenges have been filed by privacy campaign group Noyb
2007: The first year in which the intended training data was collected
‘It can use any data from any source for any purpose’: Noyb Honorary Chairman Max Schrems went on to say, “This is clearly the opposite of GDPR compliance.”
STRATEGIES + ADVICE
Complying with GDPR can be challenging, but much can be learned about what to do (and what to avoid) by looking at those that have received violations and fines.
Generative AI can be a game changer, but employees and the public may not trust it. Here are ways to build that trust, both among employees and in the rest of the world.
QUIZ
Apple also announced a development with its Vision Pro headset at WWDC this week. What was it?
A. New color choices for the headset
B. Converting standard images in the Photo app to immersive, spatial ones
C. A suite of new games available in Apple Arcade
D. A lighter model, which will be available this fall
See if you got the answer right here.
