AI Code Hallucinations Risk Security, Intel Sells Altera, SSL Certificates Shortened, Tariffs Return

[00:00:02] It's Tuesday, April 15th, 2025, and I'm Dave Sobel. Four things to know today. Copy, paste, compromise? Why AI code suggestions could lead to big security problems? Altera is out and $8.75 billion is in, but Intel's chip future is still in question. Got 47 days? Why your SSL certificates just got a whole lot needier? And one more time with feeling. Tech tariffs are back and the forecast is still capping.

[00:00:32] Chaos. This is the Business of Tech. Recent article from The Register highlights the growing risks to the software supply chain posed by AI-powered code generation tools. Researchers have discovered that approximately 5.2% of package suggestions from commercial models and 21.7% from open source models are nonexistent, a phenomenon known as hallucination.

[00:00:56] This situation creates opportunities for malicious actors to exploit these hallucinated package names by uploading harmful software under such fictitious names to package registries, called slop squatting. While commercial tools like ChatGPT4 exhibited a hallucination rate of around 5%, the open source models had even higher ones.

[00:01:18] Experts from Socket, an open source cybersecurity company, warn that this repeatability creates a predictable attack surface, making it crucial for developers to manually verify package names and utilize dependency scanners to enhance security. The only effective way to mitigate this risk is through meticulous verification and testing of AI-generated code in isolated environments before deployment.

[00:01:45] A recent article from MIT Technology Review warns that cyberattacks orchestrated by artificial intelligence agents could soon become a reality. Experts like Mark Stockley from the cybersecurity firm Malwarebytes predict that most cyberattacks could be executed by these agents, potentially making them a significant threat this year.

[00:02:07] While current cybercriminals have not yet deployed AI agents on a large scale, research has shown that these agents can carry out complex attacks. The LLM Agent Honeypot Project has logged over 11 million attempts to access vulnerable servers, identifying eight potential AI agents from Hong Kong and Singapore. Furthermore, research indicates that agents could exploit vulnerabilities in systems up to 25% of the time when given a brief description of the weaknesses.

[00:02:37] As AI continues to develop, experts emphasize the need for proactive measures in cybersecurity to prevent what could be a substantial increase in agent-driven cyber threats. Why do we care? AI-generated code is not merely a convenience, it represents a new attack surface. The hallucination problem in code suggestions, especially the inclusion of non-existent packages, is not just a bug, it's an exploit vector.

[00:03:03] The commercial model hallucination rate of 5.2% might seem small, until you realize the developer copying code without vetting it has a 1 in 20 chance of introducing a fictitious dependency into production. Now, let's not overhype the risk. The slop-squatting exploit requires developers to act recklessly, copy-pasting code and installing dependencies without verification. That's not good practice, and it's manageable through policy, tooling, and awareness.

[00:03:33] However, with vibe coding becoming a trend, the ability of untrained developers to deploy code poses a real risk. It's not just a technical problem, it's a trust issue. IT services firms that can provide assurance, verifiable documented assurance, that their AI-enhanced tools do not introduce new risks will be the ones who thrive. The others will be left cleaning up avoidable messes. This episode is supported by Comet Backup.

[00:04:03] Whether you get hit with ransomware, hardware failure, or human error, there's nothing more heart-stopping than losing business-critical data. Backups are your final stand when a threat penetrates your layers of defense. That's where Comet Backup comes in. Comet is an all-in-one backup solution. Whether you need to protect computers, servers, virtual environments, emails, or databases, Comet Backup empowers you to manage backups on your terms. Visit CometBackup.com to start your free 30-day trial today.

[00:04:32] Get $100 free credit when you sign up with the promo code MSPRADIO. Start running backups in 15 minutes or less. Comet Backup. The backup solution that MSPs trust. Intel has announced the sale of a 51% stake in its programmable chip business, Altera, to the private equity firm Silverlake for $4.46 billion.

[00:04:57] This decision follows the company's acquisition of Altera in 2015 for $16.7 billion, with its current valuation having dropped nearly 50% to this number. Intel's new CEO, Lip Bhutan, stated that this strategic investment aims to sharpen focus, reduce expenses, and strengthen the company's balance sheet. Despite the sale, Intel will retain a 49% stake in Altera, which produces programmable chips for various sectors, including data centers and the automotive industry.

[00:05:27] The move is part of Intel's effort to recover from a significant loss of $16.6 billion in the third quarter of 2024, followed by a smaller loss of $126 million in the fourth quarter. Additionally, Rahul Hassan, formerly of Marvell, has been appointed as Altera's new CEO, succeeding Sondra Rivera, who had a notable 25-year career at Intel.

[00:05:50] Why do we care? Let's not romanticize the spin-out Intel bought high and sold low, from $16.7 billion to a current valuation of $8.75 billion. That's a write-down disguised as strategy. While the pivot allows for sharper focus, it also highlights how far behind Intel remains in crucial areas like AI-optimized silicon, where NVIDIA and AMD are significantly more agile.

[00:06:16] Now, chips are interesting again, and not just for technical specifications. They've also become political, with semiconductors being potentially tariffed more. I'll hit on that shortly. Now, Intel is shedding what it cannot execute well. If Altera was under-leveraged, it's reasonable to question how many other underperforming investments Intel may still be holding. Moreover, besides divesting from areas where Intel didn't perform effectively, what can they successfully execute on?

[00:06:47] In a significant move to enhance digital security, the CA Browser Forum has voted to reduce the maximum lifespan of new SSL and TLS certificates to just 47 days by March 15th of 2029. Currently, these certificates can be valid for up to 398 days, but the change aims to minimize the risks associated with compromised certificates.

[00:07:11] The proposal, which received unanimous support from major tech companies like Apple, Google, Microsoft, and Mozilla, is part of a phased approach. Certificates issued after March 15th of 2026 will need to be renewed every 200 days, decreasing to 100 days by March 15th of 2027. The initiative is backed by Tim Callan, Chief Compliance Officer at Sectigo, who amplifies the need for agility and proactive risk management in today's threat landscape.

[00:07:40] The decision underscores a collective commitment to improving trust and security across the digital ecosystem. Why do we care? Certificate management must be automated and integrated. Manual renewal processes, or even semi-automated ones, won't scale to a 47-day cycle. Providers need to deploy or resell solutions that monitor and auto-renew certs, validate deployment, and alert in real time. The good news is you have four years to get ready.

[00:08:09] This is an early warning. The clock is ticking on long-lived certs. The Trump administration announced that tariffs on smartphones, laptops, and other electronics, previously exempted on Friday, will be reinstated within a month or two. Commerce Secretary Howard Lutnick indicated that these tariffs would target the semiconductor industry and that certain products may receive exceptions.

[00:08:34] This follows the administration's recent guidance that excluded these devices from new tariffs, including a significant additional levy on Chinese goods. Lutnick confirmed that products like iPhones, which are largely manufactured in China, will be affected. He emphasized the goal of encouraging domestic manufacturing, citing Panasonic's new electric vehicle battery factory in Kansas as an example of reshoring efforts. The administration is expected to clarify the tariff rates on imported semiconductors soon.

[00:09:02] In the first quarter of 2025, resellers in the United States rapidly acquired smartphone inventory ahead of expected tariff increases, leading to a 5% growth in the U.S. smartphone sector. According to preliminary data from IDC, global smartphone sales rose 1.5% year-over-year, reaching 304.9 million units.

[00:09:24] IDC Vice President Francisco Geronimo noted that vendors accelerated production to mitigate potential cost increases due to tariff hikes. However, as tariffs were imposed, resellers may face challenges managing excess inventory. Counterpoint research predicts that global smartphone sales will decline this year due to rising economic uncertainties, revising their forecast to reflect a slight year-on-year decrease in sales. Why do we care?

[00:09:53] Storytime, and it's a bit inside baseball. I have no idea how to cover tariffs on this show. I don't want to do politics here, yet they keep intersecting technology in big ways. I don't know what to advise listeners, because this story changes so often I can't even analyze one trend. Let's be honest, this isn't just about trade policy. It's about unpredictability as policy. So, what are customers to do? They, too, can't find a foothold.

[00:10:23] You can't offer clients certainty in a climate like this. What you can do is help them build strategies that assume volatility is permanent, where supply chain, procurement, and even infrastructure decisions are made with flexibility, localization, and optionality in mind. This isn't a matter of red versus blue politics. It's about recognizing that technology, especially hardware sourcing and silicon, has been dragged into a long-term policy chess match.

[00:10:53] For service providers, the risk isn't in analyzing what tariff percentage hits which component. It's in assuming that any decision based on stable global trade is still viable. Short-term forecasting was dead. The story changes too often to base decisions on 12-month projections. Clients should optimize for responsiveness, not predictions. And you can help there. This episode is supported by Flexpoint.

[00:11:22] Flexpoint offers a purpose-built payment solution from managed service providers, automating billing operations to enhance efficiency and cash flow. With features like accounts receivable automation, branded client portals, and secure same-day payments, Flexpoint streamlines financial management. Integrations with accounting software such as QuickBooks and Xero, as well as professional services automation tools like ConnectWise and Autotask, ensure seamless data synchronization.

[00:11:49] Experience improved cash flow and client satisfaction with Flexpoint's comprehensive platform. Learn more at getflexpoint.com slash msp-radio. Thanks for listening. It's not only Tax Day in the US, but also apparently National Laundry Day and National Glazed Spiral Ham Day. I'll be speaking on a webinar on April 22nd about inbound marketing in the AI era with the author of a new book.

[00:12:18] Link in the show notes and description to register. It's next week, and I'm looking forward to seeing you there. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash msp-radio, and you'll get access to content early.

[00:12:48] Or buy our Why Do We Care merch at businessof.tech. Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at msp-radio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast.

[00:13:15] And if you want to advertise on the show, visit msp-radio.com slash engage. Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.