AI Security Risks Rise as IT Leaders Expand Use; Cloud Backlash and Texas Age Verification Law

[00:00:02] It's Friday, May 30th, 2025, and I'm Dave Solt for Things to Know Today. Despite AI security concerns, IT Leaders Keep Deploying Agents Without Governance, Cloud Backlash Rises as Complexity and Cost Fuel Repatriation, Dell and HP Earnings Spotlight the AI hardware boom and consumer cracks, and a Texas law forces Apple and Google to verify user agents.

[00:00:28] Plus, a Star Wars fan site run by the CIA? Even legacy Windows and Alexa data hoarding have lessons. Here's why these matter. This is the Business of Tech. A recent report from SailPoint reveals that while 96% of IT professionals perceive artificial intelligence agents as a security risk, a staggering 98% of them still plan to expand the use of these agents within their organizations over the next year.

[00:00:56] The study surveyed over 350 IT professionals and found that 84% of respondents currently utilize AI agents, but only 44% have established policies to govern their behavior. These autonomous systems, which can operate independently without human oversight, are becoming prevalent in the wake of the generative AI boom initiated by the release of ChatGPT.

[00:01:18] SailPoint's Executive Vice President of Product and Chief Technology Officer highlighted the need for stringent governance, stating that while 92% of respondents recognize the importance of adequate oversight, 80% have reported agents acting in unexpected and potentially harmful ways. This highlights the urgent necessity for organizations to implement strict security protocols akin to those applied to human employees.

[00:01:43] A recent survey by Gartner reveals a growing dissatisfaction with cloud computing among organizations, attributing much of this discontent to unrealistic expectations and improper implementation.

[00:02:06] Gartner's advisory director, Joe Rogus, emphasizes that many organizations lack a coherent cloud strategy, which leads to issues like vendor lock-in and rising expenses. For example, the company 37signals recently faced a staggering $3.2 million bill for cloud services, prompting it to migrate back to on-premises infrastructure.

[00:02:28] Furthermore, a study found that typically only 13% of provisioned processing power and 20% of memory is utilized in Kubernetes deployments, highlighting inefficiencies in resource management. As organizations increasingly adopt multi-cloud strategies, Gartner warns that more than half may not achieve their expected outcomes due to technical barriers.

[00:02:49] And UK information technology leaders are increasingly wary of the influence of major US cloud providers, with over 60% of respondents in a recent survey by Cibio advocating for a reduction in the government's reliance on these services. The survey reveals that 61% of IT leaders now prioritize data sovereignty, and 45% are considering repatriating workloads from the public cloud due to ongoing concerns about data protection.

[00:03:17] Trust in US-based technology firms has significantly declined, driven by political tensions and regulatory compliance issues. Only 36.6% of survey participants expressed confidence in these companies to manage their data responsibly. As data sovereignty gains traction, hyperscale providers like Microsoft, Google, and Amazon Web Services have begun to adapt by offering sovereign cloud services tailored to local regulations.

[00:03:45] The shift indicates a critical evolution in how organizations view data management and security. Why do we care? IT decision makers are simultaneously accelerating the adoption of autonomous technologies while losing trust in the infrastructure that supports them. This contradiction reveals a widening governance gap and opportunity for IT services firms. One could argue that doubling down on AI agents while repatriating infrastructure is incoherent.

[00:04:16] Why build cutting-edge autonomous systems if you're regressing to legacy infrastructure? The deeper story may be that organizations are over-correcting in both directions, over-spending on innovation without planning, and over-retreating when complexity overwhelms. Governance around AI agents, not just usage, but autonomy, data access, and lifecycle control, is an emerging managed service category. This isn't traditional endpoint management.

[00:04:44] It's identity, access, and intent control for non-human actors. Services firms that move quickly to prioritize and productize policy implementation, monitoring, and agent lifecycle management can build long-term strategic relationships. This episode is supported by AFI.AI, MSP-focused backup reliable at petabyte scale.

[00:05:10] AFI.AI delivers intelligent backup for Microsoft 365, Azure, Google Workspace, Kubernetes, and AWS. Its AI engine is designed to detect threats and act before damage is done. It performs preemptive backups during ransomware attacks, where immutable snapshots ensure data integrity. AFI.AI is the only solution offering full-text search across backups.

[00:05:37] It also features single management portal to manage all clients and workloads, granular access roles, automated reporting, and APIs for integrations. Administrators can restore entire accounts or individual items with a single click, and cross-tenant recovery simplifies migrations between domains. With AFI.AI, organizations gain faster, more reliable protection and unparalleled visibility into their cloud data.

[00:06:01] Start your free trial at AFI.AI slash office dash 365 dash backup. Dell Technologies has reported a net income of $965 million on revenues of $23.4 billion for the quarter ending May 2, 2025, marking a revenue increase of 5% year-over-year. The company achieved record revenues of $6.3 billion in servers and networking, driven by unprecedented demand for its artificial intelligence-optimized servers.

[00:06:31] Significantly, Dell's client solutions group, which includes personal computers, generated $12.5 billion in revenue, also reflecting a 5% increase year-over-year. However, the consumer segment faced challenges, with revenues declining by 19% to $1.5 billion. Dell's infrastructure solutions group reported revenues of $10.3 billion, a 12% increase, highlighting strong demand for AI servers, as noted by the company executives.

[00:06:59] And HP has reported second-quarter earnings for 2025 that exceeded analysts' revenue expectations, but fell short on earnings per share and guidance, leading to a 15% drop in shares. The company recorded adjusted earnings of $0.71 per share, while analysts had anticipated $0.80. Revenue reached $13.22 billion, slightly above the expected $13.14 billion, and marked a 3.3% increase compared to $12.8 billion in the same quarter last year.

[00:07:29] HP's net income decreased to $406 million, or $0.42 per share, down from $607 million, or $0.61 per share, a year earlier. The company's outlook for the third quarter suggests adjusted earnings will be between $0.68 and $0.80 per share, missing the average analyst estimate of $0.90.

[00:07:50] CEO Enrique Louris stated that the results were affected by U.S. tariffs and highlighted the company's efforts to expand manufacturing outside of China, expecting to fully mitigate increased trade-related costs by the fourth quarter. Why do we care? HP's earnings miss and share drop are being pinned partly on U.S. tariffs. And that's a real warning signal. Despite modest revenue growth, profit was squeezed by trade friction.

[00:08:16] The response? HP is moving production out of China, but that takes time and capital. Vendors' cost structures are under pressure, and that's going to hit channel margins. Hardware bundles and PC sales tied to MSP agreements, particularly in S&B and mid-market, may get more expensive or less profitable.

[00:08:35] Dell's Client Solutions Group grew 5%, but its consumer revenues dropped 19%. The business PC market is stabilizing post-pandemic, but consumer demand is fragile. HP, which has a stronger consumer PC footprint, seeing the path more clearly.

[00:08:57] If your services model still depends on device resale or bundling, like devices as a service, hardware as a service, desktop as a service, you're exposed. This is a signal to shift toward endpoint management, identity-centric security, and experience optimization. Plus, all those AI governance things we're talking about.

[00:09:18] Texas has enacted a new online child safety law mandating that Apple and Google verify the ages of users accessing their app stores. The legislation aims to protect children from inappropriate content in apps, including social media and dating platforms. Texas Governor Greg Abbott signed the bill, which has faced significant opposition from Apple. The company argues that such regulations breach its privacy commitments by requiring the collection and sharing of users' ages with third-party applications.

[00:09:49] Historically, Apple has successfully lobbied against similar measures in various states, including proposals that would have allowed alternative payment methods within its app store. Why do we care? Well, Texas's new law forces Apple and Google to become age enforcers, not just platform providers. That's a fundamental shift in liability. This continues a broader trend, governments redefining digital intermediaries as compliance gatekeepers.

[00:10:15] Whether it's content moderation, data privacy, or now age checks, regulators are pushing enforcement obligations downstream. So expect more platform compliance asks and clients' needs to build systems that align with both privacy and age verification mandates. Start tracking cross-jurisdictional app regulation as a core competency, especially for clients in education, social, or health technology.

[00:10:41] And use this moment to offer advisory services on privacy-aware data collection, federated identity, and age-gating best practices. Time for some big ideas. In a surprising revelation by 404 media, it's come to light that the Central Intelligence Agency operated a Star Wars fan website as a covert communication tool for its informants.

[00:11:05] This site, known as StarWarsWeb.net, was designed to appear as an ordinary fan page while serving a far more clandestine purpose. The website, which includes links to popular Star Wars games and merchandise, was initially discovered by Iranian authorities over a decade ago. This discovery led to the exposure of a network of CIA-run sites, which were linked to the deaths of several CIA sources in China during the early 2010s.

[00:11:31] The use of such a seemingly benign platform highlights the lengths to which intelligence agencies may go to facilitate secure communications. The BBC has a fascinating look at the many individuals and organizations that continue to rely on outdated Windows operating systems, such as Windows XP, and even older versions like Windows 3.11.

[00:11:52] This persistence is evident in various sectors, including banking and transportation, where legacy systems prove difficult to replace due to high costs and compatibility issues. For instance, many automated teller machines still run on Windows XP, which Microsoft discontinued support for in 2014. Yet they remain in use for their reliability and stability.

[00:12:15] In an unusual case, the German railway company Deutsche Bahn sought an IT administrator with expertise in Windows 3.11, highlighting the challenges of maintaining aging infrastructure. And the Guardian explores a family who discovered the extent of data collected over the years via their Alexa device, revealing how their interactions with the device have shaped their daily lives.

[00:12:37] The family found that their Echo device recorded a staggering 15,000 utterances, with nearly half consisting of music requests and a significant number of questions ranging from the mundane to the bizarre. In the United Kingdom, approximately 60% of households own a smart speaker, with 72% of those being Amazon Echo devices. This represents a significant increase from just 22% before the pandemic.

[00:13:02] The data not only highlights the growing reliance on voice-activated technologies for every task, but also raises concerns about privacy, as users often unknowingly share personal information with these devices. Why do we care? At first glance, these might all seem very fun. They are. And there's more. A fan site doubling as a clandestine communications channel reveals a critical insight. Any digital surface can become operational infrastructure, for good or for harm.

[00:13:31] Is your threat modeling keeping up? The BBC's article on long-lived legacy systems makes one thing clear. The oldest systems endure not because they function well, but because replacing them is complex, expensive, and risky. Every legacy stack represents a security liability and a talent trap. The longer it remains, the harder it is to find individuals who can maintain it or fix it when it fails.

[00:13:57] The Guardian story serves as a stark reminder of how everyday devices act as silent data hoarders. Most users are unaware of how much data they generate or how it's being used. Are you considering ambient computing, given that voice interface data is rarely governed? However, it may capture sensitive information like patient info or proprietary discussions, and especially in a world with chat GPT via voice.

[00:14:22] IT providers must educate clients about device lifecycle and data retention, privacy policy implications, and vendor controls and misconfiguration risks. Thanks for listening. Today is National Mint Julep Day, International Hug Your Cat Day, National E-Bike Day, and National Hole-in-My-Bucket Day. Yep, really. National Hole-in-My-Bucket Day. Ponder that one.

[00:14:51] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash mspradio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech.

[00:15:20] Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit mspradio.com slash engage.

[00:15:48] Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.