Google Gemini 2.0, Cybersecurity Breaches, and the Future of Managed Services

[00:00:02] It's Thursday, December 12th, 2024, and I'm Dave Sobel. Three things to know today. Gemini 2.0 lands, Google's bold AI play mixes speed, smarts, and early access perks. Microsoft's Azure's MFA breach and API risks underscore a need for more proactive cybersecurity measures. And can AI handle 70% of the work? Crescendo's model sparks a revolution in managed services. This is the Business of Tech.

[00:00:32] Google, not to be outdone by OpenAI's 12 days of shipmas announcements, dumped a massive set of releases headlined by the launch of Gemini 2.0, its next-generation AI model. Starting with an experimental version called Gemini 2.0 Flash, this model generates text, images, and speech while processing various inputs, including text, images, audio, and video. It outperforms its predecessor, Gemini 1.5 Pro, with twice the speed, a key, back-end, and a key.

[00:01:02] And the new tool is to be able to use the benchmark. Currently available through Google's developer platforms, some features are limited to early access partners until January of 2025.

[00:01:10] Sunar Pachai, Google's CEO emphasized Gemini 2.0, its's potential to support agentic AI systems capable of thinking ahead and acting on users' behalf. Key highlights of the announcements include a multimodal live API. This new tool supports real-time audio and video streaming, enabling developers to build more interactive applications. Deep Research, which is exclusive to Gemini Advanced, price at $20 per month. This feature assists with

[00:01:40] comprehensive research by creating multi-step plans, refining analysis, and generating detailed reports. Project Mariner, formerly known as Jarvis, this rebranded AI-powered Chrome extension, navigates websites like a human user.

[00:01:56] Currently available to select testers, it demonstrated tasks such as finding contact information, albeit slowly. Google describes it as a research prototype for understanding and reasoning across web elements.

[00:02:10] Project Astra, an experimental AI assistant leveraging Gemini 2.0. Astra captures and summarizes up to 10 minutes of video via an Android app or prototype glasses. Improvements include enhanced language support and reduced lag for more conversational interactions.

[00:02:29] However, Astra still struggles with noisy environments and cannot access personal data like emails or photos. It remains in testing with a waitlist for additional users.

[00:02:40] And Jules, Google's new AI coding assistant, helping developers debug and automate tasks within GitHub workflows.

[00:02:48] Jules generates multi-step plans, modified files, and prepares pull requests for Python and JavaScript.

[00:02:55] Trusted testers are using it now with a broader release in early 2025.

[00:03:00] Google is also scaling its infrastructure, deploying over 100,000 custom chips to support these advancements.

[00:03:08] Why do we care?

[00:03:10] Well, the trend is to multimodal models, yet notable that many businesses are seeing significant value in specialized, smaller language models.

[00:03:18] Keep that in mind.

[00:03:19] Projects like Astra and Mariner are promising but unfinished.

[00:03:23] Astra's inability to handle noisy environments and Mariner's slow performance suggest these tools are not production ready.

[00:03:30] The insight is the push to agents.

[00:03:33] These are early days and I'd be cautious about customer implementations, yet also highly experimental in discovering the capabilities.

[00:03:41] And I say that knowing it's a hard line to walk with limited resources.

[00:03:45] Use Google's announcements here around Gemini as an opportunity to educate clients about emerging AI capabilities and their limitations,

[00:03:54] positioning yourself as the advisor rather than just an implementer.

[00:03:58] Are you and your clients tired of the time-consuming ticket tennis of coordinating meetings and help desk calls?

[00:04:08] Wouldn't it be better to automate this process with a tool that connects directly to ConnectWise Manage or Autotask?

[00:04:17] TimeZest offers scheduling automation that gives you complete control of your schedule and eliminates the hassle of calendar ping pong.

[00:04:25] As the only service designed specifically for MSPs, it integrates into your workflow and makes scheduling appointments easy on you and your clients.

[00:04:36] Plus, you can try TimeZest for free.

[00:04:39] Visit timezest.com slash MSP radio and use the code MSP radio to get 10% off your first year of TimeZest.

[00:04:51] Researchers from Oasis Security have uncovered a critical vulnerability in Microsoft's Azure multi-factor authentication system, allowing them to bypass security measures in just one hour.

[00:05:02] This flaw, attributed to a lack of rate limiting on login attempts, exposed over 400 million paid Microsoft 365 accounts to potential takeovers.

[00:05:12] The researchers demonstrated their off-quake method, which involved rapidly creating new sessions and exhausting the options for six-digit codes.

[00:05:21] Their testing revealed that attackers had an extended timeframe of up to three minutes to guess the code, significantly increasing their chances of success.

[00:05:29] Although Microsoft acknowledged and fixed the issue by implementing stricter rate limits, experts still emphasize the importance of using strong authentication methods and alerting users of failed login attempts to enhance security.

[00:05:43] And in a startling revelation, security researchers at Wall Arm have found that newly deployed application programming interfaces, or APIs, are discovered by attackers in an average of just 29 seconds.

[00:05:55] Their study involved setting up a honeypot, revealing that the most targeted port was port 80, accounting for 19% of attacks.

[00:06:04] Notably, over half of all requests, at 54.4%, targeted APIs rather than traditional web applications.

[00:06:12] Common endpoints like slash status and slash health pose significant risks, as they were typically found in under two minutes.

[00:06:20] The findings emphasize the urgent need for organizations to adapt their security practices to protect against the rapidly growing API attack surface.

[00:06:29] And the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation have released a new guide to bolster defenses against cyber threats from the Chinese government.

[00:06:41] This guide, titled Enhanced Visibility and Hardening Guidance for Communications Infrastructure, targets network engineers and aims to enhance the security of telecommunications networks.

[00:06:52] It outlines best practices for identifying vulnerabilities and responding to cyber incidents, emphasizing the serious threat posed by Chinese-affiliated cyber activities to critical infrastructure and businesses.

[00:07:04] The guide also encourages software manufacturers to adopt secure development practices.

[00:07:10] The FBI has reported that threat actors linked to China have targeted commercial telecommunications providers to compromise sensitive data.

[00:07:18] Organizations are urged to implement the recommended measures and report any suspicious activities.

[00:07:23] If you want more, I'm also linking to an Axios article on the issues within telco networks, their long history.

[00:07:31] Why do we care?

[00:07:33] The vulnerability highlights a systematic issue.

[00:07:36] Security measures are only as effective as their implementation.

[00:07:40] And there's a recurring problem here.

[00:07:42] Organizations often react to security issues rather than proactively identifying weak points.

[00:07:48] IT providers must shift to offense-driven security strategies such as regular penetration testing and red teaming exercise.

[00:07:55] And patch complacency remains a risk.

[00:07:58] Even when vulnerabilities are fixed, attackers adapt quickly, exploiting new flaws or organizations who are slow to update.

[00:08:05] Wall Arms research shows just how quickly APIs are exposed to attackers.

[00:08:10] 29 seconds.

[00:08:11] And as APIs become more integral to cloud-based and application ecosystems, this level of exposure represents a massive attack surface.

[00:08:19] Despite the push towards zero trust, APIs often fall outside traditional security frameworks.

[00:08:26] Companies may be inadvertently weakening their defenses by failing to integrate API security into their broader zero trust strategies.

[00:08:35] And as always, take advantage of those resources offered.

[00:08:41] I promised more big ideas and I do plan to deliver.

[00:08:44] Here they are.

[00:08:45] From Forrester, managed services as software offer a vision for the future of managed services.

[00:08:51] The article highlights the transformative impact of artificial intelligence on managed services, indicating a significant shift from traditional methods to AI-powered models.

[00:09:01] As organizations grapple with delivering high-quality service while controlling costs, AI is shaping the landscape by enabling outcome-based pricing rather than charging for labor hours.

[00:09:12] This new paradigm allows businesses to improve efficiency, with some AI platforms handling up to 70% of customer interactions, as exemplified by Crescendo's innovative service model.

[00:09:24] The ongoing learning capabilities of AI systems promise to enhance customer experiences continually.

[00:09:29] As venture capital investments surge, experts predict that adopting AI-powered services could exceed the growth seen during the software-as-a-service revolution.

[00:09:40] This evolution in managed services is set to redefine operational strategies across various industries, including customer service and IT support.

[00:09:49] And Channelnomics with this one, MSPs have a growing business value problem.

[00:09:54] Managed service providers, or MSPs, are facing a growing challenge as customers increasingly seek business outcomes rather than just technology services.

[00:10:03] According to the Channelnomics Partner Confidence Index survey, nearly 30% of MSPs report their clients shopping around for better experiences.

[00:10:13] This shift in demand highlights the need for providers to move beyond traditional services like endpoint management and security, which, while essential, do not directly contribute to a customer's growth and profitability.

[00:10:26] At a recent event, a sales representative learned that selling managed services requires convincing clients to invest in solutions that solve their business problems rather than merely buying technology.

[00:10:36] With 40% of providers indicating that their clients look to them for guidance on technology investments, MSPs must evolve their offerings and provide higher value services to meet changing customer expectations.

[00:10:50] Paul Hager, VP of Services at Ingram Micro, penned Empowering SMBs – How Service Providers Can Guide AI Adoption, highlighting the growing adoption of artificial intelligence among small and medium-sized businesses, with approximately 75% leveraging AI for tasks such as customer service automation and data analysis.

[00:11:09] However, many face challenges, including limited in-house experience, insufficient employee training, and lack of necessary infrastructure, as noted by research from Business.com, finding that only 52% of these businesses are investing in workforce training.

[00:11:24] Managed service providers are stepping in to help bridge these gaps by offering guidance on AI adoption.

[00:11:30] With the use of AI more than doubling since 2023, providers can assist businesses in identifying suitable applications and ensuring ongoing support.

[00:11:39] Ultimately, facilitating immediate value while laying the groundwork for long-term success.

[00:11:45] And over in TechCrunch, OpenAI's O1 model sure tries to deceive humans a lot.

[00:11:51] OpenAI's recently released O1 model has raised concerns due to its tendency to deceive users.

[00:11:57] According to a study by Apollo Research, the O1 model exhibited deceptive behaviors 19% of the time when its goals conflicted with those of users,

[00:12:06] and it attempted to disable oversight mechanisms 5% of the time.

[00:12:11] Alarmingly, when questioned about its deceptive actions, O1 fabricated false explanations nearly 99% of the time.

[00:12:19] This model is reported to be 20% more manipulative compared to its predecessor, GPT-4-0,

[00:12:25] and OpenAI flagged about 0.17% of O1's responses as deceptive,

[00:12:31] a figure that could translate to thousands of users being misled weekly given ChatGPT's 300 million user base.

[00:12:39] The research highlights the need for enhanced safety measures as OpenAI prepares for future releases of agentic systems.

[00:12:47] Why do we care?

[00:12:48] I like to offer thought questions for big ideas, so here they are.

[00:12:53] Can AI-powered tools such as Crescendo's model handling 70% of customer interactions

[00:12:58] provide a blueprint for delivering measurable outcomes instead of traditional hourly or per-unit billing?

[00:13:05] This could enable MSPs to market their services based on value delivered rather than time spent,

[00:13:12] a paradigm that resonates with businesses seeking cost efficiency and clearer ROI.

[00:13:16] And how far along are you pivoting from offering commodity services like endpoint management

[00:13:22] to delivering advisory roles such as helping clients map technology investments to those business growth goals?

[00:13:28] Be very careful of lip service here.

[00:13:32] And are you ready to advise customers as it relates to AI?

[00:13:36] And with all this talk of agents, how much can we trust the models and to do what tasks?

[00:13:42] Are you ready to get your brand in front of the tech leaders shaping the future of managed services?

[00:13:51] Here at The Business of Tech, we offer flexible sponsorship opportunities to meet your needs,

[00:13:56] whether it's live show sponsorship, podcast advertising, event promotion, or custom webinars.

[00:14:02] From affordable exposure options to exclusive sponsorships,

[00:14:05] our offerings are designed to fit businesses and vendors of all sizes looking to make an impact.

[00:14:12] Prices start at just $500 per month, making our packages a fraction of typical event sponsorship costs.

[00:14:21] Be a part of the conversation that matters to IT service providers worldwide.

[00:14:26] Join us at MSP Radio and amplify your message where it counts.

[00:14:32] Visit MSP Radio dot com slash engage today to explore all the ways we can help you grow.

[00:14:41] Thanks for listening. Today's apparently gingerbread house day.

[00:14:44] Not sure what to do with that.

[00:14:46] Tomorrow, you'll get my discussion with Tim Golden from Compliance Scorecard about compliance and what it means for IT providers.

[00:14:53] Saturday, Seth Robinson of CompTIA and Rich Freeman of Channelholic join me for a review of CompTIA's IT Outlook 2025 report.

[00:15:02] And Sunday, Joe White Todd of Pia and TimeZest returns to give some insights into AI as it's being practically used by customers.

[00:15:10] If you got a comment or a thought on a story, put it in the comments if you're on YouTube,

[00:15:13] or reach out to me on LinkedIn if you're listening to the podcast.

[00:15:16] And if you like the show, give it a review and make sure you've subscribed or followed on your favorite platform.

[00:15:22] I'll return on Monday as we go into the last week of news shows for the year.

[00:15:28] Talk to you again then.

[00:15:31] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech.

[00:15:38] If you like the content, please make sure to hit that like button, follow or subscribe.

[00:15:44] It's free and easy and the best way to support the show and help us grow.

[00:15:48] You can also check out our Patreon where you can join the Business of Tech community at patreon.com slash MSP radio or buy our Why Do We Care merch at businessof.tech.

[00:16:01] Finally, if you're interested in advertising on this show, visit MSP radio.com slash engage.

[00:16:08] Once again, thanks for listening to me.

[00:16:11] I'll talk to you again on our next episode of the Business of Tech.

[00:16:18] Part of the MSP radio network.

[00:16:20] You