CIO.works – Page 29

Bullshit Benchmark Explorer

BullshitBench evaluates model responses to nonsensical questions, assessing their ability to identify and challenge invalid assumptions. A leaderboards ranks models based on their effectiveness, with Claude Sonnet 4.6 (Anthropic) scoring highest at 94.5% for clear pushback, indicating a strong capacity for detecting nonsense. Other models from various organizations follow, showcasing performance differences in reasoning capabilities across responses to absurd inquiries. An example illustrates the stark contrast between a model that correctly identifies no impact of screw type on food flavor versus another that incorrectly attributes culinary changes to a switch in screws.

https://petergpt.github.io/bullshit-benchmark/viewer/index.html

Top CIO Conferences, According to the CIOs Who Attend Them

CIOs prioritize various conferences for networking and learning, including Gartner events, Dreamforce, AWS, Microsoft Ignite, the AI Summit, and industry-specific gatherings. Preferences vary by role and strategy, with some favoring smaller forums while others attend large vendor showcases. Key insights from attendees highlight the importance of peer learning and specific events tailored to their technology partnerships and industries.

https://www.techtarget.com/searchcio/feature/Top-CIO-conferences-according-to-the-CIOs-who-attend-them

Threat Modeling AI Applications

By CIO / Blog / risk management, AI, cybersecurity, threats, security controls

The post explains how to adapt threat modeling for AI systems, which differ from traditional software in that they produce probabilistic outputs, follow instructions, and have expanded attack surfaces. It recommends explicitly defining what assets the system must protect, understanding real usage patterns, and identifying risks such as prompt injection, misuse of tools, data integrity failures, and harmful outputs. It concludes that AI threat modeling requires structured analysis early in design to assess likelihood and impact and inform architectural mitigations.

https://www.microsoft.com/en-us/security/blog/2026/02/26/threat-modeling-ai-applications/

2026 State of Software Security: Risky Debt Is Rising, But Your Strategy Starts Here

By CIO / Blog / report, AI, coding, software development

2026 State of Software Security Report: Rising security debt affects 82% of organizations, with critical vulnerabilities increasing significantly. A three-step strategy—Prioritize, Protect, Prove—addresses these risks: focus on critical flaws, integrate security in development, and provide evidence of compliance. Organizations must shift from reactive to proactive security management. Download the full report for detailed insights.

https://www.veracode.com/blog/2026-state-of-software-security-report-risky-security-debt/

How Not to Measure the ROI From AI in Your Software Organization

By CIO / Blog / AI, software development, productivity

Extreme TLDR: Measuring AI ROI in software requires understanding user diversity and context. Avoid assuming uniformity in usage, effects, or focusing solely on individual performance. Emphasize collective outcomes, account for changes over time, and prioritize thoughtful measurements based on evidence and learning culture.

https://www.fightforthehuman.com/how-not-to-measure-the-roi-from-ai-in-your-software-organization/

Ask Marcia: How Great Leaders (like You) Communicate

By CIO / Blog / leadership, communication

Effective leadership communication is built on respect, which fosters learning, alignment, and better decisions. Leaders must practice deep listening, clarity of thought, audience awareness, precision with language, emotional intelligence, inquiry and dialogue, and courage and candor. These skills are essential for navigating uncertainty, complexity, and rapid change in today’s leadership landscape.

https://www.bizjournals.com/bizwomen/news/mentoring-matters/2026/02/ask-marcia-how-great-leaders-you-communicate.html

Why Exposure Quantification Is the New Mandate for CISOs

By CIO / Blog / leadership, cybersecurity, risk management

CISOs must prioritize exposure quantification due to the evolving landscape of cybersecurity. Past views of breaches as mere IT issues are outdated; breaches now impact governance and require measurable evidence for compliance. Traditional methods fail against dynamic IT environments, necessitating continuous risk assessment. Regulators demand quantifiable security maturity, with incidents exposing critical vulnerabilities highlighting a need for better visibility. Effective exposure quantification hinges on integrating data, understanding attack paths, and communicating risks to align with business objectives. Ultimately, embedding this practice into governance will enhance trust and strategic decision-making.

https://www.frontier-enterprise.com/why-exposure-quantification-is-the-new-mandate-for-cisos/

Measuring AI Agent Autonomy in Practice Anthropic

By CIO / Blog / AI agent, AI, coding, trends, research

TLDR: This research examines AI agent autonomy, focusing on Claude Code's interactions and user behavior. It finds that Claude is increasingly autonomous, working longer without interruptions and auto-approving more frequently as users gain experience. However, experienced users also interrupt more, indicating active oversight. Most agent tasks are low-risk, mainly in software engineering, with limited high-risk applications. Recommendations include enhancing post-deployment monitoring, training AI to recognize uncertainty, and designing for effective user oversight. Overall, autonomy levels are rising amid evolving agent applications.

https://www.anthropic.com/research/measuring-agent-autonomy

Detecting and Mitigating Common Agent Misconfigurations

By CIO / Blog / AI, cybersecurity, AI agent, security controls

The article emphasizes the need to detect and mitigate common agent misconfigurations to enhance security. Agents are increasingly integrated into business workflows, but misconfigurations pose risks, including unauthorized access, data leaks, and unmonitored legacy systems. Key mitigation strategies involve using Copilot Studio for authentication, implementing data policies, conducting regular audits on dormant connections, and restricting actions based on user roles. Overall, effective management and monitoring of agents are crucial for maintaining a secure operational environment.

https://www.microsoft.com/en-us/security/blog/2026/02/12/copilot-studio-agent-security-top-10-risks-detect-prevent/

Have I Been Squatted? — Check if Your Domain Has Been Typosquatted

By CIO / Blog / monitoring, tools, cybersecurity

Have I Been Squatted: Service to monitor and manage lookalike domains for brand protection. Features include automated alerts, takedowns, and risk scoring. Trusted by over 340 brands, with a focus on user-friendly design and community engagement for effective cybersecurity.

https://haveibeensquatted.com/