The digital pivot: How HSS transformed hire with agentic AI

Copyright TechTarget - All rights reserved ComputerWeekly’s best articles of the day https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Sat, 13 Jun 2026 07:10:09 GMT https://www.computerweekly.com editor@computerweekly.com <p>From a manual business with 130 depots and a vast inventory of hire equipment, to an Uber-like digital marketplace that is set to <a href="https://www.computerweekly.com/resources/Artificial-intelligence-automation-and-robotics">deploy AI agents</a> to resolve customer queries, all with a vast <a href="https://www.computerweekly.com/news/366638839/Half-of-Googles-software-development-now-AI-generated">improvement in developer productivity</a>.</p> <p>That’s the journey taken by <a href="https://www.computerweekly.com/news/366640327/HSS-ProService-Uber-ifies-with-functional-programming-and-agentic-AI">HSS ProService</a>, formerly HSS Hire Group – established in 1947 – which last October sold its physical rental operations to a private equity firm and became a pure-play digital conduit between construction customers and suppliers.</p> <p>We talk to CEO Tom Shorten about how the newly branded HSS ProService became the digital hub of an “Uber-ified” business that pairs construction managers with a network of suppliers to provide tools, equipment, fuel, training and building materials.</p> <p>He tells us about the inspiration that led to the transformation – Brenda, the nerve centre of the digital marketplace – and his Tower One to Tower Two approach to migrating to the new systems.</p> <section class="section main-article-chapter" data-menu-title="What have you digitised and how would you describe the journey?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What have you digitised and how would you describe the journey?</h2> <p>Historically, HSS was a truly analogue hire business, where someone would walk into a branch and ask for a piece of kit, and you’d write it on a piece of paper, a slip. We eventually started using green screen computer programmes to manage that. I mean, it’s still a green screen industry. They’re using F10, F9, F8 prompts on the keyboard to move through logic.</p> <p>Our journey started to change because we started to understand that buyers don’t mind where the kit comes from as long as it turns up on time and it works. That gave us an opportunity to be just a broker of this kit – to give a fantastic experience and own the relationship with the customer and supplier, but not own the assets. </p> <p>We had a business within the business called OneCall, where we did that, really successfully. That was really the acorn. It was fascinating to me that a customer would call one of our sales guys, he’d see we don’t own that piece of kit, call another supplier, and the customer would get what they wanted. We’d sit in the middle and make a turn on it. That acorn grew into the idea of “let’s digitise that”. </p> <p>So, if a customer logged onto our platform and said, “I want one of these on this day”, and we have all the details we need, the system runs off to a supplier and says, “Hey, look, we’ve got this opportunity for you, hit here to accept”.</p> <p>It comes back and we put the two together, and that’s effectively the nuts and bolts of a marketplace algorithm. So, we started to build out that journey. </p> <p>When we started, about 5% of our orders were going through the .com site, so we digitalised orders. Now it’s anywhere between 40% and 45% purely via the web. The rest is via phone, email, chat. </p> </section> <section class="section main-article-chapter" data-menu-title="Are the orders that come in via phone, email, etc, still digitised after that?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Are the orders that come in via phone, email, etc, still digitised after that?</h2> <p>Imagine a Rubik’s Cube in the middle of our business, and that Rubik’s Cube has got a supplier interface, a colleague interface, a customer interface, an admin interface and a tech interface. </p> <p>What happens is, however the order comes in, it always ends up in that. </p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The challenge has been to move at the speed the market will allow you to move at. There’s no point in trying to get ahead of the market because that’s not great for business </figure> <figcaption> <strong>Tom Shorten, HSS ProService</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>We call that Brenda. That’s the mothership of our business. In any office, there’s someone who knows everything, and it’s typically a lady, and she knows everything. So, we named our system Brenda. And however it comes in – from .com, from a phone call, WhatsApp, or whatever it is – it ends up in there. </p> <p>The algorithm works to provide the best supplier for that customer, for that product, and we put it in the supplier portal for that supplier to look at it and accept the order.</p> <p>We were an organisation where we owned a load of kit. We’ve pivoted all the way to owning no kit. We manage customer relationships and supplier relationships. The supplier delivers the kit, services the kit, and picks up the kit. We manage the customer relationship to ensure that all goes as smoothly as possible for our customer.</p> </section> <section class="section main-article-chapter" data-menu-title="Could you sum up the challenges inherent in the process of moving from a real-world model to a fully digitised business?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Could you sum up the challenges inherent in the process of moving from a real-world model to a fully digitised business?</h2> <p>The first thing is that the build of the technology has to be right, and that’s a really challenging thing to do for hire. There’s also <a href="https://www.computerweekly.com/feature/Culture-eats-technology-in-digital-transformation">a cultural challenge</a>, because lots of our salespeople historically have gone out and sold on the basis that it was our kit and they were comfortable with our kit. What they have to do now is trust the fact that we will find the best kit for the customer, which isn’t our kit. And that is a different nuance for someone who’s been selling hire for a long time. </p> <p>Also, for some of our customers who had always effectively gone to a branch to pick up a piece of kit, we spent a lot of time explaining to them how this new way of working would work for them and why it would be beneficial. The challenge has been to move at the speed the market will allow you to move at. There’s no point in trying to get ahead of the market because that’s not great for business.</p> </section> <section class="section main-article-chapter" data-menu-title="What were the challenges on the technical side of the transition? What did the crossover period between the two models look like?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What were the challenges on the technical side of the transition? What did the crossover period between the two models look like?</h2> <p>I didn’t try for a “crossover”. We did it like this. Imagine Tower One was our old business. I didn’t try to grow the new business in Tower One. I created Tower Two, and with a different tech team built Tower Two. And then I moved people into Tower Two. I didn’t create a drawbridge. </p> <p>I knew from previous experience that if you try to take a legacy organisation and grow a new change, you’ll spend years convincing people and you’ll have the wrong skillset. </p> <p>So, [CTO] Daniele [Turi]’s team was totally separate to the legacy IT team. We built new foundations and we grew anew all the way up, including brand, culture, look and feel – everything. </p> </section> <section class="section main-article-chapter" data-menu-title="We’re in the AI era with automation and agents, so what’s next?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>We’re in the AI era with automation and agents, so what’s next? </h2> <p>We’re developing agents now to do what we call highly repetitive tasks in an environment. For example, if a customer wants a proof of delivery, at the moment one of our team might have to call up the supplier, hunt down a proof of delivery, can’t get hold of the right person, etc. All that now is going to be done through AI on an associated timeline.</p> <p>For every single contract, we’ll be able to visualise the status and the AI agents will work to update the data required to satisfy the customer need. We’re building those AI agents ourselves. </p> <p>We’re really lucky with our team. They’ve upskilled themselves to use Cloud Code really, really well, and now we don’t write any code at all in our business. We think we’ve probably got 10 times the output from our IT team. We’re running at two-week sprints into delivery. Software engineering has changed forever in our business.</p> </section> <section class="section main-article-chapter" data-menu-title="Looking back at the platform’s scaling journey, what is one major architectural or strategic decision you would approach differently today?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Looking back at the platform’s scaling journey, what is one major architectural or strategic decision you would approach differently today?</h2> <p>The one I would mention is an architectural debate about what platform to use and how we make management information available for reporting. </p> <p>We ended up with a system called Metabase, which is a really good dashboard and analytics platform. You can go as deep as you want to go, down to the nth crumb, as it were. We had been using other systems, and when our new head of data science came in, they suggested we park Metabase over the top of the data lake and shut down all the other things. </p> <p>We didn’t do that at first, because we were scared. But the implementation of Meta as a management tool was foundational to enabling the flow of data that our teams can understand. Prior to that, we had a lot of data, but not a lot of it was understood. So Meta brought data literacy into our business.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about digital transformation</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366640327/HSS-ProService-Uber-ifies-with-functional-programming-and-agentic-AI">HSS ProService ‘Uber-ifies’ with functional programming and agentic AI</a>: HSS’s pivot from 130-depot hire business to a digital-only marketplace to handle messy transactions and old-school processes in the construction sector.</li> <li><a href="https://www.computerweekly.com/news/366617867/Metro-mayors-face-similar-digitisation-challenges-to-banks-but-lack-their-resources">Metro mayors face similar digitisation challenges to banks, but lack their resources</a>: UK regional leaders want to be independent of central government when it comes to digital transformation decision-making, but don’t fully understand what’s ahead.</li> </ul> </div> </div> </section> HSS ProService underwent a profound transformation from asset-heavy hire business to digital marketplace set to deploy agentic AI. CEO Tom Shorten tells us how it did it https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/Rubiks-cube-puzzle-project-vitranc-getty-RF-hero.jpg https://www.computerweekly.com/feature/The-digital-pivot-How-HSS-transformed-hire-with-agentic-AI Fri, 12 Jun 2026 13:24:00 GMT The digital pivot: How HSS transformed hire with agentic AI <p>Oracle has issued an out-of-band patch for a remote code execution (RCE) zero-day vulnerability affecting its <a href="https://www.oracle.com/security-alerts/alert-cve-2026-35273.html" target="_blank" rel="noopener">PeopleSoft Enterprise PeopleTools</a> product that is being exploited in a rapidly-spreading ShinyHunters campaign.</p> <p>Tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35273" target="_blank" rel="noopener">CVE-2026-35273</a>, the vulnerability is known to be remotely exploitable without authentication, posing a serious risk to unpatched environments.</p> <p>“We consider implementation of the recommended mitigations to be a high-priority risk reduction measure and strongly recommend immediate action to address the identified exposure,” noted Oracle.</p> <p>“Oracle always recommends that customers remain on actively-supported versions and apply all Critical Patch Updates, Critical Security Patch Updates and Security Alerts without delay.”</p> <section class="section main-article-chapter" data-menu-title="UK university confirms breach via Oracle"> <h2 class="section-title"><i class="icon" data-icon="1"></i>UK university confirms breach via Oracle</h2> <p>The vulnerability is already known to have been used in a developing cyber attack <a href="https://www.nottingham.ac.uk/currentstudents/news/student-and-alumni-data-has-been-compromised-in-a-data-security-incident" target="_blank" rel="noopener">on the University of Nottingham</a>.</p> <p>According to the ongoing forensic investigation, the University was breached via a vulnerability in Oracle WebLogic – which is a server platform used to develop, deploy and run Java applications that forms a key part of the PeopleSoft Internet Architecture.</p> <p>In contact with <i>Bleeping Computer</i>, ShinyHunters <a href="https://www.bleepingcomputer.com/news/security/nottingham-university-data-breach-affects-over-450-000-students/" target="_blank" rel="noopener">claimed to have stolen 40GB of data</a> relating to 450,000 students past and present. The data is believed to comprise full names, birthdates and contact details, financial data related to their studies, information on characteristics such as ethnicity or disability, and passport data.</p> <p>In a statement earlier today (12 June), a University spokesperson said: “Our investigation into this incident is continuing, and this matter has now become a criminal investigation, with police involved alongside ongoing forensic work.</p> <p>“We are continuing to work closely with cyber security specialists and regulatory authorities to understand the scope of the data accessed and to ensure our system remains secure. We know how concerning this situation is and as soon as we have more definitive information to share, we will provide a further update,” they added.</p> <p>The University has established a <a href="https://www.nottingham.ac.uk/Home/Alerts/Cyber-attack-incident.aspx" target="_blank" rel="noopener">dedicated web page</a> and contact phone lines for affected individuals.</p> <p>According to the Google Threat Intelligence Group and Mandiant, ShinyHunters began exploiting CVE-2026-35273 a few weeks ago, on 27 May.</p> <p>GTIG said that upon becoming aware of active scanning and exploitation, it notified over 100 organisations with IP addresses correlating with potentially at-risk endpoints, 68% of them in the higher education sector.</p> <p>Public reports obtained via social media platform X has subsequently enabled its team to piece together a detailed breakdown of ShinyHunters’ campaign, <a href="https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit" target="_blank" rel="noopener">which can be found here</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Education in the crosshairs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Education in the crosshairs</h2> <p>Since the summer of 2025, various ShinyHunters campaigns have targeted multiple different verticals, with the group favouring mass compromise of software products used by similar organisations.</p> <p><a href="https://www.halcyon.ai/ransomware-alerts/education-sector-in-the-crosshairs-shinyhunters-extortion-campaign-against-instructure" target="_blank" rel="noopener">Over the past couple of months</a>, the collective has been targeting education institutions specifically, and the PeopleSoft attacks follow swiftly on the heels of its April compromise of Infrastructure’s Canvas learning management system.</p> <p>In that instance, ShinyHunters claimed to have exfiltrated 3.65 TB of data comprising 275 million records from almost 9,000 different institutions.</p> <p>The danger in the exposure of highly sensitive data relating to children and students lies not just in the situation in which ShinyHunters’ victims find themselves, but in the potential for other threat actors to conduct personalised downstream attacks against individuals.</p> <p>Keven Knight, CEO of <a href="https://talion.net/" target="_blank" rel="noopener">Talion</a>, said: “Now that this data has been compromised, students and alumni must be vigilant for phishing scams as this is likely the route the attackers will take to monetise from the incident, if their ransom demand is not met.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about ShinyHunters</h3> <ul style="list-style-type: square;" class="default-list"> <li>The notorious ShinyHunters hacking collective menaces video game publisher Rockstar and says it will leak data <a rel="noopener" target="_blank" href="https://www.computerweekly.com/news/366641486/Grand-Theft-Auto-publisher-Rockstar-hit-by-hackers-again">on 14 April</a>.</li> <li>The ShinyHunters hacking collective that caused chaos in 2025 is ramping up a new voice phishing campaign, with several potential victims <a rel="noopener" target="_blank" href="https://www.computerweekly.com/news/366637762/Wave-of-ShinyHunters-vishing-attacks-spreading-fast">already identified</a>.</li> <li>ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters <a rel="noopener" target="_blank" href="https://www.computerweekly.com/news/366629157/Researchers-firm-up-ShinyHunters-Scattered-Spider-link">and Scattered Spider cyber gangs</a>.</li> </ul> </div> </div> </section> A zero-day vulnerability affecting Oracle's PeopleSoft products is being exploited by a ShinyHunters campaign targeting schools and universities. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/security-breach-artbase-adobe.jpg https://www.computerweekly.com/news/366644375/Oracle-fixes-PeopleSoft-flaw-exploited-by-ShinyHunters Fri, 12 Jun 2026 12:22:00 GMT Oracle fixes PeopleSoft flaw exploited by ShinyHunters <p>With its customers using multiple financial professional services in its portfolio, corporate services provider Vistra wants to provide a single platform. The digital backbone will also give customers access to better quality business information through embedded artificial intelligence (AI).</p> <p><a href="https://www.vistra.com/people/damian-leach">Damian Leach, recently installed chief AI and digital officer at Vistra</a>, has been tasked with accelerating the group’s capabilities in digitally enabled and AI-powered professional financial services. Vistra has around 10,000 staff across 65 global locations, and offers tax, payroll, fund and entity management services among others.</p> <p>A project to build the digital backbone platform will gradually enable customers to access more of its products and services through a single front-end, says Leach: “For us, [the digital platform] is a tremendous opportunity to make sure we are operating internationally with borderless, frictionless services.”</p> <p>Vistra’s client businesses currently use a combination of digital services and products as well as teams of services, according to Leach. The platform will make them all accessible through a single interface.</p> <p>“For example, iiPay – a <a href="https://www.fintechfutures.com/m-a/vistra-acquires-payroll-platform-iipay">recent acquisition</a> that we made – is a multi-country global payroll provider, but we’ve also got local payroll solutions that we offer in certain markets,” he tells Computer Weekly. “So, we’re intending to unify them and make them readily available across the platform.”</p> <section class="section main-article-chapter" data-menu-title="Better data"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Better data</h2> <p>One of the key benefits for Vistra’s customers, according to Leach, is providing them with better quality data about their business: “Data remains one of the largest issues for our customers. Often, organisations have fragmented data in silos, working from multiple sources, which leads to fragmented output and multiple answers to the same question.</p> <p>“We can play a pivotal role in cleaning up that view for customers within their portfolios that we have under management, not only unifying the clean data that we have, but providing the ability to ask questions of that data to gain intelligent insights.”</p> <p>Leach says that by infusing AI into the workflow behind the scenes, a modern approach to the customer journey is created. Vistra is building the platform itself and will use AI offered by hyperscalers, with orchestration and automation tools.</p> <p>“We are coming up with a tenanted architecture that allows us to promote granularity to each of our individual clients while keeping their data secure,” says Leach.</p> <p>He adds that the project will be ongoing with regular iterations, but it all starts with “the boring stuff”. According to Leach, this is of “upmost importance” and includes “designing policies and the guardrails, setting the standards, doing the architecture, setting the roadmap, engineering blueprints, and addressing regulatory issues and trust and privacy concerns that our clients have”.</p> <p>He adds: “We have a blueprint and it is released into certain markets with features. We work in iterative agile sprints to release features and capabilities into the platform on an ongoing basis.”</p> <p>Vistra plans on releasing new capability for the business to test every two weeks, says Leach: “Once tested and approved, we then release it to our clients.”</p> <p>The company intends to roll out to major market hubs by the end of the year.</p> </section> <section class="section main-article-chapter" data-menu-title="AI opportunity"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI opportunity</h2> <p>Leach tells Computer Weekly that AI is a huge opportunity for Vistra to improve its services despite some misgivings across wider industry.</p> <p>“There’s a lot of judgement that comes about through the topic of AI, because a lot of people tend to think AI is about automating processes,” he says. “This is somewhat true, but I think the real benefit is improving the client experience. If you connect the client to the data that they have and put intelligent services over it to build those ‘what if?’ scenarios, they can question the data and we can open new services.”</p> <p>A key opportunity is also to offer services as part of an integrated suite of products through relationships and integration into other platforms, adds Leach. “One of the things that I’m looking at is how to build strategic relationships with other cloud native platform vendors to include our products and services which are different to theirs in their marketplace,” he says.</p> <blockquote> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/computerweekly/Damian-Leach-Vistra-140px.jpg" alt="Headshot of Damian Leach."> </div> <p><strong><span style="color: #34495e;">“We are coming up with a tenanted architecture that allows us to promote granularity to each of our individual clients while keeping their data secure”</span></strong></p> <p><em><span style="color: #34495e;">Damian Leach, Vistra</span></em></p> </blockquote> <p>In terms of its own IT resources, Vistra has 450 tech staff which all sit in Leach’s team. He describes his role as being like a CIO, chief technology officer (CTO) and chief data officer (CDO) rolled into one, heading up infrastructure core services such as datacentres, end user computing, as well as networks, voice and collaboration services and cloud.</p> <p>In addition, he is responsible for Vistra Digital, which covers all the customer-facing products and services, and traditional enterprise applications, while cyber security, architecture, engineering and all the functional also falls within his remit.</p> <p>Leach spent 13 years in global banking technology roles leading global teams and has been the CTO of a global fortune 500 software-as-a-service (SaaS) provider. Until recently, he was global <a href="https://www.computerweekly.com/news/366620921/Seaco-charts-course-for-unified-security-strategy">CIO at container leasing company Seaco</a> where he led the modernisation and scaling of enterprise technology capabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="Skills challenge"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Skills challenge</h2> <p>Leach says one of the biggest challenges faced when adopting AI is the availability of the right skills, which are “the biggest challenge as we enter the AI era, and learning and focusing on talent and skills within the existing team”.</p> <p>He says to address this he has three combined strategies. The first is to build and foster grassroots innovation in the existing workforce: “It’s important for us to <a href="https://www.computerweekly.com/news/366629372/AI-advances-clear-path-to-software-development-careers">lift the existing core team skills</a> and expertise that we have and arm them with the right tools and support needed to succeed. This includes providing psychological safety for the team to experiment, innovate and even fail as they learn, but at least [they gain] progress.”</p> <p>He says employees understand the challenges the company has but perhaps lack the tools to help solve them. “Through innovation grassroots mindset, we can encourage the best-in-class ideas to surface and for people to stay as they learn and continue to contribute,” he adds.</p> <p>The current drive is to encourage the development of a community of builders by releasing AI tools to them to start coding to meet some needs that they have.</p> <p>Leach says the company is also “<a href="https://www.theserverside.com/blog/Coffee-Talk-Java-News-Stories-and-Opinions/How-long-is-a-Sprint-in-Agile?_gl=1*keci33*_ga*Mjg4MTcxMzU3LjE3Nzk5NjUxNTU.*_ga_TQKE4GS5P9*czE3ODEwMDE1MjIkbzQ1JGcxJHQxNzgxMDAyNDYxJGoxMSRsMCRoMA..">sprinting</a>” using new talent: “I’ll be setting up strategic relationships with key universities and taking in fresh graduates. It’s a focused project, building new talent from the ground up. And of course, here in Singapore, there’s great opportunity and very supportive government initiatives to meet the national AI strategy.”</p> <p>The company is also building on existing capacity in delivery centres in Malaysia, China and India.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more CIO interviews</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366643836/Interview-Clare-Hickie-EMEA-CTO-Workday">The IT chief went from implementing Workday software at one of the firm’s largest customers to leading technology at the supplier – she discusses what she learned</a>.</li> <li><a href="https://www.computerweekly.com/news/366643817/Interview-Michael-Cole-chief-technology-officer-DP-World-Tour">AI promises to revolutionise the experience of watching or taking part in the traditional golf for players, fans and TV viewers – the IT chief leading the change explains how</a>.</li> <li><a href="https://www.computerweekly.com/news/366639330/Interview-Nick-Pearson-CIO-Ricoh-Europe">Working for a company undergoing a major pivot in its business model means variety and opportunity for the supplier’s tech chief</a>.</li> <li><a href="https://www.computerweekly.com/news/366635509/Interview-Art-Hu-global-CIO-Lenovo">The IT chief at the PC, servers and storage supplier is using his experience of rolling out tech internally to boost the growing services ambitions of the Chinese tech giant</a>.</li> </ul> </div> </div> </section> CIO Damian Leach discusses Vistra’s digital platform, which he says will harness artificial intelligence in its financial professional services offering https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/financial-results-chart-graph-5-adobe.jpeg https://www.computerweekly.com/news/366643928/CIO-interview-Damian-Leach-Vistra Fri, 12 Jun 2026 12:06:00 GMT CIO interview: Damian Leach, Vistra <p>Customer and employee experience software supplier Freshworks is pivoting towards artificial intelligence (AI)-driven <a href="https://www.techtarget.com/searchhrsoftware/definition/employee-experience">employee experience (EX)</a>. This move, which places AI at the heart of the firm’s strategy, has significant implications for companies and professionals relying on its <a href="https://www.computerweekly.com/blog/Data-Matters/How-simplifying-IT-helps-teams-perform-at-racing-speed">Freshservice platform</a>.</p> <p>That is the key takeaway from Freshworks Refresh 2026 in New York City, where senior executives outline the company’s product roadmap, and customers present best-practice techniques they’ve adopted to make the most of the platform. What’s clear during the event is that the technology firm seems eager to do things differently from its competitors, such as Salesforce, Zendesk, HubSpot and ServiceNow.</p> <p>Dennis Woodside, CEO and president at Freshworks, says in his keynote speech to service leaders in the room that his company absorbs the complexity of modern business so they can do their jobs better. He suggests that attending professionals share something in common: “You all bet on a different way of doing enterprise software.”</p> <p>During the keynote and a series of product-focused sessions, Woodside and his colleagues outline new features the company hopes will differentiate it from its competitors. The aim is to create an agile, open platform for connecting assets and incidents, with the company’s <a href="https://www.computerweekly.com/blog/Data-Matters/The-importance-of-simplifying-IT-enterprise-capability-without-the-complexity">Freddy AI technology</a> at the heart of an agentic approach to customer support.</p> <p>Freshworks announced a series of product features at the event, including AI Agent Studio, its no-code agent builder; MCP Gateway, which bridges Freshservice with the AI tools customers choose; and new performance dashboards that offer AI-powered insights to service leaders charged with delivering high-quality EX.</p> <p>Woodside says these capabilities will position Freshservice for a continuing data-enabled transformation that will accelerate during the next two years. He suggests everyone’s world will change in three radical ways.</p> <p>First, professionals at all levels in all sectors will rely on thousands of agents that must be governed and identifiable.</p> <p>Second, traditional performance measures, such as service-level agreements (SLAs), will be replaced by experience-level agreements, as service leaders aim to ensure agentic-enabled support boosts staff productivity.</p> <p>Finally, in an age when operations will be more proactive than reactive, organisations will require a single source of truth that human and AI agents can trust.</p> <p>“When you look at what we’re shipping today and what we’re talking about for the future, those are the beliefs that we’re building towards,” says Woodside, as he concludes his keynote. “So, the question really isn’t whether this is going to happen; it’s going to happen. The question is, ‘Who do you trust to walk into that future with you?’”</p> <section class="section main-article-chapter" data-menu-title="What customers need to know now"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What customers need to know now</h2> <p>Freshworks CTO Murali Swaminathan tells Computer Weekly in a one-to-one interview that he believes the on-stage announcements demonstrate that the company is pivoting strategically to develop a competitive edge in the age of AI.</p> <p>“We’re trying to make our platform more configurable and usable,” he says. “It’s not like we’re trying to bring everyone else to our interface. Instead, we want to be more interoperable with everyone else. The MCP Gateway, for example, means our customers can use our technology to call any AI.”</p> <p>This approach resonates with Chris Kairinos, senior director of global modern workplace technology, client services and technology operations at A+E Global Media. He explains to Computer Weekly how his media company has used Freshworks technology since late 2020.</p> <p>During the past six years, Kairinos has continued to hone his company’s use of the platform. He says he is impressed with some of the new features, particularly Agent Studio. At a time when his company, like so many others, is attempting to plot a roadmap towards <a href="https://www.techtarget.com/searchenterpriseai/definition/agentic-AI">agentic AI</a> in support services, Kairinos says he also likes the in-built flexibility of MCP Gateway. </p> <p>“The Freshworks approach is all about growing the ecosystem,” he says. “The MCP Gateway is going to help a lot. Before, you might have used something like Copilot Studio with Microsoft, but then, when you come to adding the technology to your platforms, you might encounter integration issues.”</p> <p>Kairinos says he regularly speaks with the Freshworks product team about new features, adding that the company’s focus on interoperability is crucial to helping alleviate long-term integration concerns. “I say to the product team at Freshworks that AI is a case of, ‘Who’s the best kid in the playground?’” he says.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Success in the age of AI will be all about which provider will play nicest with your existing digital stack </figure> <figcaption> <strong>Chris Kairinos, A+E Global Media</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>“Success in the age of AI will be all about which provider will play nicest with your existing digital stack. With the technology they’ve demoed on stage, and from an <a href="https://www.techtarget.com/searchenterpriseai/tip/How-the-Model-Context-Protocol-simplifies-AI-development">MCP standpoint</a>, Freshworks is a pretty good kid in that playground at the minute, and the position is only going to get better.”</p> <p>Speaking on stage at the event, Julie Mohr, principal analyst at research firm Forrester, says the key to unlocking value from AI is focusing on the right business outcomes. Companies can use AI-powered technologies to boost employee experiences. However, their effectiveness will rely on in-depth expertise, and that’s where Freshworks can play a supporting role.</p> <p>“Skill sets in AI are at a premium right now,” she says. “For people to make the right decisions and to understand how to transform, they need those skills. And because companies don’t necessarily fully understand what that transformation is going to look like, they’re going to rely on vendors and partners.”</p> <p>The key to success for technology providers like Freshworks, suggests Swaminathan, is openness. Gone are the days when enterprise software specialists maintained a strong firewall that kept customers locked to their limited set of services. In the AI era, companies must be open to new interfaces and partnerships.</p> <p>“Every single player has to coexist with the rest of the players, and interoperability is going to be the biggest thing that drives success,” he says. “You can’t force customers to say you have to use this tool or that tool. The customer is going to use the tool of their choice, and you have to be able to embed yourself or connect to that tool.”</p> </section> <section class="section main-article-chapter" data-menu-title="Understanding the technology roadmap"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding the technology roadmap</h2> <p>While the announcements at the event highlight Freshworks’ desire to prepare for an agentic future, Swaminathan says customers should be aware that the company’s new features aren’t only focused on agents. He says the firm is aiming for breadth and depth, both in the features it offers and the ways it supports its clients.</p> <p>“I meet many customers, and not everybody’s ready to embrace AI yet,” he adds. “They have their own challenges. So, we are in this mode where we still have to support folks who don’t use AI and those who do. That reality means everything we build has to be built with a mindset that says, ‘Okay, the world is moving, but not moving as fast as the technology is changing.’”</p> <p>Swaminathan’s point is an interesting one – sometimes, technology suppliers, perhaps unwittingly, innovate faster than their customers can absorb. Speaking to Computer Weekly at the event, Shannon Kalvar, research director at analyst IDC, discusses Freshworks’ strategy.</p> <p>“What they’re trying to say is that we can help mid-sized enterprises to achieve the end goal you’re headed towards, which is a world where you are working with your digital estate, not just as a productivity tool, but as a production tool,” he says. “They were saying, ‘It’s the world you already find yourself in, but you’re not ready.’”</p> <p>Kalvar suggests that enterprises need to become agile organisations – and reaching this position might require a heavy lift for slower-moving firms. For Freshworks, like for all enterprise software providers, pushing transformation at the right pace for digital leaders is crucial. So, should Freshworks develop a strategy to help its customers manage cultural change?</p> <p>The answer, says Swaminathan, is maybe. He stresses that the company already has an AI advisory group to help guide customers through the change process. While companies will have to deal with the “heavy stuff” behind the scenes, Swaminathan recognises that the rise of agentic AI poses new challenges and that advisory input can be crucial.</p> <p>“A lot of the functionality we have in the product, you can turn it on and start using it,” he says. “But AI is one area where we will have to guide customers through the process. So, with our AI advisory and some of our specialised engineering, we want to help by providing white-glove service to the right customers, because that’s how we think they can be successful.”</p> <p>Regardless of the route to the destination, one thing is certain: Freshworks’ future is all about embracing AI. So far, the market likes the moves the company is making. Before the New York event, the company presented its quarterly results in an earnings call. In Q1 2026, revenue rose 16% year-over-year to $228.6m.</p> <p>During the call, Freshworks announced it would lay off roughly 500 employees (around 11% of staff). The company’s CEO, Dennis Woodside, stated the cuts are due to over 50% of the company’s code now being written by AI, reducing the need for traditional manual coding and allowing the company to streamline operations.</p> <p>Woodside says on the earnings call: “About over half of our code is originated in AI today, and like many other software companies, that is definitely changing how we build products, how fast we can build products, and the amount of people who we need to build products.”</p> <p>Freshworks is <a href="https://www.computerweekly.com/news/366642756/Tech-sector-job-losses-show-AI-replacement-in-action">far from alone in announcing IT job cuts</a> and joins an ever-growing list of technology firms that are seeing the power of AI-enabled code. At the event, Swaminathan tells Computer Weekly that the company recognises that innovation velocity has increased with AI-enabled development.</p> <p>“That capability means we can do more quickly,” he says. “The speed and agility are where we’re seeing the difference, right? So, that’s what we have to figure out: how do we level up our engineers to do bigger things faster?”</p> <p>Asked to paint a picture of how Freshworks and its services will look three years from now, Swaminathan says it won’t just be his company that uses AI heavily. He says AI-powered services will continue to mature, as will customers’ approaches, including firms that are slower to embrace AI right now.</p> <p>“I said earlier that not everyone is ready for AI,” he says. “In three years, every customer will be there. That means we won’t need two ways to support customers; instead, everyone will be using AI. That means a lot of the workflows will be autonomous, and every single feature will be AI native or AI-powered.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI in EX and CX</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/feature/CXEXBG-with-added-AI-A-winning-formula-for-customer-experience">CX+EX=BG</a>, with added AI: A winning formula for customer experience.</li> <li>The <a href="https://www.computerweekly.com/opinion/The-future-of-CX-is-AI-powered-and-human-centric">future of CX is AI-powered and human-centric</a>.</li> <li>Elevate <a href="https://www.techtarget.com/searchcustomerexperience/feature/Elevate-customer-experience-with-AI-and-analytics">customer experience with AI and analytics</a>.</li> </ul> </div> </div> </section> Freshworks is pivoting to AI-driven employee experience, launching its AI Agent Studio, MCP Gateway and AI dashboards https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Customer-experience-AdobeStock_323398101.jpg https://www.computerweekly.com/feature/Freshworks-Refresh-2026-pivot-to-AI-driven-employee-experience Fri, 12 Jun 2026 11:20:00 GMT Freshworks Refresh 2026: pivot to AI-driven employee experience <p>Labour MP Jess Asato is taking legal action against Elon Musk’s xAI after its Grok chatbot was used to non-consensually fabricate sexualised images of her, marking the first ever English law claim against the generation of deepfakes.</p> <p>In a claim submitted to the High Court in London at the start of June 2026, Asato alleged that xAI – now a subsidiary of Musk’s SpaceX, which also owns X (<em>formerly Twitter</em>) – breached UK data protection law and rules around the misuse of private information in allowing users of the site to create non-consensual deepfake images and videos of her.</p> <p>Asato’s claim will seek damages from xAI and attempt to set a precedent that technology companies be <a href="https://www.computerweekly.com/news/366639072/European-Commission-TikToks-addictive-design-breaches-EU-law">held responsible for their design choices</a> and the harms of the systems they create.</p> <p>“Grok created deepfake pornography and sexualised content which harmed thousands of women and children,” she said. “Its ability is not an accident, nor misuse, it is a design choice by its creators. In launching this case, I am pursuing accountability for those choices.</p> <p>“I hope this legal action also gives voice to the thousands of victims in the UK, women, girls and horrifically even children who were abused by Grok. I am calling on anyone in the UK who experienced the misuse of their image or video by Grok to come forward and support our legal claim.”</p> <p>Ravi Naik, the legal director of legal firm <a href="https://www.computerweekly.com/news/366618479/High-Court-Sky-Betting-parasitic-in-targeting-problem-gambler">AWO</a> who is representing Asato, added that, “at its heart, this case is about a single principle – that AI developers must answer for the way they design their tools…No one should be subjected to abuse like this, and no one should have to instruct a lawyer to get images like these taken down.”</p> <p>He added while the firm has already secured the removal of the offending images, it is now seeking redress and accountability for Asato. “This content existed because of design choices made by xAI, and technology of this kind does not simply happen – it is built and it is built deliberately,” said Naik.</p> <p>“Grok was designed in a way that permitted the creation of non-consensual, sexualised and misogynistic images of women – and that outcome was a choice, not a glitch. This is one of the first claims to test liability for the design of an AI system, and we hope it will make it clear to AI developers that safety cannot be an afterthought.”</p> <p>Asato’s case has since been <a href="https://www.onlinesafetyact.net/analysis/statement-about-jess-asato-legal-action-against-xai/">backed by more than 100 campaigners and organisations</a> – including Women’s Aid, Refuge, Rape Crisis England & Wales, the Fawcett Society, the Mental Health Foundation and the Molly Rose Foundation – which have published a joint statement backing the MP.</p> <p>“We hope that this will be a first step towards accountability for those responsible and that it will open a path to redress for the many, many other victims who have suffered,” they said. “Researchers found that in an 11-day period – from the start of December 29th 2025 to the end of January 8th 2026 – Grok generated an estimated 3 million non-consensual sexualised images of women and children, which were widely disseminated on X, causing untold harm. </p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Technology of this kind does not simply happen – it is built and it is built deliberately </figure> <figcaption> <strong>Ravi Naik, AWO</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>“To date, there has been no justice for any of the victims. We believe that xAI must be held legally accountable to ensure that no AI tool or social media platform can ever repeat such awful harms against women, children or anyone.”</p> <p>The UK government previously condemned X in January 2026 after Grok was used to produce vast quantities of sexualised images based on real women, and in some cases children, with <a href="https://www.theguardian.com/technology/2026/jan/12/uk-threatens-action-against-x-over-sexualised-ai-images-of-women-and-children">senior politicians claiming</a> the company “is not doing enough to keep its customers safe online”.</p> <p>The <a href="https://www.computerweekly.com/news/366636925/Ofcom-begins-investigation-of-explicit-image-generation-on-Grok">media regulator, Ofcom, then launched a formal inquiry the same month</a>, saying it would work to establish whether X has failed to comply with its legal obligations under the <a href="https://www.computerweekly.com/feature/The-UKs-Online-Safety-Act-explained-what-you-need-to-know">Online Safety Act</a>.</p> <p>Among the areas of investigation is an assessment of the risk of people in the UK seeing content that is illegal in the UK, and whether X is taking appropriate steps to prevent people in the UK from seeing “priority” illegal content such as non-consensual intimate images. The investigation will also look at how quickly X takes down illegal content when it is made aware of it, and how it is protecting users from a breach of privacy laws.</p> <p>With regards to protecting children, Ofcom said the investigation will also assess the risk the Grok AI service poses to UK children, and the effectiveness of X to use age assurance to protect UK children from seeing pornography.</p> <p><a href="https://x.com/elonmusk/status/2009714966169870804">In a post on X</a> from 9 January 2026, Musk said the UK wants “any excuse for censorship”.</p> <p>Computer Weekly contacted xAI about Asato’s legal action, as well as Ofcom’s investigation, but received no response.</p> <p><a href="https://refuge.org.uk/news/grok-image-abuse-statement/">Emma Pickering</a>, head of technology-facilitated abuse and economic empowerment at Refuge, the charity which provides specialist support for women and children experiencing domestic violence, previously called for tech companies to be held accountable for implementing effective safeguards and preventing perpetrators from causing harm.</p> <p>“Legislation to criminalise creating, or requesting the creation of, non-consensual deepfake intimate images has progressed through Parliament, but we are still waiting for the law to come into effect,” she said.</p> <p>While the sharing of real and synthetic intimate images without consent is illegal in the UK, she pointed out that in practice, the law is not being effectively enforced, with woefully low conviction rates.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about online safety</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366643835/Age-verification-tech-could-put-children-at-greater-risk-says-think-tank">Age verification tech could put children at greater risk, says think tank</a>: UK proposals for mandatory age verification will not mitigate children’s exposure to harmful content and ‘addictive’ app design, and risks excluding vulnerable groups from online services, says Foundation for Information Policy Research.</li> <li><a href="https://www.computerweekly.com/news/366639234/Businesses-may-be-caught-by-government-proposals-to-restrict-VPN-use">Businesses may be caught by government proposals to restrict VPN use</a>: Labour proposals to restrict social media use to people aged 16 and under could have unintended consequences for businesses using virtual private networks.</li> <li><a href="https://www.computerweekly.com/news/366623592/Government-and-Ofcom-disagree-about-scope-of-Online-Safety-Act">Government and Ofcom disagree about scope of Online Safety Act</a>: MPs heard different views from the online harms regulator and the UK government about whether and how the Online Safety Act obliges platforms to deal with disinformation.</li> </ul> </div> </div> After xAI’s Grok chatbot was used to create sexualised images and videos of her, Labour MP Jess Asato is taking legal action against the company in a bid to hold the firm accountable for the harms associated with its design choices https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Grok-Social-Media-AI-X-adobe-2.jpg https://www.computerweekly.com/news/366644374/Labour-MP-Jess-Asato-launches-legal-action-over-Grok-deepfakes Fri, 12 Jun 2026 11:05:00 GMT Labour MP Jess Asato launches legal action over Grok deepfakes <p>Lingerie and adult toys retailer Ann Summers completed a major overhaul of its enterprise integration architecture in partnership with PMC <a href="https://www.computerweekly.com/feature/From-front-to-back-tech-vice-president-Dan-Lake-on-Notonthehighstreetcoms-tech-strategy">18 months ago</a>, and the business is now looking at a future no longer restrained by long-legacy systems and software.</p> <p>Its legacy enterprise service bus (ESB) environment was replaced by PMC’s Graphene platform, modernising more than 100 integrations and laying foundations for <a href="https://www.computerweekly.com/feature/Retailers-and-customers-alike-open-to-AI-but-calls-for-caution">future marketplace growth and artificial intelligence (AI)</a> initiatives, among other tech-led strategies. In the words of the company’s technology and supply chain director Jeannette Copeland, Ann Summers had got to the point with IT and digital infrastructure where it was “continually building on top of things”.</p> <p>“And that gets to the stage where you’re almost building on top of sand…we got to the point where we needed to dig in and change that,” she explains.</p> <p>But while the technology story is transformative for Ann Summers, the lessons learned during the move to reverse engineer old systems and replace the ESB over a nine-month period may be even more valuable for retailers facing similar challenges.</p> <section class="section main-article-chapter" data-menu-title="Lesson 1: Don’t wait until you’re building on sand"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lesson 1: Don’t wait until you’re building on sand</h2> <p>The catalyst for the project was a familiar retail problem. Over time, new systems, new channels and new business requirements had been layered onto existing infrastructure. The result was an increasingly complex integration landscape that had become difficult to manage and expensive to maintain.</p> <p>The challenge is one many retailers recognise. New marketplaces appear, new customer experience tools emerge and new payment methods need integrating, but rather than replacing underlying architecture, businesses often add another connection, another workaround or another piece of middleware.</p> <p>Copeland describes how Ann Summers had a relatively small internal team supporting the previous environment and staff departures created a growing knowledge gap over time.</p> <p>This is a challenge facing many mature retail organisations. Systems often outlive the people who originally implemented them. Documentation becomes outdated, processes evolve without being recorded and, eventually, businesses become dependent on institutional memory.</p> <p>For Ann Summers, this became a significant factor in its decision to partner with PMC. Rather than owning every aspect of the integration architecture internally, Copeland wanted responsibility for documentation, maintenance, and platform evolution to sit with a specialist partner. She describes it as “a black box” that can connect internal and third-party systems together.</p> <p>Ann Summers reached the point where it needed to address a tech complexity problem directly, replacing a legacy integration environment that had become increasingly difficult to support and evolve.</p> </section> <section class="section main-article-chapter" data-menu-title="Lesson 2: Give yourself more time than you think you need"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lesson 2: Give yourself more time than you think you need</h2> <p>Copeland says of the project: “First, the timelines were incredibly ambitious, we had too little contingency time.”</p> <p>The original ambition was to complete the work, which began in March 2024, before that year’s peak trading. Although the system was operational by October, the programme was not fully complete and additional work continued beyond the initial go-live period.</p> <p>As a result, the team had to rethink delivery plans, split work into minimum viable product phases and introduce temporary manual processes where automation could not be delivered on schedule.</p> <p>“If we had all the time, money and people in the world, [we] would have approached it really differently,” says Copeland.</p> <p>Instead, the business had to adapt throughout delivery, staging elements of the roll-out and continuing work during peak trading. The experience underlines a recurring truth about major transformation programmes: complexity is usually underestimated. And that challenge becomes even greater considering the integration layer touches virtually every function, from e-commerce and finance to fulfilment and customer service.</p> </section> <section class="section main-article-chapter" data-menu-title="Lesson 3: Board sponsorship is crucial"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lesson 3: Board sponsorship is crucial</h2> <p>Technology projects often focus on platforms, architecture and implementation partners, but Copeland’s account suggests success comes when <a href="https://www.computerweekly.com/feature/Retail-tech-transformation-winning-boardroom-hearts-and-minds">engagement happens much higher up the organisation from the outset</a>.</p> <p>“Taking it over the line, we had board sponsorship, so the sponsorship was from the top down,” she says, adding that the board established a pragmatic approach to risk. “We were prepared to pause the project if it wasn’t going to be achievable.”</p> <p>That flexibility proved valuable during difficult moments when leadership teams had to assess whether to continue or temporarily halt progress. The presence of executive support provided both confidence and clarity.</p> <p>Copeland recalls receiving one particularly simple instruction from the boardroom regarding project risk: “The only real caveat that I had from the CEO was not to break the business.”</p> <p>Her comments capture an important reality. Transformation programmes often succeed not because risk disappears, but because organisations align around acceptable risk and create governance structures capable of managing it.</p> </section> <section class="section main-article-chapter" data-menu-title="Lesson 4: People will underestimate how hard transformation really is"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lesson 4: People will underestimate how hard transformation really is</h2> <p>One of Copeland’s most revealing observations had little to do with technology – instead, it concerned human expectations. Reflecting on the programme, she says: “I knew how big and tricky it would be.”</p> <p>She repeatedly prepared colleagues about the scale and complexity involved. Yet, she believes many people still failed to grasp what the project would actually feel like. “I know that I said those words, but I don’t think everyone understood how difficult it would be because they’ve just never been through those things.”</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> We were prepared to pause the project if it wasn’t going to be achievable </figure> <figcaption> <strong>Jeannette Copeland, Ann Summers</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The challenge wasn’t simply technical complexity, it was the breadth of impact across the organisation. The ESB connected systems across the entire business, and teams were required to support project activity while continuing their day-to-day responsibilities. Additional resources were required, priorities shifted and pressure increased.</p> <p>“It was the number of plates that we had spinning,” says Copeland, adding that a key challenge was then keeping everyone aligned and focused as intensity ramped up. “Even though you think you’ve told people [how difficult transformation will be], you need to find a way to make them feel it before they really have to feel it.”</p> <p>Change management, therefore, isn’t simply about communication. It’s about creating realistic expectations about workload, disruption and organisational impact, although Copeland acknowledges she doesn’t have the answer to preparing retail organisations for such an overhaul of critical infrastructure.</p> </section> <section class="section main-article-chapter" data-menu-title="Lesson 5: Technical debt never disappears"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lesson 5: Technical debt never disappears</h2> <p>Although the migration delivered a new platform foundation, Copeland is realistic about the idea of ever reaching a finished state. Because documentation was incomplete and timelines were compressed, some elements of the existing environment had to be moved through a “lift-and-shift” approach, she notes.</p> <p>As a result, not everything was optimised immediately. Instead, Ann Summers and <a href="https://www.computerweekly.com/feature/Crew-Clothing-head-of-IT-The-projects-dont-stop">PMC</a> continue addressing technical debt as part of ongoing development work.</p> <p>“When we’re touching a part that we’ve not optimised, or if we’ve got some spare capacity, we will take a look at some of that technical debt,” says Copeland. “It’ll never really end though, right? Because technical debt always exists, it’s just how old your technical debt is.”</p> </section> <section class="section main-article-chapter" data-menu-title="Lesson 6: Focus on foundations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lesson 6: Focus on foundations</h2> <p>Although the original business case at Ann Summers was broader than to support AI strategy and integration, the transformation has become increasingly relevant in that regard as the wider retail world continues to explore AI-driven discovery, customer experiences and operational automation at pace.</p> <p>Ann Summers’ marketplace strategy was one driver behind the programme. As a retailer of adult products, online discoverability challenges have encouraged the company to expand through marketplaces and third-party channels. Supporting those ambitions required a more flexible integration architecture.</p> <p>At the same time, Copeland has been clear that AI ambitions depend on getting the fundamentals right. “Unless you’ve got your data straightened out, it can hold you back,” she says. “We are trying to ensure we’ve got foundations in our data so we can scale in the future, and that we’ve got options so we don’t find ourselves in a technical corner.”</p> <p>The new platform is already helping Ann Summers deliver richer customer service experiences by bringing together data from multiple systems and surfacing more contextual information for agents handling customer enquiries. </p> </section> <section class="section main-article-chapter" data-menu-title="Lesson 7: Have a North Star"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lesson 7: Have a North Star</h2> <p>When it comes to tech transformation, Copeland points to the importance of having a clear objective and to communicate that organisation-wide: “It’s incredibly important to know what your North Star is and to make that visible, consumable and accessible to everybody.”</p> <p>For Ann Summers, that North Star was simplification, but the “why?” can also be tailored to each different area of the business so it becomes a constant reminder of why they need to participate in – and be disrupted by – the transformation.</p> <p>The goal was not simply replacing an ESB. It was creating a foundation that would make future integrations easier, reduce dependency on fragile legacy architecture and provide greater flexibility for growth. That objective helped teams navigate difficult periods and maintain focus when challenges emerged, Copeland adds. Technology transformation is rarely about technology alone, with success depending on people, governance, expectations, partnerships and a clear understanding of why the work matters.</p> <p>With a new ESB in place, Ann Summers data and critical business information is more accessible. And the foundations the retailer has built now give it confidence it can play a more proactive role in a fast-changing retail/consumer environment and take on new channels and fresh opportunities as and when they arise.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about retail tech</h3> <ul class="default-list"> <li>Dave’s Hot Chicken provides rare ‘greenfield’ <a href="https://www.computerweekly.com/feature/Hot-property-Azzurri-Groups-chicken-chain-and-the-greenfield-tech-opportunity">tech development opportunity for Azzurri Group</a>, says tech director Jim Hingston, amid rumours of an imminent sale of the US-themed food chain.</li> <li>From continually exploring the potential of artificial intelligence <a href="#_Hlk231823028">potential of artificial intelligence</a> to building and introducing AI-enabled systems for his company, George Graham is leaning into the age of agentic commerce.</li> </ul> </div> </div> </section> Ann Summers’ technology and supply chain director Jeannette Copeland talks through lessons learned during the retailer’s recent ESB overhaul https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Shopping-retail-2-Adobe.jpg https://www.computerweekly.com/feature/Dont-break-the-business-Lessons-from-Ann-Summers-ESB-transformation Fri, 12 Jun 2026 10:19:00 GMT ‘Don’t break the business’: Lessons from Ann Summers’ ESB transformation <p>Frontier AI models such as <a href="https://red.anthropic.com/2026/mythos-preview/" target="_blank" rel="noopener">Anthropic Claude, Mythos</a>, and <a href="https://openai.com/daybreak/" target="_blank" rel="noopener">OpenAI Daybreak</a> fundamentally alter the cybersecurity equation by compressing the time, skill, and scale required to discover and exploit vulnerabilities. A single adversary can now automate reconnaissance, generate exploit variants, analyse source code, weaponise misconfigurations, and adapt phishing or social engineering campaigns at machine speed. For CISOs, the problem is no longer just “AI adoption risk” but the rise of AI-amplified adversaries capable of iterating faster than traditional defense cycles.</p> <section class="section main-article-chapter" data-menu-title="Combating frontier AI model risks and threats"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Combating frontier AI model risks and threats</h2> <p>In this evolving landscape, organisations must address the risks and threats posed by frontier AI models by combining human expertise with AI-assisted defenses and treating security as a continuously adaptive function rather than a periodic exercise. CISOs need to establish new policies, operational procedures, and governance models not only to defend against the misuse of frontier AI but also to strategically leverage these technologies to strengthen the organization’s overall security posture. Let us explore how CISOs can adapt to manage and mitigate the emerging risks associated with frontier AI models.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.computerweekly.com/rms/computerweekly/Mythos-Aryaka-CWSTT-June-2026-800px-h.jpg"> <img data-src="https://www.computerweekly.com/rms/computerweekly/Mythos-Aryaka-CWSTT-June-2026-800px-h_mobile.jpg" class="lazy" data-srcset="https://www.computerweekly.com/rms/computerweekly/Mythos-Aryaka-CWSTT-June-2026-800px-h_mobile.jpg 960w,https://www.computerweekly.com/rms/computerweekly/Mythos-Aryaka-CWSTT-June-2026-800px-h.jpg 1280w" alt="Diagram shows steps to frontier AI risk management." data-credit="Aryaka"> <figcaption> <i class="icon pictures" data-icon="z"></i>The key elements of a strategy to securely combat risks arising from frontier AI models such as Anthropic Claude Mythos. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p><em>Continuous exposure management</em></p> <p>CISOs need to shift from traditional monitoring to continuous exposure management. In the age of AI, quarterly assessments are too slow when AI can continuously analyse attack surfaces. Security teams should prioritise continuous asset discovery, external attack surface management, automated configuration validation, and rapid patch orchestration tailored to AI entities. Equally important is reducing the “blast radius” of inevitable compromise through zero-trust segmentation, least-privilege access, short-lived credentials, and robust identity governance. The assumption should be: <i>if</i> <i>AI</i> <i>can</i> <i>find</i> <i>it, it will eventually be exploited</i>.</p> <p><i>AI-aware defence engineering</i></p> <p>This mechanism reflects the integration of AI-focused threat modeling into the SDLC and infrastructure design. Development pipelines should include AI-assisted code review, secret scanning, dependency risk analysis, and automated policy validation before deployment. Focus on securing high-risk AI infrastructure components, such as APIs, plugins, agents, MCP-style integrations, and AI-connected workflows, which significantly expand the attack surface. Defenders need behavioral analytics to detect abnormal automation patterns, autonomous reconnaissance behavior, and machine-speed lateral movement.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Claude Mythos</h3> <ul style="list-style-type: square;" class="default-list"> <li>Anthropic's Claude Mythos has generated buzz and alarm among CIOs and CISOs, who fear the model could expose vulnerabilities and drive <a href="https://www.techtarget.com/searchcio/feature/Take-a-breath-A-CISOs-Claude-Mythos-advice-for-CIOs" target="_blank" rel="noopener">unprecedented levels of hacking</a>.</li> <li>As AI tools such as Claude Mythos Preview can speed vulnerability discovery for attackers, CIOs are <a href="https://www.techtarget.com/searchcio/feature/ais-cybersecurity-paradox-how-CIOs-can-keep-up-with-change" target="_blank" rel="noopener">automating detection and response to keep pace</a>.</li> <li>Claude Mythos has the potential to enhance global cyber security or undermine it by becoming a weapon <a href="https://www.techtarget.com/healthtechsecurity/news/366643379/Health-ISAC-How-Claude-Mythos-could-impact-healthcare-cybersecurity" target="_blank" rel="noopener">in the hands of threat actors</a>.</li> </ul> </div> </div> <p><i>AI surface governance and reducing breach risk</i></p> <p>CISOs must recognise that AI surface governance and resilience are critical strategic requirements, not compliance exercises. Security policies must govern the use of frontier models, Shadow AI adoption, prompt usage analysis, third-party AI integrations, and agent permissions. CISOs must adopt a shift-left strategy for vulnerability discovery, using the same class of AI-powered tools, i.e., frontier AI models, to uncover the attack surface adversaries could exploit. At the same time, organisations should prepare operationally for AI-enabled breaches: tabletop exercises, AI-red-team simulations, supply-chain compromise scenarios, and incident response plans that assume adversaries can adapt dynamically during an intrusion. The key mindset shift is that frontier AI models are accelerants that reshape the speed, scale, and asymmetry of cyber conflict.</p> <p><i>Rapid response assuming AI speed disclosure</i></p> <p>The window between vulnerability discovery and exploitation is narrowing. CISOs must understand patch and response process needs and assume that a critical vulnerability may be weaponised within 24 hours of disclosure, or even sooner. Relying on slow patch cycles, manual triage, or periodic security reviews is not viable when adversaries can automate reconnaissance, weaponisation, and exploitation at machine speed. The time demands rapid-response security models that include pre-positioned response playbooks, AI-assisted prioritisation, and resilient architectures capable of quickly containing compromise. In practice, CISOs must assume that once a weakness becomes visible, AI-enabled adversaries can rapidly operationalise it before traditional defences can react.</p> <p><i>Reshaping privileged access for AI entities</i></p> <p>We are witnessing the evolution of AI solutions that use active agents to interact with APIs, infrastructure, workflows, and enterprise data. CISOs must reshape the privilege-access model for dynamic AI entities, such as agents. Organszations require tightly scoped, identity-aware, and time-bound access models tailored to the AI entities accessing frontier AI models. This means applying zero-trust principles to AI agents, continuously validating their actions, monitoring behavioral deviations, and enforcing granular controls over which data, systems, and operations they can access. With the advent of frontier AI models and AI agents, privileged access management is no longer just about securing human administrators; it is about governing machine-driven entities operating at scale and speed.</p> </section> <section class="section main-article-chapter" data-menu-title="The need of the hour: CISO mindset shift"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The need of the hour: CISO mindset shift</h2> <p>CISOs' practical line of thought: <i>stop planning for the</i> <i>attacker you knew and start planning for the attacker</i> <i>that</i> <i>frontier models enable</i>. That attacker is faster, more contextually aware, more persistent, and more scalable than anything the security industry has faced. CISOs who adapt most quickly to manage the AI attack surface will lead enterprise security in the frontier-model era. Those who treat this as an incremental update to existing frameworks will find that the gap between their defenses and the threat has quietly become insurmountable. CISOs need to internalise this speed asymmetry before building any response strategy.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more in this series</h3> <ul class="default-list"> <li>John Bruce, Quorum Cyber: <a rel="noopener" target="_blank" href="https://www.computerweekly.com/opinion/Claude-Mythos-forces-the-conversation-on-defensive-AI">Claude Mythos forces the conversation on defensive AI.</a></li> <li>Martin Riley, Bridewell: <a href="https://www.computerweekly.com/opinion/Mythos-is-turning-up-the-heat-on-risk-not-rewriting-the-rules" target="_blank" rel="noopener">Mythos is turning up the heat on risk, not rewriting the rules.</a></li> </ul> </div> </div> </section> The Computer Weekly Security Think Tank considers if Anthropic’s Claude Mythos frontier AI model is a benefit or barrier to achieving resilient enterprise IT security, and how security leaders need to adapt. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Security-Think-Tank-hero.jpg https://www.computerweekly.com/opinion/Frontier-AI-models-could-be-an-adversarys-force-multiplier Fri, 12 Jun 2026 10:02:00 GMT Frontier AI models could be an adversary's force multiplier <p>With Microsoft releasing its <a href="https://www.computerweekly.com/news/366644117/Microsoft-smashes-record-for-biggest-ever-Patch-Tuesday-update" target="_blank" rel="noopener">largest-ever Patch Tuesday update</a> in June, and the continuing debate over the impact of artificial intelligence (AI) and <a href="https://www.computerweekly.com/opinion/Claude-Mythos-forces-the-conversation-on-defensive-AI" target="_blank" rel="noopener">Anthropic’s Claude Mythos model</a>, new analysis from US-based autonomous patch management and endpoint protection experts <a href="https://www.action1.com/" target="_blank" rel="noopener">Action1</a> has warned that vulnerability growth and structural shifts are outrunning the ability of traditional, schedule-driven enterprise patching strategies to keep pace.</p> <p>Action1’s <i>2026 software vulnerability ratings </i>report revealed that in 2025 – well before the debut of <a href="https://www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model" target="_blank" rel="noopener">Claude Mythos</a> – the total number of disclosed vulnerabilities surged by 92% compared with 2024, with critical and elevation of privilege (EoP) vulnerabilities doubling in volume, and remote code execution (RCE) flaws rising by almost 130%.</p> <p>Put more simply, said Action1, the fastest growth is occurring in vulnerability classes that most easily and readily expose businesses to real-world compromises, cyber attacks, data breaches and other forms of disruption.</p> <p>The firm described this as a “warning shot” for enterprise security leaders, pointing to a broader shift in the threat landscape in which threat actors are taking advantage of newly disclosed flaws faster than any human cyber team can remediate them, and shrinking response windows to hours in some cases.</p> <p>“2025 marked a turning point in cyber security operations,” said Jack Bicer, director of vulnerability research at Action1. “Attackers are now using AI and automation to accelerate vulnerability discovery and exploitation faster than most organisations can respond. Many enterprises are still patching on human schedules while attackers operate at machine speed.” </p> <p>Action1’s CEO and co-founder, Alex Vovk, added: “The threat landscape is no longer just bigger – it’s faster, more automated, and harder to detect. Patching speed is no longer simply an IT metric. It’s now a business resilience metric.” </p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The threat landscape is no longer just bigger – it’s faster, more automated, and harder to detect. Patching speed is no longer simply an IT metric. It’s now a business resilience metric </figure> <figcaption> <strong>Alex Vovk, Action 1</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>In short, the report said, those organisations that rely on manual patching processes, infrequent scan cycles, or delayed maintenance windows are now falling behind operationally.</p> <p>The need to introduce continuous vulnerability management and remediation workflows that are capable of reducing exposure windows across the most frequently attacked targets, such as business applications, network infrastructure, operating systems and security tools, is now critical, said Action1.</p> <p>“The volume and speed of the 2025 threat environment make it clear that any process still dependent on human scheduling and manual deployment will fail to keep up. Automation is not just an efficiency improvement. It is a survival requirement,” wrote the report’s authors.</p> <section class="section main-article-chapter" data-menu-title="Next steps for identifying and patching vulnerabilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Next steps for identifying and patching vulnerabilities</h2> <p>The report, <a href="https://www.action1.com/software-vulnerability-ratings-report-2026/" target="_blank" rel="noopener">which can be downloaded in full here</a>, contains a number of recommendations for security leaders.</p> <p>As an immediate first step, Action1 said CISOs and security leaders need to audit how quickly they are patching business-critical software. Delaying patches for business applications and other platforms out of a desire not to be disruptive or inconvenience users is now a measurable business risk. Patching must be aligned with the threat environment in mind, not the convenience of finance, HR or sales teams.</p> <p>Beyond this, the most pressing priority is the need to automate vulnerability management in response, especially in organisations that handle the most sensitive categories of data, such as educational and healthcare bodies, or operators of critical services, such as utilities and power suppliers.</p> <p>In these organisations, the ability to deploy urgent updates automatically and without having to wait for maintenance windows should now be adopted as the standard model, but beyond this, automation should also be pushed across patch testing, verification and deployment.</p> <p>Chief information security officers (CISOs) should prioritise vulnerabilities based on risk to the organisation, taking advantage of known metrics, such as common vulnerability scoring system (CVSS) ratings, or known exploitation to focus their efforts – integrating threat intelligence is key here. And clear metrics for mean time to remediate (MTTR) by severity tier should be made a core benchmark.</p> <p>But this does not mean that low-risk vulnerabilities are necessarily taking a back seat. Indeed, said the report, security leaders should also update vulnerability prioritisation models to account for attack chaining, in which multiple low-severity issues are combined into a more damaging attack, enabling EoP or lateral movement. Patching service level agreements (SLAs) for low-severity flaws needs to be reassessed to see whether current remediation timelines are still appropriate, said Action1.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about patch management</h3> <ul style="list-style-type: square;" class="default-list"> <li>These 12 tools approach patching from different perspectives. Understanding their various approaches can help you <a rel="noopener" target="_blank" href="https://www.techtarget.com/searchenterprisedesktop/tip/12-best-patch-management-software-and-tools">find the right product for your needs</a>.</li> <li>NIST announces big changes to the way it categorises and manages CVEs, which are set to change how organisations manage <a rel="noopener" target="_blank" href="https://www.computerweekly.com/news/366641916/Surging-CVE-disclosures-force-NIST-to-shake-up-workflows">patching and remediation</a>.</li> <li>Timely patch management should be crucial in any organisation, but too often it goes by the wayside. Automating the process may offer a path forward for <a rel="noopener" target="_blank" href="https://www.computerweekly.com/feature/Automated-patch-management-A-proactive-way-to-stay-ahead-of-threats">hard-pressed cyber defenders</a>.</li> </ul> </div> </div> </section> Vulnerability discovery and exploitation was surging dramatically even before Anthropic decided to unleash its frontier Mythos model. As such, an Action1 report finds old approaches to patching are no longer fit for purpose https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/chess-strategy-game-intelligence-1-adobe.jpeg https://www.computerweekly.com/news/366644134/Established-enterprise-patching-models-dead-in-the-water-says-report Thu, 11 Jun 2026 09:00:00 GMT Established enterprise patching models dead in the water, says report <p>The development of artificial intelligence (AI) means that what is new today will inevitably be surpassed in just a few months. Speaking at the <a href="https://www.computerweekly.com/news/366644236/Government-aims-to-make-UK-top-spot-for-open-source-AI">AI Summit in London,</a> air chief marshal Rich Knighton, chief of defence staff, told delegates that even today’s AI models have the capacity and capability to transform warfare. </p> <p>“They can process satellite imagery, open source information, logistics, electronic signatures and battlefield reports at a scale that no human headquarters could replicate,” he said. “They could identify patterns, anomalies and even suggest possible courses of action.”  </p> <p>Knighton believes that AI models can help commanders understand not only what is happening now, but what might happen next: “I don’t think that we need to fast forward five years or even 35 years from today to see how the battlefield of the future will be shaped by AI.”</p> <p>As Knighton noted, there are now a range of AI systems that are starting to <a href="https://www.computerweekly.com/news/366644236/Government-aims-to-make-UK-top-spot-for-open-source-AI">outperform PhD level experts</a> and compete with top-level software engineers. He said the length of time it takes AI to complete tasks autonomously is dramatically reducing: “The frontier is moving incredibly fast and we must be ready to update our assumptions about what AI can do rapidly as it is changing every six months.</p> <p>“We can imagine what this might mean for defence if we can keep pace with the frontier and exploit new models and changes as they are updated every six months or quicker then we will have a clear advantage in the future. </p> <p>Knighton stated that many of today’s AI models already have the potential to accelerate the military decision-making cycle to machine speed, removing what he called “many of the cognitive biases that haunts human decision-making”, adding: “There is both <a href="https://www.computerweekly.com/news/366621215/Military-AI-caught-in-tension-between-speed-and-control">massive risk and huge opportunity</a> even before we think about the ethical questions of the use of AI in warfare.”</p> <p>But he said the UK’s policy remains that humans, not machines, are accountable for decisions, especially when they relate to the application of lethal force. “Defence will continue to ensure that there is a context appropriate human involvement in the development of all AI-enabled systems,” he said.</p> <p>Looking at some of the pilots currently running, Knighton said the Royal Navy has been conducting trials at sea using experimental vessel XV Patrick Blackett. The robotic rigid inflatable boat is equipped with cameras and sensors on board, which feed back data and video to control units and computers on XV Patrick Blackett for analysis. The vessel can be equipped with other sensors and weapons enabling it to be used for intelligence, surveillance and reconnaissance operations with real-time data feeds.</p> <p>“We are using AI to enable fully autonomous navigation and decision-making in un-crewed vessels by fusing sensor data and offering the ability to act without any human input. This is the foundational capability for growing a hybrid navy,” Knighton said. </p> <p>AI is also being used to enhance the effectiveness of military intelligence services to overcome what Knighton describes as “bottlenecked legacy processes and tools”. The result, according to Knighton, is that military analysts have been able to cut identification and response times down from weeks to hours. </p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI in warfare</h3> <ul class="default-list"> <li>In Davos and Washington, <a href="https://www.techtarget.com/searchhrsoftware/news/366566796/In-Davos-and-Washington-AI-warfare-and-AI-skills-are-linked">AI warfare and AI skills</a> are linked: Lawmakers are discussing AI’s effects on national defense and the economy as well as considering ways to develop a workforce that can meet the challenge.</li> <li><a href="https://www.computerweekly.com/news/366639877/AI-chooses-nuclear-escalation-in-95-of-simulated-crises">AI chooses nuclear escalation</a> in 95% of simulated crises: With artificial intelligence increasingly deployed in analysis and decision-making in armed conflict, research shows AI systems will not naturally default to ‘safe’ outcomes in nuclear crises.</li> </ul> </div> </div> AI innovation moves quickly, unlike the speed of innovation in the military. How can AI be used to improve the UK armed forces? https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/power-struggle-battle-fight-Romolo-Tavani-adobe.jpg https://www.computerweekly.com/news/366644104/AI-Summit-London-AIs-role-in-UK-defence Thu, 11 Jun 2026 07:00:00 GMT AI Summit London: AI’s role in UK defence <p>In his speech at the AI Summit in London, Kanishka Narayan, minister for artificial intelligence (AI) and online safety, said the UK government is aiming to make Britain the home for <a href="https://www.techtarget.com/searchapparchitecture/feature/The-industry-is-trying-to-fix-AI-model-licensings-legal-minefield">open source AI developers</a>, to mirror the success of the web.</p> <p>In his speech, Narayan spoke about the need for the UK to determine its own AI strategy. “We have to ask honestly, what is the story that we are being told about AI today? Too often, it is a story of AI inevitability. Britain has never accepted that view of progress. We have rejected technological determinism in favour of agency: the agency of our state, the agency of our communities, the agency of our people,” he told delegates attending the headliner stream at the summit.</p> <p>Referencing the invention of the web, he said: “When Tim Berners-Lee made the World Wide Web open, he did something profound. He <a href="https://www.techtarget.com/searchenterpriseai/feature/Open-source-AI-What-it-means-for-enterprise-innovation">removed barriers to building</a>. He created a platform that anyone could participate in. From the World Wide Web to AlphaFold, Britain has always chosen to open new technologies, not close them down.  </p> <p>“The best AI tools in the world won’t be built behind closed doors by a handful of companies – they’ll be built by people who ship code, share it and let others make it better. We want those people choosing to build here in Britain, and we want them to know that this is a country that backs them to succeed,” Narayan said.</p> <p>The minister used his speech at the AI Summit to speak about the the recent Hack for Impact hackathon and Open Source AI Builder Fund, which he said is worth more than half a million pounds. “If you build something here that can go further, we will not leave you stuck at prototype,” he said.</p> <p>The recently run hackathon, supported by Nvidia, brought together hundreds of open source AI developers from across the UK to build tools tackling challenges across public services and city infrastructure, using open data from the City of London.  </p> <p>Through the Open-Source AI Builder Fund, Narayan said the UK government is providing £500,000 worth of compute – 160,000 GPU-hours (graphics processing unit hours) of processing power – from the UK’s AI Research Resource. The goal is to give projects the AI infrastructure they need to go from prototypes to public AI tools. </p> <p>Along with the funding for open source AI, Narayan said the government’s in-house incubator for AI will offer open source AI developers a mentoring scheme through the AI Builder Mentoring Scheme. This aims to pair hackathon winners with experts from the Incubator for Artificial Intelligence (i.AI), the government’s in-house AI team, to help the best ideas become working public tools.</p> <p>The Department for Science, Innovation and Technology (DSIT) said i.AI has brought in top AI experts from UK universities through an Open Source Fellowship Programme to develop <a href="https://www.techtarget.com/searchenterpriseai/tip/How-open-source-AI-models-benefit-developer-innovation">open source AI tools</a> that improve public services, from education to policing. According to DSIT, the AI Builder Mentoring Scheme goes further, backing Britain to become the world’s go-to destination for open source AI builders.</p> <p>There is also a new Open Source AI Dev Board, which DSIT said gives 10 UK-based developers under the age of 30 a direct line into government so they can influence how AI is used and developed. Chaired by Narayan, the board will convene a series of roundtables over 2026.</p> <p>Narayan said the board will put the developers “directly into the heart of government’s open source AI strategy”.  </p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more open source AI stories</h3> <ul class="default-list"> <li>The benefits of <a href="https://www.computerweekly.com/feature/AI-models-explained-The-benefits-of-open-source-AI-models">open source AI models</a>: In this guide, we explore how to get started with open source AI models and go over how they support your enterprise IT strategy.</li> <li><a href="https://www.computerweekly.com/news/366636231/Digital-Ethics-Summit-2025-open-sourcing-and-assuring-AI">Open sourcing</a> and assuring AI: Industry experts met to discuss the ethical challenges associated with assuring AI systems, and how open source approaches can challenge concentrations of capital and power.</li> </ul> </div> </div> AI minister Kanishka Narayan unveils funding for computer access to support open source developers of artificial intelligence technology https://cdn.ttgtmedia.com/visuals/German/article/application-layers-virtualisation-adobe.jpg https://www.computerweekly.com/news/366644236/Government-aims-to-make-UK-top-spot-for-open-source-AI Thu, 11 Jun 2026 05:23:00 GMT Government aims to make UK top spot for open source AI <p>After three decades in the technology industry, across countries and cultures, I’ve learned that the way people relate to hierarchy has a huge impact on successful delivery. Some cultures treat hierarchy as a gentle suggestion, others treat it like the cockpit of a 1970s jumbo jet – the pilot speaks, everyone else nods, and nobody mentions they thought they saw smoke coming from engine two!</p> <p>Someone once told me there are more plane crashes in cultures where the hierarchy is more “power over” than flat – because the co-pilot is too scared to tell the pilot he made a mistake. This principle (if true) also applies to building software at scale.</p> <p>Because enterprise technology is complex, mistakes will happen – and should be expected to happen. We should be encouraged to talk about the mistakes as a learning exercise, just like the pilots landing a plane.</p> <p>We should build stage-gates and checklists to mitigate all human brains because not one brain can see the whole enterprise, hence top-down/power-over control-style leadership is a disaster. Don’t get me wrong, if a software engineer makes 80% mistakes, then the mistake you have made is hiring the software engineer, but we should expect 20% mistakes within a framework of good design, clear direction and checks from experienced technical leaders.</p> <p>It is well documented that both the healthcare and the airline industry understand that a blame culture in their complex environments drives mistakes underground. So pilots are encouraged to talk about their mistakes on landing, and there is a curiosity in the culture.</p> <section class="section main-article-chapter" data-menu-title="Surgical precision"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Surgical precision </h2> <p>You see surgeons running through a simple checklist before surgery – name (right patient, phew), date of birth (the correct John Smith, phew), left leg (imagine that conversation), etc. These are clever people with decades of training, and it’s almost laughable the level of simplicity at which errors are made.  </p> <p>As <a href="https://en.wikipedia.org/wiki/Atul_Gawande">Atul Gawande, a well-known surgeon, author and Harvard professor</a>, explains: “Even the most expert professionals benefit from checklists.” Gawande separately goes on to say: “The volume and complexity of our knowledge has exceeded our ability to consistently deliver it – correctly, safely or efficiently.”</p> <p>Humans get tunnel vision under pressure – even brain surgeons and pilots – which is the opposite of what we need to solve complex problems. I wonder why these complex industries don’t talk to each other more. Why do power-over leaders in technology think “another kick to the team and this project will speed up”?</p> <p>Why doesn’t technology look to airlines and healthcare more to understand that the pressure, pace and culture are contributing to many of the errors and overruns?</p> <p>I know personally that for every red project I have picked up as head of delivery – and it must be in the hundreds at this point – someone deep in the tech team knew six months before. But they were too unsure or too scared to say – often their thoughts are only half-formed due to the pace and complexity. It’s shards of light in the darkness – it’s not complete enough to stick your hand up. No one will tell the big, scary exec their fears in a culture that requires performative confidence and fast-paced cleverness, so everyone is smiling and nodding in update meetings.</p> <p>Why is “I am not sure, but something’s not right” from the mouth of a skilled professional batted into the long grass with an assumption that you need to be loud and confident before you put your hand up – by which time the problem has compounded, and the project has drifted further into the red?</p> <p>Experienced ears will probe and listen for patterns of concern, which are faint signals, often verbally communicated in a culture of high trust and psychological safety. These experienced ears catch risk early and follow up with data that leads to certainty.</p> <p>It takes all my mentoring and coaching to push against the culture and get that skilled professional to feel safe enough to tell me what their hunch is in these scenarios. It’s my listening skills that are at the forefront.</p> <p>Hunches are good in complexity because you can move fast with them and follow them up with risk patterns from your experience, or call on a trusted professional to double-check. Your professional will do an analysis and produce data to prove or disprove your hunch. Prepare to be wrong and try again – maybe it’s design, maybe it’s testing, maybe it’s the data – go get the skilled professionals and listen and observe, patterns will emerge.</p> <p>Hunches are talked about in a respectful way with experienced technology leaders in a flat hierarchy which sees leadership as one of the many professions, gets you to the problems and, in turn, through collaborative conversation, gets you to specifics which help you solve problems.  </p> <p>Once we find the problem, we usually find two more, as <a href="https://en.wikipedia.org/wiki/James_Reason">James Reason writes in his book, <em>Human Error</em></a>: “In complex systems, failures are a result of latent conditions and active failures lining up.”</p> </section> <section class="section main-article-chapter" data-menu-title="Error loop"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Error loop</h2> <p>In my experience, what you discover is a scenario that shows multiple failures that point back to things that happened way before. For example, high errors in testing are often faulty design decisions. If you just fix the individual test without tracing it right back, you get stuck in a loop of fix something/break something else. Hence the need for some reflective thinking and lessons learnt – but that’s another story for another day!</p> <p>Once we have identified our latent faults and current problems, we can then apply competency, methods, checkpoints and experience to dig our way out. The emotionally intelligent client-facing “no” is often a guiding light, too.</p> <p>We need to create trust with our clients by leading conversations about correct methods of, say, design, while simultaneously creating a valuable commodity for our team – time to think. Pushing back on well-intentioned client requests – like a rushed design – is part of our job as technology leaders; we are selling an intelligent “yes” and “no” in equal measure.</p> <p>Meanwhile, millions of pounds are being screamed about, and the lawyer is reaching for the pen. Tech leadership requires courage, resilience, calm and the role modelling of well-managed uncertainty; these behaviours are hugely important. That’s your job as a leader – find clever people and create good behaviours. Don’t be the cleverest person in the room with a fragile ego, shouting for the screwdriver so you can fix all the problems.</p> <p>When complex tech goes wrong, culture is often the context that lets latent errors click into failure, and that’s a leadership problem.</p> <hr> <div class="imagecaption alignLeft"></div> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/computerweekly/Megan-Owen-Megan-and-Partners-140x180px.jpg" alt="Photo of Megan Owen"> </div> <p><em>Megan Owen</em><i> has over 30 years of experience in the IT services industry, the most recent two positions as a C-suite leader and board member of financial services technology firms. She was chief delivery officer at SS&C, global chief operating officer at Bravura Solutions, and prior to that, she held leadership positions at Dell, Sopra Steria and Capgemini. She now offers consulting, coaching and advice to the technology industry through her own company, Megan and Partners.</i></p> </section> IT professionals should feel free to speak up about things that are going wrong, which might require a culture change https://cdn.ttgtmedia.com/visuals/German/HERO-Gefahr-mimi-yellow-warning-triangle-Adobe-01.jpg https://www.computerweekly.com/opinion/Why-culture-matters-more-than-you-think-when-complex-tech-goes-wrong Thu, 11 Jun 2026 04:27:00 GMT Why culture matters more than you think when complex tech goes wrong <p>The UK’s <a href="https://ico.org.uk/" target="_blank" rel="noopener">information commissioner</a>, John Edwards, has been temporarily stripped of his responsibilities in the wake of a workplace investigation into as-yet undisclosed allegations.</p> <p>Edwards initially stepped back from his day-to-day role at the Information Commissioner’s Office (ICO) at the end of February 2026, and according to the regulator, an independent probe has now found that although there is no finding of any wrongdoing, there is a case to answer.</p> <p>As such, said the ICO, although he has continued to receive updates from his support team and was available if required, Edwards can no longer act in fulfilling his role for the remainder of the process.</p> <p>“Throughout this complex and unprecedented situation, our priority has been to provide a safe and supportive environment for our staff that enables them to carry out their important regulatory work,” said ICO chief executive Paul Arnold. “I’ve been enormously proud of the professional way in which our work has continued across the past months, and the steps we have taken today will ensure that continues to happen.”</p> <p>Under the ICO’s Scheme of Delegation, Arnold will temporarily take on Edwards’ non-delegable responsibilities, but given the commissioner is accountable to Parliament and not directly employed by the ICO, the next steps in the process will now be determined by the Department for Science, Innovation and Technology (DSIT), said the data and privacy watchdog.</p> <p>Computer Weekly understands Arnold has also been designated as temporary acting accounting officer for the ICO. In all other regards, the regulator said, the board, chief exec and executive team are continuing to lead the body to ensure continuity in its core work.</p> <p><a href="https://www.politico.eu/article/uk-watchdog-lead-draws-200000-salary-for-no-work-john-edwards/" target="_blank" rel="noopener">According to <i>Politico</i></a>, which was first to break the story <a href="https://www.politico.eu/article/head-of-uk-data-watchdog-voluntary-steps-aside-amid-hr-probe-john-edwards/" target="_blank" rel="noopener">back in April</a>, Edwards has returned to New Zealand at this time, although he continues to draw his £200,000 annual salary, which exceeds that paid to the prime minister.</p> <p>Based on information obtained under the Freedom of Information Act (FoIA), <i>Politico</i> said ICO staffers were initially kept in the dark and told the commissioner was on an extended leave of absence, which it said appeared somewhat at odds with the office’s wider commitment to public transparency.</p> <p><a href="https://www.linkedin.com/feed/update/urn:li:activity:7453709974826020864/" target="_blank" rel="noopener">In a LinkedIn post</a>, Edwards said he was “fully cooperating” with the investigation.</p> <p>An information law specialist with 20 years of practice experience, Edwards was named the UK’s new information commissioner by Westminster <a href="https://www.computerweekly.com/news/252505879/NZ-privacy-lead-John-Edwards-named-new-information-commissioner" target="_blank" rel="noopener">in August 2021</a>, succeeding the outgoing Elizabeth Denham – whose term in office had previously been extended during the Covid-19 pandemic.</p> <p>Hailing originally from New Zealand, Edwards previously served as the Kiwi privacy commissioner from 2014 to 2021, and was also chairman of the Global Privacy Assembly from 2014 to 2017.</p> <p>He took up the role as the work of the ICO became increasingly publicly visible after the introduction of the General Data Protection Regulation (GDPR) and as the sudden rapid digitisation of daily life brought about by the pandemic threw data privacy issues into stark relief.</p> <p>More recently, Edwards has overseen the office’s response to the growth of artificial intelligence (AI), <a href="https://www.computerweekly.com/news/366625476/UK-ICO-publishes-AI-and-biometrics-strategy" target="_blank" rel="noopener">last year launching a strategy</a> covering areas such as the use of automated decision-making (ADM) systems and <a href="https://www.computerweekly.com/news/366630181/ICO-publishes-summary-of-police-facial-recognition-audit" target="_blank" rel="noopener">the use of facial recognition by law enforcement</a>, among other things.</p> <p>The ICO said that to protect the parties involved and maintain the integrity of the process, it was unable to provide any further details on the matter at this stage.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the ICO’s work</h3> <ul class="default-list"> <li>The ICO has levied a reduced fine on South Staffordshire Water following cyber improvements in the wake of <a href="https://www.computerweekly.com/news/366642957/ICO-fines-Cl0p-victim-South-Staffs-Water-over-data-breach" target="_blank" rel="noopener">a Cl0p ransomware attack</a>.</li> <li>The UK Information Commissioner’s Office has won an important appeal relating to data protection obligations arising from a 2017-18 cyber attack <a href="https://www.computerweekly.com/news/366639299/ICO-wins-appeal-over-data-protection-obligations-in-Currys-cyber-attack" target="_blank" rel="noopener">at electronics retailer Currys PC World</a>.</li> <li>Outsourcing giant Capita hit with £14m fine over 2023 cyber attack, but costs could rise <a href="https://www.computerweekly.com/news/366632591/ICO-fines-Capita-14m-after-ransomware-caused-major-data-breach" target="_blank" rel="noopener">as legal actions continue</a>.</li> </ul> </div> </div> The UK’s information commissioner John Edwards has been temporarily stripped of his responsibilities in the wake of a workplace investigation https://cdn.ttgtmedia.com/visuals/LeMagIT/hero_article/security-threat-cyber-attack-1-adobe.jpeg https://www.computerweekly.com/news/366644121/ICO-strips-commissioner-Edwards-of-responsibilities-in-HR-inquiry Wed, 10 Jun 2026 12:41:00 GMT ICO strips commissioner Edwards of responsibilities in HR inquiry <p>The Competition and Markets Authority’s (CMA) decision to <a href="https://www.computerweekly.com/news/366640828/CMA-to-launch-strategic-market-status-investigation-into-Microsoft-Amazon-Web-Services-off-the-hook">open a Strategic Market Status (SMS) investigation</a> into Microsoft’s <a href="https://www.computerweekly.com/resources/Software-as-a-Service-SaaS">business software ecosystem</a> marks a defining moment for the UK digital economy.</p> <p>Designating Microsoft with SMS under the Digital Markets, Competition and Consumers Act is a legal and economic necessity. Only last week, Microsoft announced a “bring your own licence” scheme for AWS’s relational database service. This ended a practice where, for many years, users had to “double pay” for licensing if they wanted to use a fully-managed database service on a rival cloud.</p> <p>This kind of concession, made ahead of the CMA’s investigation, is a classic. For too long, Microsoft has used the tactic of making small and immaterial concessions to delay, narrow, or diminish regulatory processes while continuing to harm consumers, competitors, and the wider industry. Its legacy licensing models have enforced artificial <a href="https://www.computerweekly.com/news/366642583/Microsoft-explains-value-of-E7-usage-based-pricing">pricing</a>and functionality asymmetries for years. The UK cannot afford to mistake token adjustments for meaningful reform.</p> <p>At the Open Cloud Coalition – a group of almost 30 Cloud businesses from across the UK and Europe – we see four clear tests for the success of the CMA’s investigation.</p> <p>These are:</p> <p><strong>Enforceable remedies, not voluntary commitments. U</strong>ltimately, the success of this intervention hinges entirely on the CMA resisting the temptation of a box-ticking exercise. This cannot conclude with perfunctory compliance or empty, voluntary corporate pledges. Historically, tech giants under scrutiny deploy a well-rehearsed playbook that circumvents regulators by re-packaging bundles and introducing superficial tweaks to preserve the underlying commercial harm. Only legally binding, enforceable remedies will restore genuine market contestability.</p> <p><strong>Pricing parity and functional equivalence</strong>. Enforceable remedies must mandate absolute pricing parity and remove any artificial discounts or licensing architectures that make running workloads on Azure systematically cheaper than on a rival. These remedies must also guarantee functional equivalence to ensure Microsoft’s competitors receive the same level of performance, security, interoperability, and system support as <a href="https://www.computerweekly.com/news/366641533/Azure-customers-up-in-arms-over-full-UK-South-region">Azure</a>, without any degradation or delay.</p> <p><strong>Maintain the full scope of the investigation</strong>. The CMA must maintain the full breadth of its proposed scope and ensure its interventions are future proofed. Microsoft’s software-to-cloud leveraging is actively expanding into next-generation enterprise workflows. By embedding Copilot and agent-based AI functionalities into its dominant identity and productivity layers, customers are locked into a single, self-reinforcing commercial stack. If the CMA fails to extend its remedies to enterprise AI now, today’s cloud distortions will permanently anchor tomorrow’s AI monopolies.</p> <p><strong>Finally, the CMA must</strong> <strong>move at pace</strong> to develop remedies in parallel with the investigation rather than waiting until 2027. Digital markets move too rapidly for protracted bureaucracy.</p> <p>In fast-moving digital markets, delayed regulation is failed regulation. The UK's new digital regime was built specifically to bypass traditional, sluggish anti-trust frameworks. The CMA must now wield these powers decisively to secure a vibrant, open, and resilient cloud and AI ecosystem - judging success not by formal corporate compliance, but by real-world outcomes that enable genuine customer choice.</p> <p><em>Nicky Stewart is senior advisor to the Open Cloud Coalition.</em></p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the CMA </h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/opinion/Why-the-CMA-must-act-now-on-cloud-before-the-UK-loses-its-digital-future">Why the CMA must act now on cloud before the UK loses its digital future</a>. The UK competition watchdog is prevaricating over tackling the dominance of AWS and Microsoft in the cloud market - it needs to enforce change soon or UK businesses will suffer.</li> <li><a href="https://www.computerweekly.com/news/366640828/CMA-to-launch-strategic-market-status-investigation-into-Microsoft-Amazon-Web-Services-off-the-hook">CMA to launch strategic market status investigation into Microsoft; Amazon Web Services off the hook</a>. CMA to investigate whether Microsoft should be given strategic market status. Amazon escaped, but both companies will need to make changes to egress fees and interoperability.</li> </ul> </div> </div> <p></p> Big tech companies often find ways out of regulatory directives, so the CMA must come up with enforceable commitments, across the whole investigation, and quickly https://cdn.ttgtmedia.com/visuals/German/article/acquisition-monopoly-adobe.jpg https://www.computerweekly.com/opinion/The-UK-cannot-afford-a-box-ticking-solution-to-cloud-dominance Wed, 10 Jun 2026 12:07:00 GMT The UK cannot afford a box-ticking solution to cloud dominance <p>Anthropic’s Claude Mythos has quickly become the latest <a href="https://www.techtarget.com/searchcio/feature/Take-a-breath-A-CISOs-Claude-Mythos-advice-for-CIOs" target="_blank" rel="noopener">flashpoint in the AI security debate</a>: a supposedly gated frontier model whose capabilities raise questions about whether it represents a step-change risk to enterprise security, or simply the next iteration of an already visible trend.</p> <p>The reality sits somewhere in between.</p> <p>On one hand, the decision to restrict access to a model signals that capability thresholds are being crossed. Frontier models are now demonstrably capable of complex reasoning, code analysis and multi-step problem solving at a level that demands caution. That alone should prompt CISOs to pay attention.</p> <p>But the underlying techniques driving this concern are not new. Multi-agent AI systems, where specialised models collaborate to map targets, analyse vulnerabilities, and validate findings, are already in use today. The industry has moved beyond single-model experimentation into orchestrated pipelines that produce meaningful, and in some cases high-severity, security outcomes. In that sense, Mythos is less a breakthrough and more a marker of direction.</p> <p>Where this becomes material is in vulnerability discovery and exploitation. AI is compressing the time between identifying a weakness and weaponising it. Tasks that once required days of expert effort, such as analysing cryptographic implementations or building proof-of-concept exploits, can now be accelerated dramatically. <a href="https://www.computerweekly.com/news/366642503/AI-is-widening-the-asymmetry-between-attackers-and-defenders" target="_blank" rel="noopener">The barrier to entry is lowering for both defenders and attackers</a>, impacting the economics of vulnerability research.</p> <p>For UK organisations, this has immediate implications. Software supply chain risk moves firmly back into focus. Most organisations have made progress in cataloguing their assets and dependencies, but visibility alone is no longer sufficient. The ability to continuously interrogate those assets for weakness and prioritise remediation based on business impact becomes critical.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Claude Mythos</h3> <ul style="list-style-type: square;" class="default-list"> <li>Anthropic's Claude Mythos has generated buzz and alarm among CIOs and CISOs, who fear the model could expose vulnerabilities and drive <a rel="noopener" target="_blank" href="https://www.techtarget.com/searchcio/feature/Take-a-breath-A-CISOs-Claude-Mythos-advice-for-CIOs">unprecedented levels of hacking</a>.</li> <li>As AI tools such as Claude Mythos Preview can speed vulnerability discovery for attackers, CIOs are <a rel="noopener" target="_blank" href="https://www.techtarget.com/searchcio/feature/ais-cybersecurity-paradox-how-CIOs-can-keep-up-with-change">automating detection and response to keep pace</a>.</li> <li>Claude Mythos has the potential to enhance global cyber security or undermine it by becoming a weapon <a rel="noopener" target="_blank" href="https://www.techtarget.com/healthtechsecurity/news/366643379/Health-ISAC-How-Claude-Mythos-could-impact-healthcare-cybersecurity">in the hands of threat actors</a>.</li> </ul> </div> </div> <p>This is where Continuous Threat Exposure Management (CTEM) comes into play. Strong asset visibility, enriched with business context, allows organisations to understand not just what is vulnerable, but what truly matters. CTEM extends beyond infrastructure into CI/CD pipelines and DevOps practices, ensuring application-layer vulnerabilities are assessed alongside traditional IT risks. Without this joined-up view, organisations risk misallocating resources while high-impact exposures remain unaddressed.</p> <p>At the same time, the fundamentals of security operations are becoming more important. There is no “silver bullet” emerging from AI. Organisations that already struggle with patching and vulnerability management will feel the pressure most acutely as exploit timelines shrink. The speed at which known vulnerabilities are remediated becomes a defining factor in resilience.</p> <p>Detection and response must also evolve. AI-driven attack paths are increasingly multi-stage and adaptive, requiring organisations to invest in anomaly-based detection and deeper telemetry across networks and endpoints. However, technology alone is not enough. The ability to respond decisively in the early stages of an incident remains critical, as poor coordination and delayed decision-making can quickly outweigh even the most advanced technical capabilities.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more in this series</h3> <p>John Bruce, Quorum Cyber: <a href="https://www.computerweekly.com/opinion/Claude-Mythos-forces-the-conversation-on-defensive-AI" target="_blank" rel="noopener">Claude Mythos forces the conversation on defensive AI.</a></p> </div> </div> <p>Looking ahead, these AI-driven pipelines will only become more sophisticated and accessible. Even if the most advanced models remain restricted, the techniques will continue to diffuse across the ecosystem as baseline model capabilities improve.</p> <p>The takeaway for CISOs is that Mythos signals that the operating environment has already changed. Organisations do not need access to frontier models to respond. They need to strengthen what they should already be doing as well as maintain continuous visibility of their assets, integrate AI into existing security workflows, improve patching and remediation speed, and rigorously rehearse incident response.</p> <p>In an AI-accelerated threat landscape, resilience will not come from chasing the latest model. It will come from executing the fundamentals, faster and better than before.</p> <p><em>Martin Riley is CTO at <a href="https://www.bridewell.com/uk" target="_blank" rel="noopener">Bridewell</a>, a managed security services provider.</em></p> The Computer Weekly Security Think Tank considers if Anthropic’s Claude Mythos frontier AI model is a benefit or barrier to achieving resilient enterprise IT security, and how security leaders need to adapt. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Security-Think-Tank-hero.jpg https://www.computerweekly.com/opinion/Mythos-is-turning-up-the-heat-on-risk-not-rewriting-the-rules Wed, 10 Jun 2026 11:49:00 GMT Mythos is turning up the heat on risk, not rewriting the rules <p>Europe’s debate over <a href="https://www.computerweekly.com/news/366642487/Cloud-and-data-sovereignty-caught-in-a-paradox">cloud sovereignty</a> has moved from ideology to engineering. The question is no longer whether organisations should control their data and artificial intelligence (AI) workloads, but whether their governments have built the frameworks that make such control possible in practice.</p> <p>The answer, according to <a href="https://www.linkedin.com/in/martin-merz-ba804280/">Martin Merz, president of Sovereign Cloud at SAP</a>, depends entirely on where you are.</p> <p>“It starts with each and every country,” Merz told Computer Weekly at <a href="https://www.computerweekly.com/news/366643794/Sapphire-2026-SAP-executives-admit-route-change-on-high-road-to-business-AI">SAP Sapphire Europe</a> in Madrid. “They have their own regulations, their own national security requirements, and I think that needs to be honoured.”</p> <p>He understands the frustration that comes with this reality. European politicians, he said, regularly point out that 450 million citizens and a combined budget of comparable scale to the US should make Europe a formidable force. But the US is one country. Europe is not, and its cloud sovereignty landscape reflects that.</p> <p>For SAP, sovereignty is not a single property but a stack of four distinct obligations: data sovereignty, which requires that data and metadata remain within the country or region; operational sovereignty, meaning that only individuals with the appropriate nationality and security clearances handle that data; technical sovereignty, including an in-country control plane rather than a centralised one; and legal sovereignty, ensuring that the applicable regulatory framework is the one the customer and government actually signed off on.</p> <p>Sovereign cloud, in SAP’s definition, is not a configuration choice. It is a compliance state. “Either it’s sovereign, or it’s not sovereign. You can’t have it halfway,” said Merz.</p> <p>That positioning sounds straightforward. The European reality is considerably messier.</p> <section class="section main-article-chapter" data-menu-title="Different speeds, different distances"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Different speeds, different distances</h2> <p>France and Germany have each moved beyond policy aspiration, though they are at different stages of maturity. France built its sovereign cloud framework around SecNumCloud, the certification standard maintained by cyber security agency ANSSI that sets strict requirements for data isolation, operational control and legal sovereignty.</p> <p>In March 2026, SAP launched its sovereign cloud offering in France on the Bleu platform, a joint venture between Orange and Capgemini that runs Microsoft Azure technology under French ownership and is working towards full SecNumCloud qualification.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> [Cloud sovereignty] starts with each and every country. They have their own regulations, their own national security requirements, and I think that needs to be honoured </figure> <figcaption> <strong>Martin Merz, SAP</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Germany’s Delos Cloud, an SAP subsidiary operating Microsoft Azure infrastructure under active oversight of the German Federal Office for Information Security (BSI), launched for productive use in early 2026. The platform is designed specifically for Germany’s public sector and meets the cloud platform requirements set by the BSI, which also monitors and controls outgoing telemetry.</p> <p>Merz confirmed he met with Germany’s digital minister, Carsten Wildberger, two weeks before Sapphire to work through sovereign deployment requirements. Both countries have defined architectures and active deployments. The frameworks exist, and public sector organisations are running on them.</p> <p>The Netherlands is not at that stage. The country has been active in European sovereignty discussions, most visibly through a non-paper adopted by the Dutch Council of Ministers calling for stronger cloud sovereignty frameworks for public administrations.</p> <p>But the document is telling in what it does not do: rather than setting out a Dutch national framework, it asks Brussels to define one. The Netherlands, it argues, believes the definition and criteria for cloud sovereignty are best established within the proposed EU Cloud and AI Development Act.</p> <p>A January 2025 report by the Netherlands Court of Audit <a href="https://english.rekenkamer.nl/documents/2025/01/15/dutch-central-government-in-the-cloud">found that</a> two-thirds of government cloud services examined had not completed a mandatory risk assessment, leaving digital sovereignty and data protection inadequately assured. The findings echoed concerns <a href="https://www.computerweekly.com/news/366626105/Dutch-cloud-pioneers-face-the-hard-limits-of-digital-sovereignty">reported by Computer Weekly</a> in June 2025, when independent experts warned that <a href="https://www.computerweekly.com/news/366626105/Dutch-cloud-pioneers-face-the-hard-limits-of-digital-sovereignty">Dutch sovereign cloud initiatives remain too fragmented</a> to serve critical infrastructure at scale.</p> <p>The court’s vice-president warned bluntly that foreign governments, including the US, could potentially access or modify information held on Dutch government systems.</p> <p>When asked directly whether any Dutch critical infrastructure operator is currently running on SAP sovereign infrastructure at a comparable level to deployments in France or Germany, Merz was notably cautious. “We work with the Netherlands,” he said. He did not name a certified deployment.</p> <p>That gap matters because the stakes are not abstract. The Netherlands is home to some of Europe’s most strategically significant critical infrastructure, and organisations across those sectors have already made significant investments in cloud enterprise resource planning (ERP).</p> <p>The question of what sovereign protection those deployments carry is one that regulators, boards and procurement teams across the Dutch public and regulated private sector will need to answer.</p> </section> <section class="section main-article-chapter" data-menu-title="The hyperscaler paradox"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The hyperscaler paradox</h2> <p>One reason the conversation is complicated is that SAP’s sovereign cloud offering does not resolve neatly into a simple alternative to hyperscale infrastructure. SAP offers sovereign deployments on Amazon Web Services (AWS), on Microsoft Azure via partnerships such as Delos, on its own cloud infrastructure, and on-premise for customers such as intelligence agencies that require data to stay within their own facilities.</p> <p>Which option is sovereign depends entirely on what the relevant regional cyber security agency has approved.</p> <p>“If AWS is approved by the cyber security agency, then it’s sovereign for us,” said Merz. Some military customers in Europe, he noted, are comfortable running sovereign workloads on AWS provided the regulatory sign-off is in place. Others are not. The result is that sovereignty is defined not by the underlying infrastructure but by a compliance status that varies by sector, by nation, and by the specific requirements of each organisation.</p> <p>“There are customers for whom none of these options is valid,” Merz acknowledged. “They want it solely in their own datacentre. Only then is it sovereign for them.”</p> <p>That compliance question does not stop at the infrastructure layer. As SAP pushes its Autonomous Enterprise vision, the governance of AI agents introduces a parallel accountability gap that organisations in regulated sectors cannot afford to ignore.</p> <p><a href="https://www.linkedin.com/in/philipp-herzig/?locale=en">SAP’s chief technology officer, Philipp Herzig,</a> addressed this directly in a media roundtable at Sapphire. When an autonomous agent makes a wrong call, he said, accountability does not sit with SAP alone. “At the end of the day, that’s a shared responsibility,” Herzig said.</p> <p>AI governance, he explained, sits primarily with the customer, through the AI Agent Hub, where IT departments set the policies, architecture and boundary conditions that govern what agents can and cannot do.</p> <p>For organisations in regulated sectors, that governance layer is not optional, and it has to be designed before AI is switched on.</p> </section> <section class="section main-article-chapter" data-menu-title="An industrial speed bump"> <h2 class="section-title"><i class="icon" data-icon="1"></i>An industrial speed bump</h2> <p>The operational consequences of Europe’s fragmented sovereignty landscape are visible at the company level.</p> <p>Damen Shipyards, the Dutch maritime group that builds vessels for navies and commercial operators across more than 20 countries, has spent several years consolidating around 80% of its entities onto a single SAP S/4Hana Cloud platform via Rise with SAP. The roll-out is largely complete, and the focus has shifted to unlocking AI value across finance, procurement, supply chain and project management.</p> <p>Han Coenraad, who oversees the SAP programme at Damen, described genuine enthusiasm for the direction, particularly around SAP Joule. “Young professionals are using it, and the acceleration they get from it is really something to see,” he said.</p> <p>But Damen Naval, the division that designs and builds warships for European defence ministries, remains on an on-premise SAP instance. Defence compliance rules require personnel to be screened by Dutch intelligence services in first- and second-line support, a standard that current cloud deployment models do not yet structurally accommodate.</p> <p>“We see internally already a difference in adoption speed developing,” said Coenraad. “And that is not what we want.”</p> <p>His colleague Kenny van Sleuwen, system architect for ERP, sees SAP Sovereign Cloud as a potential route to bringing both environments onto a common platform, and expects Dutch defence to follow Germany and France in formalising such requirements. But until that framework exists, the gap remains.</p> <p>That is not a technology problem. It is a policy problem.</p> </section> <section class="section main-article-chapter" data-menu-title="The pragmatism trap"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The pragmatism trap</h2> <p>Merz is not without sympathy for the difficulty of European convergence. He acknowledged that the US operates as a single regulatory market, while Europe is attempting to coordinate sovereign cloud standards across member states with different legal traditions, different national security agencies and different threat assessments.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The most successful countries and customers are those who start in a pragmatic way. Fulfil the requirements but stay open for new technology </figure> <figcaption> <strong>Martin Merz, SAP</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>His prescription is pragmatism. “The most successful countries and customers are those who start in a pragmatic way,” he said. “Fulfil the requirements but stay open for new technology.”</p> <p>The challenge with pragmatism as a long-term strategy is that it tends to lock in the advantages of those who moved earliest. France and Germany have invested heavily in building sovereign cloud infrastructure that meets their own standards. Organisations in those countries, including defence contractors and critical infrastructure operators, can adopt cloud and AI at a pace that regulators have approved. The Netherlands is still building the framework that would allow equivalent certifications to take place.</p> <p>Merz said he would welcome one regulation for the whole of Europe. He was not optimistic about the timeline. For Dutch organisations that cannot wait for convergence, the practical questions are what sovereign cloud looks like under the current Dutch framework, whether that framework is developing fast enough, and what the cost of the delay is in terms of AI adoption that the most regulated and strategically significant sectors cannot yet pursue.</p> <p>Those are questions that SAP’s engineering teams cannot answer. They are questions for The Hague.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Dutch digital independence</h3> <ul class="default-list"> <li>Dutch politicians raise concerns over <a href="https://www.computerweekly.com/news/366616381/Dutch-politicians-raise-concerns-over-Big-Tech-reliance">Big Tech reliance</a>.</li> <li>The Netherlands starts <a href="https://www.computerweekly.com/news/366558412/Netherlands-starts-building-its-own-AI-language-model">building its own AI language model</a>.</li> <li>Dutch universities have found themselves <a href="https://www.computerweekly.com/news/366623843/Dutch-universities-call-for-reduced-dependence-on-Big-Tech">in the grip of American tech giants</a>.</li> </ul> </div> </div> </section> France has an established sovereign cloud framework and Germany launched one earlier this year, whereas the Netherlands is still just building its policy foundation https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Europe-map-adobe.jpeg https://www.computerweekly.com/news/366644008/Dutch-critical-infrastructure-lags-Europes-cloud-sovereignty-divide-SAP-executive-warns Wed, 10 Jun 2026 11:46:00 GMT Dutch critical infrastructure lags Europe’s cloud sovereignty divide, SAP executive warns <p>Drawing an analogy with the pleasing aesthetics of St Pancras and King’s Cross railway stations, the <a href="https://www.computerweekly.com/news/366642254/Science-Innovation-and-Technology-committee-chair-questions-UKs-tech-sovereignty-approach">UK government’s minister for artificial intelligence and online safety</a>, Kanishka Narayan MP, used his presentation at this week’s <a href="https://london.theaisummit.com/">AI Summit</a>, part of <a href="https://www.computerweekly.com/news/366625836/London-Tech-Week-More-funding-fellowships-and-skills">London Tech Week</a>, to encourage datacentre builds that people can be proud of.</p> <p>“Our industrial legacy is written into the British landscape,” he said. “Infrastructure shapes how people feel about the places they live in. Those of you who have the misfortune of arriving here via Euston Station would appreciate this truth.”</p> <p>Narayan pointed out that St Pancras was built for the railway age – to move people, goods and opportunity across the country. “But it was also built with civic ambition and enhanced London and embodied the ambition of our communities,” he said.</p> <p>In contrast, Narayan described Euston as “a functional, but frankly bland and ugly building” – a symbol of what happens when architects forget the civic purpose of infrastructure.</p> <p>“<a href="https://www.computerweekly.com/feature/Meeting-the-UKs-compute-capacity-needs-Alternatives-to-hyperscale-datacentre-builds">Datacentres are the new railway stations</a>, power stations, telephone exchanges of the intelligence economy,” he said. “They will power the models, the services, the business and public tools that will define the next industrial revolution. They are also set in real places, near real communities.”</p> <p>Rather than being buildings that communities tolerate or put up with, Narayan called for datacentres’ build design to be something people can be proud of.</p> <p>Narayan used his speech to announce the RIBA x DSIT Data Centre Design Challenge, a government-backed design competition run by the Department for Science Innovation and Technology (DSIT) and the Royal Institute of British Architects (RIBA) that seeks to ensure that as datacentres grow, they deliver for the communities around them too.  </p> <p>The idea is to encourage collaboration between architects, designers, engineers and communities to raise the bar on high-quality design, meaningful public engagement and sustainable environmental outcomes, which, according to DSIT, will reimagine datacentres not just as critical national infrastructure, but as places of genuine civic value.</p> <p>He said the competition aims to raise the bar of datacentre design and is the first government-backed competition where architects, designers and engineers are being asked to design datacentres “with meaningful public engagement, strong environmental outcomes and genuine civic value”.</p> <p>He added: “If a community is helping power the AI age, it should be able to see that contribution with pride.”</p> <section class="section main-article-chapter" data-menu-title="AI that works for workers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI that works for workers</h2> <p>Along with the datacentre design competition, the UK government is also encouraging a more pro-work approach to AI deployment.</p> <p>During his speech at the AI Summit, Narayan said the government is launching a <a href="https://www.gov.uk/guidance/pro-worker-ai-adoption-prize-how-to-nominate">Pro-Worker AI Adoption Prize</a>, which he said would celebrate organisations adopting pro-worker AI, encouraging other firms to follow their lead.</p> <p>“We want businesses, workers, unions and investors to nominate organisations at the cutting edge of <a href="https://www.techtarget.com/searchenterpriseai/tip/How-businesses-can-get-ahead-of-potential-AI-deskilling">pro-worker AI adoption</a> – not just adopting AI, but using AI to create new products, new jobs and new tasks in a way that boosts the demand for human expertise,” he said.</p> <p>The top 50 organisations nominated will be shortlisted by an expert panel of judges, chaired by the Nobel Memorial Prize-winning economist Simon Johnson.</p> <p>“Business cases of pro-worker AI adoption will be written up and taught in leading UK business schools so the next generation of people in this country look at pro-worker AI adoption too,” Narayan added.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about datacentre developments</h3> <ul class="default-list"> <li>The <a href="https://www.computerweekly.com/feature/The-great-datacentre-backlash-The-campaigners">great datacentre backlash – the campaigners</a>: In part one of a series looking at attitudes to datacentres, we look at the organisations that oppose new builds.</li> <li>Could an environmental legal challenge derail UK government’s <a href="https://www.computerweekly.com/news/366630427/Could-an-environmental-legal-challenge-derail-governments-fast-track-datacentre-builds">fast-tracked datacentre builds?</a> The government is under fire after details emerged that it waved through three large-scale datacentre planning applications without conducting an environmental impact assessment first.</li> </ul> </div> </div> </section> Speaking at the AI Summit in London, Kanishka Narayan launches a competition to encourage UK datacentre designs people can be proud of https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/architect-building-design-blueprint-NanoStockk-getty-RF-hero.jpg https://www.computerweekly.com/news/366644212/UK-minister-of-AI-calls-for-more-attractive-datacentre-builds Wed, 10 Jun 2026 09:52:00 GMT UK minister for AI calls for more attractive datacentre builds <p>At London Tech Week, deputy prime minister David Lammy announced the advent of artificial intelligence (AI) legal assistants for use in Crown Court cases, alongside an AI tool for judges to identify cases ready for trial.</p> <p>At the end of December 2025, the Crown Court backlog was 80,200 cases in England and Wales, the highest level recorded since 2016, <a target="_blank" href="https://commonslibrary.parliament.uk/research-briefings/cbp-8372/" rel="noopener">according to Minstry of Justice (MoJ) figures</a>. The backlog in magistrates’ courts was 379,400.</p> <p>The MoJ said in a statement that AI legal assistants will be developed “in partnership with the UK’s top legal experts and leading AI developers”. It is said that the assistants will support legal professionals with routine casework, including research and case analysis.</p> <p>Before being used in the Crown Court, the technology will be trialled to ensure the software meets the standard required by judges and lawyers before being considered for roll-out in the courts system, the MoJ said.</p> <p>Lammy said: “Artificial intelligence has the power to transform how we live, work and govern for the better. This impact for good can be seen in our justice system – with thousands of days of admin work saved for our probation staff, and the advent of new tools which aim to cut court backlogs and deliver swifter justice for victims.”</p> <p>He will also announce that every probation officer in England and Wales has been equipped with Justice Transcribe, described as an AI tool that automatically records and transcribes conversations with offenders.</p> <p>The MoJ said the tool could free up the equivalent of 18,750 calendar days of time every year, allowing frontline staff to spend more time monitoring offenders. A similar tool is being trialled in the Immigration and Asylum Tribunals, the department said. It is one of the projects forming part of the prime minister’s “AI Exemplars programme”, which are examples of how the government wants to use AI across the public sector.</p> <p>In August 2025, the MoJ announced it had hired a chief <a href="https://www.computerweekly.com/news/366623117/UK-MoJ-crime-prediction-algorithms-raise-serious-concerns">artificial intelligence</a> (AI) officer as part of a three-year action plan to deploy AI. The plan included setting up the Justice AI Unit, described as an interdisciplinary team comprising experts in AI, ethics, policy, design, operations and change management. </p> <p>The unit’s website, <a target="_blank" href="https://ai.justice.gov.uk/" rel="noopener">ai.justice.gov.uk</a>, is used to provide updates on what the MoJ is looking at in terms of AI. On the site, Lammy is quoted as saying: “Trials in the probation system with Justice Transcribe had helped record meetings between offenders and officers, saving 25,000 hours of time by helping transcribe more than 150,000 meetings.”</p> <p>A probation officer said: “For once, I feel that I actually have time to look at the person in front of me and they feel that they’re being listened to”.</p> <p>Lammy was appointed deputy prime minister and secretary of state for justice in the 2025 cabinet reshuffle on 5 September 2025, following the resignation of Angela Raynor. In February 2026, Lammy <a href="https://www.computerweekly.com/news/366639522/Deputy-prime-minister-vows-to-reform-justice-system-with-AI">vowed to reform the justice system with AI</a>. Speaking at the <a href="https://www.computerweekly.com/news/366639308/Microsoft-CEO-opens-up-London-AI-tour-with-Copilot-push">Microsoft AI Tour</a>, Lammy said the justice system is in “desperate” need of renewal.</p> <p>This week, the government also announced testing environments called <a href="https://www.computerweekly.com/news/366644113/UK-government-pumps-200m-into-AI-skills-and-adoption">AI Growth Labs</a>. These might enable the UK’s “lawtech” sector to develop and refine AI products in “secure, controlled settings” before bringing them to market.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the UK government and AI</h3> <ul class="default-list"> <li>UK government <a href="https://www.computerweekly.com/news/366644113/UK-government-pumps-200m-into-AI-skills-and-adoption">pumps £200m into AI skills and adoption</a>.</li> <li>UK government and Cisco unveil <a href="https://www.computerweekly.com/news/366643929/UK-government-and-Cisco-unveil-AI-digital-skills-initiative">AI, digital skills initiative</a>.</li> <li>UK government’s £500m <a href="https://www.computerweekly.com/news/366641682/UK-governments-50m-sovereign-AI-fund-bids-to-commercialise-research">sovereign AI fund bids to commercialise research</a>.</li> </ul> </div> </div> Deputy PM David Lammy announces AI legal assistants for Crown Courts and AI tools for judges to tackle record backlogs https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Justice-law-court-davidfranklin-adobe.jpg https://www.computerweekly.com/news/366643991/Lammy-announces-AI-legal-assistants-for-Crown-Courts-at-London-Tech-Week Wed, 10 Jun 2026 09:22:00 GMT Lammy announces AI legal assistants for Crown Courts at London Tech Week <p>Dutch bank ING is removing laborious manual processing for mortgage applications through an increased use of its latest artificial intelligence (AI) agent.</p> <p>The bank is extending its use after successfully piloting AI for mortgages, saying it will now be able to make faster mortgage decisions through AI taking over the gathering and checking of documents and moving cases between different systems.</p> <p>The AI agent looks over applications to understand them, explain possible outcomes and ways to move forward, and then a human employee will make final assessments and decisions. The AI agent for mortgage processing was piloted in March this year and the bank is now prepared to roll it out to the live environment.</p> <p>Around 12 months ago, Marnix van Stiphout, ING chief operating officer (COO), told Computer Weekly about work being done around the use of AI in mortgage generation.</p> <p>“We will look at agentic AI for products like mortgages, redoing the way we work with clients on getting mortgages from us,” he <a href="https://www.computerweekly.com/news/366626743/ING-Bank-transforming-operations-through-agentic-AI">said at the time</a>. “They will no longer need to speak to a person but a digital agent in terms of getting all the data from them and doing credit checks.”</p> <p>ING said: “Buying a home is one of the most important financial decisions people make, and waiting for a mortgage decision can be one of the most uncertain moments along the way. Much of that waiting happens behind the scenes – gathering and checking documents, and moving cases between systems and experts.”</p> <p>Tom Degen, head of mortgages at ING Netherlands, said the AI agent’s use will enable people to “focus on complex applications and personal contact with brokers<i>...</i>with the agentic mortgage assistant, we are taking the next step in supporting mortgage applications to deliver faster decisions and clearer outcomes for customers and brokers.”</p> <p>The AI agent for mortgages is a sign of things to come at the bank, with ING saying it is “testing ideas in real settings and scaling what adds value for customers”.</p> <p>Speaking to Computer Weekly last year, Stiphout said he expect certain work in operations to be done by 25% fewer people when AI is implemented, but said the 25% can be used for growth and more complex tasks.</p> <p><a href="https://www.computerweekly.com/news/366622971/Interview-Daniele-Tonella-CTO-ING">In an interview with Computer Weekly</a> last year, ING CTO Daniele Tonella said the bank is enabling development around AI in five areas: know your customer (KYC), call centres, in wholesale banking to improve customer due diligence, in retail for the hyper-personalisation of offerings, and inside tech for engineering.</p> <p>A recent survey by Zopa and Juniper Research found that generative AI (GenAI) will save 187 million labour hours, mainly in back-office roles, and that 27,000 jobs could be displaced by 2030. </p> <p>For example, Commerzbank recently announced it will cut 3,000 jobs – around 8% of its workforce – as it increases AI investment, set at €600m over the next four years. The bank expects €500m in additional value to be added each year through the AI investments from 2030 onwards.</p> <p>Banks are gaining huge benefits from AI today, with Lloyds Banking Group’s <i>Financial institutions sentiment survey for 2025</i> finding that <a href="https://www.computerweekly.com/news/366630147/Number-of-UK-banks-reporting-AI-driven-productivity-improvements-doubles">59% of surveyed firms reported AI-driven productivity gains</a> in the past 12 months, compared with 32% in the 2024 survey.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI at ING</h3> <ul class="default-list"> <li>Daniele Tonella, global head of IT at ING Bank, <a href="https://www.computerweekly.com/news/366622971/Interview-Daniele-Tonella-CTO-ING">tells Computer Weekly about his first nine months in the job</a>, which has so far seen him navigate four layers of tech.</li> <li>Netherlands-headquartered international bank is <a href="https://www.computerweekly.com/news/366626743/ING-Bank-transforming-operations-through-agentic-AI">using artificial intelligence throughout its operations</a>.</li> <li>ING bank is <a href="https://www.computerweekly.com/news/366637057/Interview-How-ING-reaps-benefits-of-centralising-AI">using generative AI-powered chatbots</a> with a human in the loop to streamline mortgage applications. It is also testing speech-to-speech models.</li> </ul> </div> </div> Bank using artificial intelligence to speed up mortgage applications as the company introduces the technology across its business https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Mortgage-house.jpg https://www.computerweekly.com/news/366644173/ING-increases-use-of-AI-in-mortgage-application-process Wed, 10 Jun 2026 08:22:00 GMT ING increases use of AI in mortgage application process <p>The rising cost of using <a href="https://www.computerweekly.com/feature/LLMs-explained-A-developers-guide-to-getting-started">large language models (LLMs)</a> is now giving enterprises pause for thought. As artificial intelligence (AI) models have become more sophisticated, queries are costing businesses significantly more in “<a href="https://www.theserverside.com/tutorial/An-introduction-to-LLM-tokenization">tokens</a>” and, in some cases, ratcheting up disastrously large bills.</p> <p>And their inherent variability means it is no longer possible to predict how much each task will cost. The same prompt one day could produce an instant response, but an almost identical prompt on another day could take five minutes and burn through 10% of your monthly token budget, says <a href="https://www.linkedin.com/in/donschuerman/">Don Schuerman</a>, chief technology officer (CTO) at Pegasystems.</p> <p>Enterprises have incentivised employees to maximise their use of AI without fully considering the benefits that it produces for the organisation. Such “<a href="https://www.computerweekly.com/blog/CW-Developer-Network/Pega-targets-token-tax-on-agentic-application-development">tokenmaxxing</a>” has left companies with unexpected bills.</p> <p>Last month, for example, <a href="https://www.axios.com/2026/05/28/ai-spending-roi-enterprise-costs">Axios reported</a> that a single unnamed enterprise spent over £500m on AI tokens for <a href="https://www.computerweekly.com/news/366641789/A-tsunami-of-flaws-When-frontier-AI-and-Patch-Tuesday-collide">Anthropic’s Claud AI platform</a> in one month after failing to put a cap on its employees’ IT use.</p> <p>And in April, Uber’s CTO disclosed that the minicab and delivery service had burned through its <a href="https://www.businessinsider.com/uber-coo-andrew-macdonald-ai-token-spending-harder-justify-2026-5">entire budget for Claude Code for 2026</a> in the first three months of the year.</p> <section class="section main-article-chapter" data-menu-title="AI token cost rising"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI token cost rising</h2> <p>Commercial pressures to fund AI datacentres and increasing energy costs have led AI suppliers to raise their prices in recent months, leading organisations to question where the value of spending on AI lies.</p> <p>In some cases, Schuerman says companies have replaced people with AI only to realise that AI is costing them more than the people they replaced.</p> <p>Last week, <a href="https://www.frbsf.org/our-people/leadership/office-of-the-president/">Mary Daly</a>, president and CEO of the Federal Reserve Bank of San Francisco, put it succinctly in an <a href="https://seekingalpha.com/news/4600787-productivity-growth-is-everywhere-except-in-the-data-says-mary-daly-regarding-ai">interview with Bloomberg</a>. “Productivity growth is everywhere except in the data,” she said.</p> <p>“What’s happened is the models have gotten more sophisticated,” Schuerman tells Computer Weekly. “The model reasons with itself, sometimes it dispatches other agents to do other things, and as it does that, it’s continuously running the token meter.”</p> </section> <section class="section main-article-chapter" data-menu-title="Enterprises waking up to AI costs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Enterprises waking up to AI costs</h2> <p>He argues that enterprises are waking up to the fact that the cost of AI does not increase linearly with the number of calculations the model makes. “Every step is adding quadratically to the cost of the process,” he says.</p> <p>If you use AI to work out a business process, the first step might take 500 tokens, but the context of the first step will need to be carried over, so the second step will require 1,000 tokens. The third step will use 1,500 tokens, and so on, says Schuerman.</p> <p>As calculations become more complex and require more context, not only does the cost increase, but the risk of AI hallucinating or behaving unpredictably also increases.</p> <blockquote> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/computerweekly/Don-Schuerman-Pega-140x180px.jpg" alt="Photo of Don Schuerman, Pegasystems"> </div> <p><span style="color: #34495e;"><strong><span style="font-size: 14pt;">“The best possible use of AI is to help me get that repeatable process right – help me define it, help me design it, help me ensure it follows best practices. And it turns out I don’t need much AI for that”</span></strong></span></p> <p><em><span style="color: #34495e;">Don Schuerman, Pegasystems</span></em></p> </blockquote> <p><a href="https://www.computerweekly.com/blog/CW-Developer-Network/Pega-targets-token-tax-on-agentic-application-development">Pegasystems’ answer to keeping the costs of AI</a> under control is to use the technology in a more strategic way.</p> <p>Pega supplies Fortune 500 companies with low-code platforms to <a href="https://www.computerweekly.com/news/366643849/Enterprises-that-succeed-in-agentic-AI-start-by-reimagining-business-process-finds-Pega-research">automate their business processes</a> and manage relationships with their customers.</p> <p>This week, the company announced that it would charge its customers for business outcomes, rather than charging them for how many AI tokens they use. Schuerman argues that at least 60% to 70% of the high-volume mission-critical processes enterprises need can be automated using rules-based approaches.</p> <p>“The best possible use of AI is to help me get that repeatable process right – help me define it, help me design it, help me ensure it follows best practices,” he says. “And it turns out I don’t need much AI for that.”</p> </section> <section class="section main-article-chapter" data-menu-title="Designing workflows"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Designing workflows</h2> <p><a href="https://www.computerweekly.com/news/366625045/Interview-Pegas-Blueprint-for-breaking-the-curse-of-legacy-IT">Pega’s Blueprint software</a>, for example, uses AI to help people design automated workflows for their organisations. Because AI does the bulk of its work at the point of design, AI agents don’t have to rethink the process from scratch each time the process runs.</p> <p>The workflows can, however, call AI agents to execute specific tasks – summarising a document or seeking input from a human, for example – giving enterprises the ability to use AI reasoning in a controlled way.</p> <p>Pega has now made its automated workflows compatible with the open source Model Context Protocol (MCP). This means companies can give AI agents built on other platforms – such as Anthropic Claude, Google Gemini, OpenAI, AWS AgentCore, and others – access to Pega’s processes.</p> <p>Schuerman says that for Pega, adding MCP was a “relatively light lift”. Pega is agnostic about how organisations access its workflows. Organisations can already access Pega workflows through other software, such as Salesforce, for example, without having to use Pega as a front end.</p> <p>But for businesses, the change is huge, he says. They can take their existing AI agents and use them to follow Pega’s workflows.</p> <p>“Once I’ve connected in the Pega MCP, that agent is going to follow the rules, it’s going to do it without excessive reasoning [by making] that relatively simple call to find the right workflow and finding the skill,” says Schuerman.</p> </section> <section class="section main-article-chapter" data-menu-title="From banks to pizza"> <h2 class="section-title"><i class="icon" data-icon="1"></i>From banks to pizza</h2> <p>Companies, including the Dutch bank Rabobank, are using MCP calls to convert chatbots into intelligent agents that complete tasks for customers, such as checking an account balance or potentially making a payment.</p> <p>Blueprint has opened the door for more companies to become Pega customers, more quickly. In the past, it might have taken several years for Pega to develop prototype workflows and for companies to decide whether to use Pega software.</p> <p>“It often took a long set of conversations and really skilled salespeople to help the customer understand how their business problem fit into our platform,” he says.</p> <p>With Blueprint, the software can take a description of what they do as a business, scan material from the company website, and within minutes design workflows that make sense to the business.</p> <p>Schuerman won’t put any numbers on it, but says Pega has made a conscious decision to sell its platform to a broader range of companies, partly directly and partly working through business partners.</p> <p>Previously, Pega specialised in supplying its platforms to highly regulated industries such as banks, insurance companies and healthcare. But now it is seeing opportunities from companies like Papa John’s, the pizza chain, which was seen among the attendees of Pega’s annual conference.</p> </section> <section class="section main-article-chapter" data-menu-title="AI can’t create the extraordinary"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI can’t create the extraordinary</h2> <p>Schuerman is adamant that AI is not going to replace human creativity as enterprises become more automated.</p> <p>Unlike people, AI does not create things that are extraordinary or show genuine creativity. “It just averages everything else that it has read in the past,” he says. “What we want to do is continually compress the time from an idea to that idea making a meaningful change in how my employees work and how customers engage with us.”</p> <p>That leaves people free to focus more on strategy, ideas and creativity. There is too much focus on the next version of ChatGPT or Claude, when last year’s version was just fine, according to Schuerman.</p> <p>“The hard work is in turning all this AI potential into realities for people, and that’s where I think the interesting work is,” he says.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Pegasystems</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366629123/Vodafone-Greece-automates-deals-for-customers-saves-500-staff-days-of-work">Vodafone Greece automates deals for customers, saves 500 staff-days of work</a>: Vodafone Greece hired an implementation partner for a business process management project while its own staff observed and learned how to use the technology.</li> <li><a href="https://www.computerweekly.com/news/366604883/Wells-Fargo-bank-turns-to-AI-to-help-families-settle-estates-after-a-death">Wells Fargo bank turns to AI to help families settle estates after a death</a>: Wells Fargo bank is winning customers after using business automation software and artificial intelligence to help people manage the estates of relatives following a bereavement.</li> <li><a href="https://www.computerweekly.com/news/366541863/Citis-US-Personal-Banking-turns-to-AI-to-delight-customers-with-personalised-services">Citi US Personal Banking turns to AI to ‘delight’ customers</a> with personalised services: Citigroup’s US Personal Banking business has created a repository of customer data and is rolling out a decision engine. </li> <li><a href="https://www.computerweekly.com/news/366589418/Bupa-turns-to-data-to-provide-personalised-health-services">Bupa turns to data to provide personalised health services</a>: Private healthcare provider Bupa says a project to deploy business process automation is bringing it closer to APAC customers.</li> <li><a href="https://www.techtarget.com/searchcustomerexperience/news/366643870/Pegasystems-refines-Blueprint-agent-builder-expands-marketing-tools?_gl=1*lqprof*_ga*MTMxMDQ1OTgxMi4xNzc3OTY4NDc4*_ga_TQKE4GS5P9*czE3ODA5Mzk5MTckbzg2JGcxJHQxNzgwOTM5OTYxJGoxNiRsMCRoMA..">Pegasystems refines Blueprint agent builder, expands marketing tools</a>: Pegasystems emphasises ‘derisking’ agentic buildouts for its customers in regulated industries.</li> </ul> </div> </div> </section> Pegasystems offers an alternative take on how enterprises can use artificial intelligence to automate their business processes without burning through their budgets https://cdn.ttgtmedia.com/visuals/LeMagIT/hero_article/Hero-Danger-by-InfiniteFlow-Adobe-10.jpg https://www.computerweekly.com/news/366644133/Interview-Pegasystems-Don-Schuerman-on-how-to-keep-the-lid-on-skyrocketing-AI-costs Wed, 10 Jun 2026 07:50:00 GMT Interview: Pegasystems’ Don Schuerman on how to keep the lid on skyrocketing AI costs <p>The UK government is attempting to improve public trust in its <a href="https://www.computerweekly.com/news/366637124/What-will-happen-with-Starmers-digital-ID-scheme-in-2026">digital ID proposals</a> and rebuild relations with industry by setting up a new advisory group and establishing regular meetings with private sector stakeholders.</p> <p>In the King’s Speech last month, the government unveiled <a href="https://www.computerweekly.com/news/366643097/Kings-Speech-paves-the-way-for-digital-ID">plans for a Digital Access to Services Bill</a>, which will form a legal framework under which it can create, issue and use digital IDs.</p> <p>The proposals have <a href="https://www.computerweekly.com/news/366635513/Mandatory-digital-ID-paves-way-for-surveillance-and-exclusion-MPs-hear">faced significant criticism</a> and opposition from civil society and privacy groups, while MPs on the Home Affairs Committee described the <a href="https://www.computerweekly.com/news/366643374/Government-digital-ID-launch-was-a-fiasco-report-finds">launch of the government’s policy as “nothing short of a fiasco”</a>, adding that the initial plan to make the scheme mandatory – and the <a href="https://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/UK-governments-U-turn-on-digital-ID-was-inevitable-from-the-start">subsequent U-turn</a> – “undermined what existing public support” there was for digital ID.</p> <p>While stakeholders wait for the results of a recent <a href="https://www.computerweekly.com/news/366639956/Whitehall-launches-digital-ID-consultation">consultation process</a>, chief secretary to the prime minister, Darren Jones – the minister in charge of the digital identity policy – has convened an independent group of experts with a remit to “provide accountability and insight” to help ensure the digital ID scheme is “inclusive, useful and trusted”.</p> <p>The experts range from familiar faces who sit on other digital government advisory groups to business and political leaders (<a href="#Members"><i>see box, below</i></a>). At first glance, the group appears to lack one significant factor – any direct experience of developing, operating or implementing digital identity systems. However, Computer Weekly understands that this was a deliberate decision to keep the group free of any commercial interest.</p> <p>According to the Cabinet Office, “The advisory group will meet quarterly for the duration of the digital ID programme to provide external scrutiny and strategic insight and will challenge the government on emerging ideas or policy decisions to ensure the system works for everyone.”</p> <p>The government is also starting a process of regular engagement with industry bodies and key stakeholders in the digital identity and financial services sectors to “inform” the programme as it develops.</p> <p>The government has <a href="https://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/Digital-ID-providers-are-placated-again-as-anticipation-builds-towards-government-consultation">caused significant friction with the digital verification sector</a> over the past 18 months, and has faced criticism for its lack of communication and announcements that made the government’s plans for identity apps appear to be in competition with industry offerings.</p> <p>Behind-the-scenes lobbying by industry bodies has now led to a more formal process of engagement to address supplier concerns and to listen to “lessons and insights” from the sector.</p> <p>“This new programme of engagement will ensure we benefit from the insights and experience of experts as we build a system that is secure, useful and for everyone – and that supports public services that are there for you when you need them most,” said Jones.</p> <p>Parliamentary under-secretary of state in the Department for Science, Innovation and Technology and parliamentary secretary in the Cabinet Office, James Frith, added: “We want digital ID to work for everyone – something that is useful, inclusive and trusted. That is why we’re working with industry, civil society and others to get this right. Our programme of engagement will run throughout our development of the programme, ensuring we hear from as many people and organisations as possible.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading"><a id="Members"></a>Members of the UK government’s advisory group on digital ID</h3> <p><strong>John Fallon</strong> – former CEO of global education publisher Pearson, where he led the company’s transition from print to digital learning platforms. Fallon is also the lead Cabinet Office non-executive board member.</p> <p><strong>Anne-Marie Imafidon</strong> – co-founder and CEO of Stemettes, a social enterprise helping people to pursue careers in science, technology, engineering and maths.</p> <p><strong>David Rogers</strong> – a cyber security expert and member of the faculty at Columbia Business School.</p> <p><strong>Emma Wright</strong> – an expert in digital regulation law, she is director and co-founder of the Interparliamentary Forum on Emerging Technologies and a partner at law firm Crowell & Moring.</p> <p><strong>Justine Roberts</strong> – founder and executive chair of Mumsnet and Gransnet.</p> <p><strong>Victor Dominello</strong> – former New South Wales minister for digital government and now CEO and co-founder of the Future Government Institute.</p> </div> </div> <p>Tech sector trade body TechUK will host a discussion with Frith this month to “identify the technical details required to ensure an interoperable, secure and seamlessly integrated system”, according to TechUK CEO Julian David.</p> <p>As part of the consultation process, the government has also convened a “people’s panel” – which it says was “selected to be broadly representative of the whole British public” – to gather feedback and opinions from citizens on digital identity.</p> <p><a href="https://www.computerweekly.com/opinion/Building-the-foundations-A-national-roadmap-for-digital-identity-and-sovereign-data">David Crack, chair of the Association of Digital Verification Professionals</a>, welcomed the government’s belated commitment to regular engagement with the industry.</p> <p>“The UK already has a vibrant and innovative digital verification services (DVS) market operating under the UK’s <a href="https://www.computerweekly.com/news/366635638/Use-of-digital-ID-in-UK-achieves-statutory-status">DVS Trust Framework</a>. Our members are delivering trusted identity solutions today, helping citizens access services more easily while supporting businesses and public bodies to reduce fraud, improve security and enhance user experience,” said Crack.</p> <p>“We stand ready to work constructively with government, policymakers, regulators and industry partners to support the continued implementation of the Trust Framework and the successful development of the government’s digital ID programme.”</p> <p>He added: “As the programme develops, it will be important that engagement is broad, meaningful and ongoing, drawing on the practical experience of organisations already delivering trusted digital identity services at scale. By working together, government and industry can help ensure the UK develops a digital identity ecosystem that is secure, inclusive, interoperable and trusted by citizens.”</p> <p>Earlier this month, Computer Weekly revealed that <a href="https://www.computerweekly.com/news/366643785/Property-sector-plans-for-digital-ID-collapse-over-government-policy-concerns">a property sector initiative to introduce a digital identity scheme is being scrapped</a> due to concerns over UK government policy and a lack of consumer benefits.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the government’s digital ID plans</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366643374/Government-digital-ID-launch-was-a-fiasco-report-finds">Government digital ID launch was a fiasco, report finds</a>: Back-to-front policy and a rushed launch destroyed public confidence, as Home Affairs Committee is sceptical government has capacity to implement the digital ID programme.</li> <li><a href="https://www.computerweekly.com/news/366636254/MPs-maul-digital-ID-plans-in-parliamentary-debate">MPs maul digital ID plans in Parliamentary debate</a>: MPs brand the government’s digital ID plans ‘un-British’ and ‘an attack on civil liberties’ during debate on the controversial policy.</li> <li><a href="https://www.computerweekly.com/news/366634197/Industry-calls-for-clarity-on-government-digital-ID-plans">Industry calls for clarity on government digital ID plans</a>: The digital identity industry asks UK government for transparency on its digital identity scheme and proposes a formal collaboration agreement.</li> <li><a href="https://www.computerweekly.com/news/366640072/The-UK-governments-digital-identity-scheme-Dystopian-nightmare-or-modernised-public-services">The UK government’s digital identity scheme: Dystopian nightmare or modernised public services?</a> Critics and supporters of digital ID are honing their arguments for the government’s consultation – but it’s the public that will decide. How should you choose?</li> <li><a href="https://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/Who-knew-How-Starmer-kept-his-digital-ID-plan-secret-for-months">Who knew? How Starmer kept his digital ID plan secret for months</a>: When prime minister Keir Starmer announced on 26 September that the government was to introduce a mandatory national digital ID scheme, it came as a surprise to many people.</li> </ul> </div> </div> After mounting criticism of its digital identity policy, the government is convening an independent advisory group and improving engagement with industry stakeholders in an attempt to improve public trust https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/London-parliament-digital-mobile-adobe.jpeg https://www.computerweekly.com/news/366644120/UK-government-invites-experts-and-industry-groups-to-advise-on-digital-ID-plans Wed, 10 Jun 2026 06:36:00 GMT UK government invites experts and industry groups to advise on digital ID plans ComputerWeekly.com 60 editor@computerweekly.com