Latest news with #CAEP
Forbes
10 hours ago
- Business
- Forbes
Operationalizing AI: A CISO's Guide To Adopting MCP With Confidence
CTO at SGNL. Inventor of CAEP. Okta Identity 25 Listee. Standards guy at OpenID. Believes access control is critical to cybersecurity. The technology world is abuzz with the development of the model context protocol (MCP) because it unlocks powerful interactions between large language models (LLMs) and existing enterprise services. The perils of unauthorized data access can dampen enterprises' enthusiasm for adopting MCP. The result is that the promised productivity benefits of AI are harder to achieve, while simultaneously, the unauthorized use of internal data by employees using personal AI accounts grows. Here's what your organization can do to adopt AI and MCP with confidence and provide a secure alternative to unauthorized AI usage. A Quick Recap Large language models are a popular AI technology. A specialized class of LLMs is 'generative pre-trained transformers' (GPTs). Fundamentally, a GPT's behavior is like autocomplete in a word processor: By looking at the preceding text, it can predict the text that follows. The preceding text is called the context, in which the immediate prompt that you type is a part. The latest versions of GPTs are better at step-by-step reasoning, especially when prompted to 'think step by step,' allowing them to break down complex questions into logical steps before answering. Some GPT-enabled services (like ChatGPT with browsing or plugins) integrate external tools that fetch web results and supply them as context for the model to reason over. For other data that users want to bring into the context, they retrieve it themselves and provide it to the GPT. This is called 'retrieval augmented generation' (RAG), which is often automated in enterprises by external systems integrated with the LLM. Instead of this custom way of retrieval, the model context protocol provides a standardized protocol for the LLM (i.e., the model) to discover tools and resources provided by MCP servers that are available to it and communicate with them to form the context. Hence, the model context protocol. Pitfalls In Enterprise Use Of MCP Everyone is predictably excited about MCP because it unleashes a powerful way to enrich the capabilities of GPTs. If a GPT determines the several steps required to answer a question, it can reach out to the relevant MCP servers that can provide the context for each one of those steps in order to generate the answer. The trouble is, how can an enterprise ensure that the data being requested and fetched by the LLM is, in fact, permitted for the user to be retrieved? If the MCP server can modify data, then how can the enterprise ensure the user has the permissions to make those modifications? While this seems like a simple authorization question, it gets a bit more involved: • MCP servers cannot run with more access than the requesting user because each user's permissions may be different. So each MCP query must run with the requesting user's privilege. • Since user privileges are dynamic (someone working on a specific customer's case today may not have a need to access that customer's data tomorrow), it follows that MCP servers need to understand what a user has access to at the time of the query. • Enterprises often run in a permissive environment, providing users broad access based on their job function (or, often, their previous job functions too). Often, this includes sensitive customer or internal data. Human users are judicious in their use of such data in their output. Because MCP puts this same access in the hands of LLMs, the same level of judgment probably will not be exercised by the LLM in determining if some information should or should not be used. • Thus, MCP defeats the de-facto 'security through obscurity' operating model. Users won't try multiple ways of obtaining information they are not supposed to, whereas LLMs will try solving the problem in many different ways before giving up. So, if the data is accessible to the MCP server, it will find its way into the answers, revealing information it should not. Securing MCP usage Implementing the following strategies can help secure MCP for organizational use: In order for enterprises to effectively use MCP, they must adopt a 'zero standing privilege' access control strategy. Unlike in the conventional model, with 'zero standing privilege,' at any given time, the user will only have access to the data that they need to complete the specific task they are currently working on. This lays the foundation for ensuring that MCP servers do not accidentally provide data that should not be available in producing an answer. ZSP automatically implies a dynamic access control strategy because it is impossible for anyone to manually update users' permissions to what they need at any given moment. And one more thing: ZSP is great for defending against cyber breaches, too, because attackers assuming employee identities are unable to access a lot of data and cause a lot of damage. LLMs acting on behalf of a user should not be able to discover tools within MCP servers that the requesting user should not have access to at the time of execution. This can be done by ensuring that the 'list tools' call made by the MCP client is authorized using the user's identity so that the MCP server can appropriately hide tools that are not to be used by that user. MCP Servers must execute with the requesting user's privileges because if they have their own elevated privileges, then it will be hard for the downstream services to figure out what data should or should not be provided. Having the entire chain execute as the user also makes it easier to audit data usage across all systems. Conclusion MCP is a promising technology, and harnessing it with the right security guardrails can unleash employee productivity while clamping down on unauthorized AI usage. Adopting a zero standing privilege strategy with appropriate controls over MCP servers can help organizations deploy MCP with confidence. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
a day ago
- Business
- Yahoo
Cantor Equity Partners III, Inc. Announces Pricing of Upsized $240 Million Initial Public Offering
NEW YORK, June 25, 2025--(BUSINESS WIRE)--Cantor Equity Partners III, Inc. (Nasdaq: CAEP) (the "Company") announced today the pricing of its upsized initial public offering of 24,000,000 Class A ordinary shares at $10.00 per share. The shares are expected to be listed on the Nasdaq Global Market under the symbol "CAEP" and begin trading on June 26, 2025. The underwriters have been granted a 45-day option to purchase up to an additional 3,600,000 shares offered by the Company to cover over-allotments, if any. The offering is expected to close on June 27, 2025, subject to customary closing conditions. Cantor Fitzgerald & Co. is acting as the sole book-running manager for the offering. About Cantor Equity Partners III, Inc. Cantor Equity Partners III, Inc. is a blank check company sponsored by Cantor Fitzgerald and led by Chairman and Chief Executive Officer Brandon Lutnick. Cantor Equity Partners III, Inc. was formed for the purpose of effecting a merger, share exchange, asset acquisition, share purchase, reorganization or similar business combination with one or more businesses. The Company's efforts to identify a prospective target business will not be limited to a particular industry or geographic region, but the Company intends to focus on a target in an industry where it believes the Company's management teams' and affiliates' expertise will provide the Company with a competitive advantage, including the financial services, digital assets, healthcare, real estate services, technology and software industries. A registration statement relating to these securities was declared effective by the Securities and Exchange Commission (the "SEC") on June 25, 2025. The offering is being made only by means of a prospectus, copies of which may be obtained by contacting Cantor Fitzgerald & Co., Attention: Capital Markets, 110 East 59th Street, 6th Floor New York, New York 10022; Email: prospectus@ Copies of the registration statement can be accessed through the SEC's website at This press release shall not constitute an offer to sell or a solicitation of an offer to buy, nor shall there be any sale of these securities in any state or jurisdiction in which such offer, solicitation or sale would be unlawful prior to registration or qualification under the securities laws of any such state or jurisdiction. Forward-Looking Statements This press release includes forward-looking statements that involve risks and uncertainties. Forward-looking statements are statements that are not historical facts. Such forward-looking statements, including with respect to the successful consummation of the Company's initial public offering and use of the net proceeds of the offering as described in the offering prospectus, are subject to risks and uncertainties including those set forth in the Risk Factors section of the Company's registration statement for the offering filed with the SEC, which could cause actual results to differ from the forward-looking statements. The Company expressly disclaims any obligations or undertaking to release publicly any updates or revisions to any forward-looking statements contained herein to reflect any change in the Company's expectations with respect thereto or any change in events, conditions or circumstances on which any statement is based. View source version on Contacts MEDIA Danielle +1 212-610-2407 Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
The Guardian
14-02-2025
- Business
- The Guardian
Industry influence over UN aviation body ‘extremely concerning'
Aviation industry delegates outnumbered those from green groups by 10 to one at the previous conference of the UN's committee on aviation environmental protection (CAEP), an analysis has found. Other recent meetings held by CAEP's parent body, the International Civil Aviation Organization (ICAO), were sponsored by large fossil fuel companies and airlines, including Saudi Aramco and Etihad. Critics accuse the ICAO of having been captured by the industry, resulting in slow efforts to tackle the climate crisis by reducing the carbon emissions from aircraft. The next meeting of CAEP begins on Monday but there is no public information on its agenda or the people who will be running the conference. The ICAO has been criticised for a lack of transparency that contrasts sharply with, for example, the UN's climate body. The ICAO does not routinely make its meeting documents freely available, instead charging hundreds of dollars for password-protected copies. Neither the media nor the public can attend CAEP conferences, and observer delegates are required to sign non-disclosure agreements that incur 'unlimited financial liability'. Flying causes more climate-heating pollution than any other form of transport for every kilometre and is dominated by rich passengers, with just 1% of the world's population responsible for 50% of aviation emissions. The industry's climate plans are rated 'critically insufficient' by Climate Action Tracker. The ICAO forecasts a doubling of passenger numbers by 2042, and the industry argues that more efficient aircraft, sustainable fuels and the ICAO's offsetting scheme can control carbon emissions. Independent experts say the feasible scale of such measures is extremely unlikely to compensate for such a huge growth in traffic. For example, the 'unambitious and problematic' offsetting scheme has yet to require any airline to use a carbon credit and fuel-efficiency improvements are stalling. The experts say aviation growth must be curbed if climate targets are to be met. Lucca Ewbank, the transport lead at InfluenceMap, the thinktank that analysed the delegate data, said: 'The level of access and potential influence given to the fossil fuel and aviation industries by ICAO is extremely concerning and risks the capture of global climate negotiations by vested interests. 'The [lack of] transparency also works in industry's favour, allowing them to privately influence climate negotiations and push their vested interests without external scrutiny. Industry appears to have exerted significant influence over environmental negotiations at ICAO, resulting in rules that serve the interest of aviation companies at the expense of science-aligned climate action.' Specific technical information on aircraft discussed at CAEP might be commercially sensitive, one delegate told the Guardian, but secrecy should not be 'a general rule that governs everything'. The ICAO did not respond to a request for comment. The big CAEP meetings take place every three years and 439 delegates attended the previous event in 2022. Analysis by InfluenceMap showed that 125 (29%) were from the aviation industry, including at least 16 representatives who attended the meeting as part of their national delegations. The latter included delegates from Saudi Aramco, the United Arab Emirate's national oil company, Adnoc, and its two national airlines, Etihad Airways and Emirates, and from Japan Airlines. The International Coordinating Council of Aerospace Industries Associations, which represents manufacturers, provided the most industry delegates with 62, followed by the Airports Council International (28) and the International Business Aviation Council (10). There were only 11 delegates from environmental groups. In contrast, at the UN's Cop29 climate summit, just 1.5% of attenders were from the fossil fuel industry or lobbyists. Sign up to Down to Earth The planet's most important stories. Get all the week's environment news - the good, the bad and the essential after newsletter promotion Also unlike UN climate summits, recent ICAO events have been sponsored by industry companies. An ICAO 'stocktaking event' on aviation emissions reductions in October 2024 was sponsored by ExxonMobil, Shell Aviation, Airbus and the leading trade body for airlines, the International Air Transport Association (IATA). Another ICAO event, on aviation and alternative fuels in Dubai in November 2023, was sponsored by Adnoc, Etihad, Air Arabia and Boeing as well as Shell Aviation, Airbus and IATA. InfluenceMap's analysis also linked industry figures to influential positions. Kevin Walsh, now vice-president at the trade body Airlines for America, was listed in the report of the 2022 CAEP meeting as being vice-chair for the next CAEP meeting. In 2022, he was part of the US delegation and worked for the Federal Aviation Administration. CAEP has 11 working groups, whose membership is not made public. However, analysis of LinkedIn profiles indicated industry representatives on these groups. Three people from Saudi Aramco were on the fuel task group, as was one from Adnoc, and United Airlines was also represented on working groups. Staff from industry trade bodies were also on working groups, including some from the Airports Council International and IATA. There have been calls for increased transparency, with an unnamed member CAEP highlighting the need for this, according to the report of the 2022 meeting. Another delegate, also unnamed, said 'transparency is the lifeblood of effective governance', focusing on 'improving access, broadening participation, and ensuring accountability'. The US delegation called publicly for greater transparency in 2022, saying this would 'improve [CAEP's] accountability to the public it seeks to serve' and that other UN bodies released all papers for decision meetings publicly and in advance of meetings. No papers appear to have been released before the CAEP talks next week. You can contact Damian Carrington via email, Signal (dpcarrington.35) or securely via this link.
