Latest news with #ThreatResearch
Yahoo
20-07-2025
- Yahoo
Experienced software developers assumed AI would save them a chunk of time. But in one experiment, their tasks took 20% longer
AI tools don't always boost productivity. A new study from Model Evaluation and Threat Research found that when 16 software developers were asked to perform tasks using AI tools, the they took longer than when they weren't using the technology, despite their expectations AI would boost productivity. The research challenges the dominant narrative of AI driving a workplace efficiency boost. It's like a new telling of the 'Tortoise and the Hare': A group of experienced software engineers entered into an experiment where they were tasked with completing some of their work with the help of AI tools. Thinking like the speedy hare, the developers expected AI to expedite their work and increase productivity. Instead, the technology slowed them down more. The AI-free tortoise approach, in the context of the experiment, would have been faster. The results of this experiment, published in a study this month, came as a surprise to the software developers tasked with using AI—and to the study's authors, Joel Becker and Nate Rush, technical staff members of nonprofit technology research organization Model Evaluation and Threat Research (METR). The researchers enlisted 16 software developers, who had an average of five years of experience, to conduct 246 tasks, each one a part of projects on which they were already working. For half the tasks, the developers were allowed to use AI tools—most of them selected code editor Cursor Pro or Claude 3.5/3.7 Sonnet—and for the other half, the developers conducted the tasks on their own. Believing the AI tools would make them more productive, the software developers predicted the technology would reduce their task completion time by an average of 24%. Instead, AI resulted in their task time ballooning to 19% greater than when they weren't using the technology. 'While I like to believe that my productivity didn't suffer while using AI for my tasks, it's not unlikely that it might not have helped me as much as I anticipated or maybe even hampered my efforts,' Philipp Burckhardt, a participant in the study, wrote in a blog post about his experience. Why AI is slowing some workers down So where did the hares veer off the path? The experienced developers, in the midst of their own projects, likely approached their work with plenty of additional context their AI assistants did not have, meaning they had to retrofit their own agenda and problem-solving strategies into the AI's outputs, which they also spent ample time debugging, according to the study. 'The majority of developers who participated in the study noted that even when they get AI outputs that are generally useful to them—and speak to the fact that AI generally can often do bits of very impressive work, or sort of very impressive work—these developers have to spend a lot of time cleaning up the resulting code to make it actually fit for the project,' study author Rush told Fortune. Other developers lost time writing prompts for the chatbots or waiting around for the AI to generate results. The results of the study contradict lofty promises about AI's ability to transform the economy and workforce, including a 15% boost to U.S. GDP by 2035 and eventually a 25% increase in productivity. But Rush and Becker have shied away from making sweeping claims about what the results of the study mean for the future of AI. For one, the study's sample was small and non-generalizable, including only a specialized group of people to whom these AI tools were brand new. The study also measures technology at a specific moment in time, the authors said, not ruling out the possibility that AI tools could be developed in the future that would indeed help developers enhance their workflow. The purpose of the study was, broadly speaking, to pump the brakes on the torrid implementation of AI in the workplace and elsewhere, acknowledging more data about AI's actual effects need to be made known and accessible before more decisions are made about its applications. 'Some of the decisions we're making right now around development and deployment of these systems are potentially very high consequence,' Rush said. 'If we're going to do that, let's not just take the obvious answer. Let's make high-quality measurements.' AI's broader impact on productivity Economists have already asserted that METR's research aligns with broader narratives on AI and productivity. While AI is beginning to chip away at entry-level positions, according to LinkedIn chief economic opportunity officer Aneesh Raman, it may offer diminishing returns for skilled workers such as experienced software developers. 'For those people who have already had 20 years, or in this specific example, five years of experience, maybe it's not their main task that we should look for and force them to start using these tools if they're already well functioning in the job with their existing work methods,' Anders Humlum, an assistant professor of economics at the University of Chicago's Booth School of Business, told Fortune. Humlum has similarly conducted research on AI's impact on productivity. He found in a working study from May that among 25,000 workers in 7,000 workplaces in Denmark—a country with similar AI uptake as the U.S.—productivity improved a modest 3% among employees using the tools. Humlum's research supports MIT economist and Nobel laureate Daron Acemoglu's assertion that markets have overestimated productivity gains from AI. Acemoglu argues only 4.6% of tasks within the U.S. economy will be made more efficient with AI. 'In a rush to automate everything, even the processes that shouldn't be automated, businesses will waste time and energy and will not get any of the productivity benefits that are promised,' Acemoglu previously wrote for Fortune. 'The hard truth is that getting productivity gains from any technology requires organizational adjustment, a range of complementary investments, and improvements in worker skills, via training and on-the-job learning.' The case of the software developers' hampered productivity points to this need for critical thought on when AI tools are implemented, Humlum said. While previous research on AI productivity has looked at self-reported data or specific and contained tasks, data on challenges from skilled workers using the technology complicate the picture. 'In the real world, many tasks are not as easy as just typing into ChatGPT,' Humlum said. 'Many experts have a lot of experience [they've] accumulated that is highly beneficial, and we should not just ignore that and give up on that valuable expertise that has been accumulated.' 'I would just take this as a good reminder to be very cautious about when to use these tools,' he added. This story was originally featured on Solve the daily Crossword
National Post
24-06-2025
- Business
- National Post
Imperva Application Security Integrates API Detection and Response, Setting A New Standard in API Security
Article content Article content First unified, single-pane-of-glass platform to deliver real-time detection and mitigation of API threats, including Broken Object Level Authorization (BOLA) and other advanced business logic threats Offers flexible deployment across cloud and on-premise environments, with a privacy-forward design to secure APIs at scale. Article content MEUDON, France — Thales today announced new detection and response capabilities in the Imperva Application Security platform to protect against business logic attacks, such as Broken Object Level Authorization (BOLA) – the leading threat in the OWASP API Security Top 10. By integrating real-time detection with automated mitigation of risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, Imperva Application Security platform delivers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across cloud and on-premises environments. APIs have become the backbone of modern applications, enabling businesses to seamlessly connect services, optimize operations, and deliver personalized experiences at scale. According to Imperva Threat Research, APIs accounted for 71% of all web traffic. More recently, the team observed a sharp rise in API-directed attacks, with 44% of advanced bot traffic targeting APIs, compared to just 10% targeting web applications. This shift underscores how attackers are increasingly exploiting API endpoints that manage sensitive and high-value data. Article content Why BOLA is a Critical Business Risk Article content BOLA occurs when APIs fail to properly verify whether users are authorized to access specific data objects. This allows attackers to manipulate requests and gain unauthorized access to sensitive information. As the leading OWASP Top 10 API threat, BOLA exposes businesses to significant risks, including data breaches, compliance failures, and loss of customer trust. Article content 'API security is no longer optional Article content – Article content it's fundamental to maintaining business continuity and trust,' said Tim Chang, Global Vice President and General Manager of Application Security at Thales. 'Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.' Article content Empowering Enterprises with a Unified, Flexible, and Privacy-First Solution Article content Imperva Application Security integrates advanced threat detection engines with automated inline responses and flexible deployment options, enabling security teams to detect and respond to API attacks like BOLA without slowing development or disrupting the user experience. For customers who want to protect their API infrastructure, Imperva Application Security delivers the following benefits: Article content Unified Platform Architecture: Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments. Real-Time BOLA Detection: Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action. Automated Response and Remediation: Integration with Imperva Cloud WAF and WAF Gateway enables a variety of response actions, including inline mitigation actions such as automatically blocking malicious API traffic in real-time. Integration with security automation tools ensures rapid incident orchestration. Article content Advancing the Imperva Security Anywhere Vision The integration of API detection and response into Imperva Application Security is foundational to the Imperva Security Anywhere vision, which provides scalable, end-to-end protection for applications and APIs across any environment. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools to protect those APIs. Article content Detection and response to deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security. Article content About Thales Article content Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. Article content The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies. Article content Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion. Article content Article content Article content Article content Article content Contacts Article content Thales, Media Relations Article content Article content Article content Marion Bonnet Article content Article content Article content
