Bredemarket

Amazon Fresh, Just Walk Out, and Reducing Automation

Between the Upland store grand opening, my musings on Amazon One, and a combination of the two, I have focused on the Amazon Fresh retail chain lately.

But I haven’t touched on the demise of Just Walk Out.

Not because of shrinkage, but because shoppers want control…and Just Walk Out took control away.

It’s masterful, really. You just throw your purchases into your cart, and a battery of cameras record and price everything automatically.

In reality, a battery of cameras and third world workers record and price everything semi-automatically. But I digress.

Anyway, all your purchases are recorded and totaled, and your payment method is charged as you just walk out.

THEN you find out how much you just spent.

Guess what? Customers didn’t like the surprises. They wanted to know how much they were spending BEFORE they were charged.

Customers wanted a better solution:

“Shoppers said they preferred being able to track their spending during a shop, access receipts instantly, and easily find products—all things that are harder with a fully automated system.

“The new solution—smart trolleys known as Dash Carts—lets customers scan items as they shop, view their basket total in real time, and pay using contactless payment at the end.”

Dash Cart picture from https://www.amazon.com/b?ie=UTF8&node=21289116011

The love for Amazon Dash Carts horrifies engineers, who are shocked that customers rejected the technological marvel that was Just Walk Out.

Except that customers don’t want features. They want benefits…such as being able to control their spending.

And if the manual Dash Carts offer better benefits than the automated Just Walk Out…then Just Walk Out does exactly that and leaves the premises.

And if you need to communicate the benefits of your technology solution…

Bredemarket can help:

compelling content creation
winning proposal development
actionable analysis

Book a call: https://bredemarket.com/cpa/

Hacking the May 7 Papal Conclave

This past weekend the world watched the funeral of Pope Francis.

Which means that the time has come to select a new Pope. The conclave for this purpose will begin on May 7.

The papal conclaves that convene to select a new Pope are notorious for their secrecy. The Cardinals who select the new Pope are locked away and generally cannot communicate with the outside world. With one exception: black smoke appears if a vote does not result in the election of a Pope, or white smoke if a Pope is elected.

Because the selection of a Pope has massive influence on both religious and secular affairs worldwide, there are those who desire to hack the papal conclave to get inside information.

Which is why the Vatican employs a cybersecurity expert.

“[I]n in October 2019…the Vatican appointed Gianluca Gauzzi Broccoletti as its Director of Security Services.

“Broccoletti brought robust and vigorous experience from previous roles in Italian law enforcement and cybersecurity.

“Under his leadership, the team modernized the Papacy’s setup, with a strong emphasis on AI-powered threat analysis and digital forensics.”

Broccoletti and his staff employ a wide variety of cybersecurity techniques, including phone bans, security cameras, signal jammers, endpoint monitoring, and armed guards.

But this is the first papal conclave conducted under Broccoletti’s watch.

Will he maintain the secrecy of the ballot?

And if you offer a cybersecurity solution, how will your prospects learn about it?

Bredemarket can help:

compelling content creation
winning proposal development
actionable analysis

Book a call: https://bredemarket.com/cpa/

(Imagen 3)

TSA Photo Requests: “The Current U.S. Government” Can Already Obtain Your Facial Image

There have been many recent stories about Transportation Security Administration (TSA) capture of the facial images of travelers, an outgrowth of the same post-9/11 concerns that resulted in REAL IDs in 2008…I mean 2025. (Maybe.)

One story from HuffPost clearly states its view on the matter. The title of the story? “Why You Can (And Should) Opt Out Of TSA Facial Recognition Right Now.”

I guess we know where HuffPost stands.

As to the “why” of its stance, here’s a succinct statement:

“Do you really want to be submitting a face scan to the current U.S. government?”

And perhaps there are good reasons to distrust the Trump Administration, or any administration.

After all, the TSA says it only retains the picture for a limited time: “Photos are not stored or saved after a positive ID match has been made, except in a limited testing environment for evaluation of the effectiveness of the technology,”

But maybe…something happens. Someone accidentally forgot to delete the files. Oops.

And if something happens, the federal government has just captured an image of your face!

Guess what? The federal government can probably already get an image of your face, even if you don’t allow TSA to take your photo.

After all, you had to show some sort of identification when you arrived at that TSA checkpoint. Maybe you showed a passport, with a picture that the U.S. State Department received at one point. No, they don’t retain them either. But maybe…something happens.

But who does retain an image of your face?

Your state driver’s license agency. And as of 2019:

“Twenty-one states currently allow federal agencies such as the FBI to run searches of driver’s license and identification photo databases.”

So if a federal agency wants your facial image, it can probably obtain it even if you decline the TSA photo request.

Unless you strictly follow Amish practices. But in that case you probably wouldn’t be going through a TSA checkpoint anyway.

But if you are with a facial recognition company, and you want your prospects and their prospects to understand how your solution protects their privacy…

Bredemarket can help:

compelling content creation
winning proposal development
actionable analysis

Book a call: https://bredemarket.com/cpa/

(Security checkpoint picture generated by Imagen 3)

“Somewhat You Why” in Minnesota

Remember my earlier post “‘Somewhat You Why,’ and Whether Deepfakes are Evil or Good or Both”?

When I posted it, I said:

I debated whether or not I should publish this because it touches upon two controversial topics: U.S. politics, and my proposed sixth factor of authentication.

I eventually decided to share it on the Bredemarket blog but NOT link to it or quote it on my socials.

Well, I’m having the same debate with this post, which is ironic because I learned about the content via the socials. Not that I will identify the source, because it is from someone’s personal Facebook feed.

Just a random picture of Princess Diana. Public domain.

My earlier post analyzed my assumption that deepfakes are bad. It covered the end of National Science Foundation funding for deepfake research, apparently because deepfakes can be used as a form of First Amendment free speech.

Well, the same issue is appearing at the state level, according to the AP:

X Corp., the social media platform owned by Trump adviser Elon Musk, is challenging the constitutionality of a Minnesota ban on using deepfakes to influence elections and harm candidates, saying it violates First Amendment speech protections.

As I previously noted, this does NOT mean that X believes in a Constitutional right to financially defraud people.

But do I have a Constitutional right to dummy up a driver’s license for X identity verification?

Or do I have a Constitutional right to practice my freedom of religion by creating my own biometric-free voter identification card like John Wahl did?

Again, is it all about intent? Somewhat you why?

And if your firm provides facial recognition, how do you address such issues?

If you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

(Lincoln’s laptop from Imagen 3)

Amazon in Upland: Is a Bear a Non-Person Entity?

So the day approaches, and the Upland Amazon Fresh will hold its grand opening on Thursday, May 1.

Wonder if the bear will show up.

Image from https://abc7.com/amazon-driver-bear-delivery-in-upland-caught-on-video/11503470/

What? You forgot about the bear?

“Yes, that’s an Amazon driver in the foreground, raising his hands to try to scare a bear away so he can make his delivery. He was successful.

“The full Storyful video can be found here. (And of course it’s a Ring video. You didn’t expect a Nest video, did you?)”

I wonder if the bear’s paw will work with the palm vein reader.

Imagen 3. What’s the Amazon One error rate for THIS demographic group?

By the way, this is a reminder that Bredemarket provides its services to local Inland Empire businesses also. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

And one more thing…

After I wrote the main body of this post, I realized that I accidentally wrote the Bredemarket trifecta, covering all three of my concentrations:

Identity (Amazon)

Technology (Amazon)

Inland Empire (Amazon)

If you’re concerned about Amazon taking over everything, don’t fear. It will eventually fail.

But until it does, I’m gonna make some money!

Why Replacing Your Employees with VLM NPE Bots Won’t Defeat Social Engineering

(Scammed bot finger picture from Imagen 3)

Your cybersecurity firm can provide the most amazing protection software to your clients, and the clients still won’t be safe.

Why not? Because of the human element. All it takes is one half-asleep employee to answer that “We received your $3,495 payment” email. Then all your protections go for naught.

The solution is simple: eliminate the humans.

Eliminating the human element

Companies are replacing humans with bots for other rea$on$. But an added benefit is that when you bring in the non-person entities (NPEs) who are never tired and never emotional, social engineering is no longer effective. Right?

Well, you can social engineer the bot NPEs also.

Birthday MINJA

Last month I wrote a post entitled “An ‘Injection’ Attack That Doesn’t Bypass Standard Channels?” It discussed a technique known as a memory injection attack (MINJA). In the post I was able to sort of (danged quotes!) get an LLM to say that Donald Trump was born on February 22, 1732.

(Image from a Google Gemini prompt and response)

Fooling vision-language models

But there are more serious instances in which bots can be fooled, according to Ben Dickson.

“Visual agents that understand graphical user interfaces and perform actions are becoming frontiers of competition in the AI arms race….

“These agents use vision-language models (VLMs) to interpret graphical user interfaces (GUI) like web pages or screenshots. Given a user request, the agent parses the visual information, locates the relevant elements on the page, and takes actions like clicking buttons or filling forms.”

Clicking buttons seems safe…until you realize that some buttons are so obviously scambait that most humans are smart enough NOT to click on them.

What about the NPE bots?

“They carefully designed and positioned adversarial pop-ups on web pages and tested their effects on several frontier VLMs, including different variants of GPT-4, Gemini, and Claude.

“The results of the experiments show that all tested models were highly susceptible to the adversarial pop-ups, with attack success rates (ASR) exceeding 80% on some tests.”

Educating your users

Your cybersecurity firm needs to educate. You need to warn humans about social engineering. And you need to warn AI masters that bots can also be social engineered.

But what if you can’t? What if your resources are already stretched thin?

If you need help with your cybersecurity product marketing, Bredemarket has an opening for a cybersecurity client. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Is Milwaukee Selling PII for Free Facial Recognition Software Access?

(Part of the biometric product marketing expert series)

Perhaps facial recognition product marketers have heard of stories like this. Or perhaps they haven’t.

Tight budgets. Demands that government agencies save money. Is this the solution?

“Milwaukee police are mulling a trade: 2.5 million mugshots for free use of facial recognition technology.

“Officials from the Milwaukee Police Department say swapping the photos with the software firm Biometrica will lead to quicker arrests and solving of crimes.”

Read the article at https://www.jsonline.com/story/news/crime/2025/04/25/milwaukee-police-considering-trading-mugshots-for-facial-recognition-tech/83084223007/

As expected, activists raised all sorts of other concerns about facial recognition in general. But there’s an outstanding question:

What will Biometrica do with the 2.5 million images?

Use them for algorithmic training?
Allow other agencies to search them?
Something else?
And what happens to the images if another company acquires Biometrica and/or its data? (See 23andMe.)

Biometrica didn’t respond to a request for comment.

And other facial recognition vendors operate differently.

How does your company treat customer data?

And how do you tell your story?

Do you have the resources to market your product, or are your resources already stretched thin?

If you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

(Wheelbarrows from Imagen 3)

Now I’m Just Playing with Google Gemini

I asked Imagen 3 to help me illustrate nth party risk management.

Where you are connected with everyone to whom your connections are connected.

But I wanted to illustrate third-party risk management in a clean way. Back when AIDS became a sad feature of our lives in the 1980s, the description of how it spread from person to person could get a little graphic.

Why Does TPRM Fail? Not Because of the TPRM Software Providers.

For years I have maintained that the difficulties in technology are not because of the technology itself.

Technology can do wonderful things.

The difficulties lie with the need for people to agree to use the technology.

And not beg ignorance by saying “I know nothing.”

(Image of actor John Banner as Sgt. Schultz on Hogan’s Heroes is public domain.)

Case in point

I just saw an article with the title “TPRM weaknesses emerge as relationship owners fail to report red flags.”

Unlike some clickbait-like article titles, this one from Communications Today succinctly encapsulates the problem up front.

It’s not that the TPRM software is failing to find the red flags. Oh, it finds them!

But the folks at Gartner discovered something:

“A Gartner survey of approximately 900 third-party relationship owners…revealed that while 95% saw a third-party red flag in the past 12 months, only around half of them escalate it to compliance teams.”

Among other things, the relationship owners worry about “the perceived return on investment (ROI) of sharing information.”

And that’s not a software issue. It’s a process issue.

wildebeests on a stairway, young to old, with the oldest wildebeest possessing a trophy — Wildebeest maturity model via Imagen 3.

No amount of coding or AI can fix that.

And this is not unique to the cybersecurity world. Let’s look at facial recognition.

Another case in point

I’ve said this over and over, but for U.S. criminal purposes, facial recognition results should ONLY be used as investigative leads.

It doesn’t matter whether they’re automated results, or if they have been reviewed by a trained forensic face examiner.

Facial recognition results should only be used as investigative leads.

Sorry for the repetition, but some people aren’t listening.

But it’s not the facial recognition vendors. Bredemarket has worked with numerous facial recognition vendors over the years, and of those who work with law enforcement, ALL of them have emphatically insisted that their software results should only be used as investigative leads.

All of them. Including…that one.

But the vendors have no way to control the actions of customers who feed poor-quality data into their systems, get a result…and immediately run out and get an arrest warrant without collecting corroborating evidence.

And that’s not a software issue. It’s a process issue.

No amount of coding or AI can fix that.

I hope the TPRM folks don’t mind my detour into biometrics, but there’s a good reason for it.

Product marketing for TPRM and facial recognition

Some product marketers, including myself, believe that it’s not enough to educate prospects and customers about your product. You also need to educate them about proper use of the product, including legal and ethical concerns.

If you don’t, your customers will do dumb things in Europe, Illinois, or elsewhere—and blame you when they are caught.

Be a leader in your industry by doing or saying the right thing.

And now here’s a word from our sponsor.

Bredemarket has openings

There’s a reason why this post specifically focused on cybersecurity and facial recognition.

If you need product marketing assistance with your product, Bredemarket has two openings. One for a cybersecurity client, and one for a facial recognition client.

I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/