Tag Archives: npe

When Certuma’s Messaging Seems Contradictory: “AI Doctor” or “Physician-Verified”?

I don’t have access to Forbes, so I’m relying on this LinkedIn message from Certuma:

“We raised $10M in seed funding led by 8VC to build the first FDA-approved AI doctor.”

The way that sentence is worded, it sounds like the goal is to have the FDA approve a doctor who can…well, doctor. Like my fictional Dr. Jones. (See the 2013 version in tymshft.)

““I don’t mind answering the question,” replied the friendly voice, “and I hope you don’t take my response the wrong way, but I’m not really a person as you understand the term. I’m actually an application within the software package that runs the medical center. But my programmers want me to tell you that they’re really happy to serve you, and that Stanford sucks.” The voice paused for a moment. “I’m sorry, Edith. You have to forgive the programmers – they’re Berkeley grads.””

But Certuma’s website tells a more cautionary story in which the “AI doctor” is NOT in control.

“Certified clinical decisions at machine speed. Physician-verified and fully auditable.”

And the workflow indicates that this “doctor” is more like an intern, or even a student.

“Certuma routes every in-scope plan through physician verification. That workflow is the point: fast turnaround without removing accountability….

“Red flags, contraindications, interaction checks, scope limits, and uncertainty thresholds run through the deterministic verification layer. If something is emergent or out of scope, the system escalates instead of guessing.

“Clinicians see structured intake, highlighted risks, and a draft plan with supporting evidence. They approve, edit, or escalate; changes are captured with reason codes and a durable audit trail.”

Now there is clearly some benefit in having the bots grind out the plan, provided that the bots don’t hallucinate. There are potential time savings, and a real doctor reviews the final results.

But an “AI doctor” who can doctor independently is NOT on the horizon.

At least not yet.

Returning to Lattice Identity

The last time I delved into lattices, it was in connection with the NIST FIPS 204 Module-Lattice-Based Digital Signature Standard. To understand why the standard is lattice-based, I turned to NordVPN:

“A lattice is a hierarchical structure that consists of levels, each representing a set of access rights. The levels are ordered based on the level of access they grant, from more restrictive to more permissive.”

In essence, the lattice structure allows more elaborate access rights.

This article (“Lattice-Based Identity and Access Management for AI Agents”) discusses lattices more. Well, not explicitly; the word “lattice” only appears in the title. But here is the article’s main point:

“We are finally moving away from those clunky, “if-this-then-that” systems. The shift to deep learning means agents can actually reason through a mess instead of just crashing when a customer uses a slang word or a shipping invoice is slightly blurry.”

It then says

“Deep learning changes this because it uses neural networks to understand intent, not just keywords.”

Hmm…intent? Sounds a little somewhat you why…or maybe it’s just me.

But it appears that we sometimes don’t care about the intent of AI agents.

“If you gave a new employee the keys to your entire office and every filing cabinet on day one, you’d be sweating, right? Yet, that is exactly what many companies do with ai agents by just slapping an api key on them and hoping for the best.”

This is not recommended. See my prior post on attribute-based access control, which led me to focus more on non-person entities (non-human identities).

As should we all.

A Little Help For Entry-Level Workers

Over a year ago I shared this:

A little help.

The mood at the time was that the world was changing and generative AI bots and non-person entities could replace people.

Yes, I am familiar with the party line that AI wouldn’t replace anyone, but would empower everyone to do their jobs more effectively.

The layoff trackers told a different story.

As did the AI gurus who proclaimed that many jobs would soon be obsolete.

Strangely enough, “AI guru” was not one of the jobs that was going away. Which is odd. It seems to me that giving inspirational talks would be the perfect job for a non-person entity.

Previously posted here.

One firm is (big) blue on people

But many people agreed that entry-level jobs were ripe for rightsizing, meaning that those at the beginnings of their careers would have a much harder time finding work.

Until they didn’t.

“Hardware giant IBM plans to triple entry-level hiring in the U.S. in 2026, according to reporting from Bloomberg. Nickle LaMoreaux, IBM’s chief human resource officer, announced the initiative….’And yes, it’s for all these jobs that we’re being told AI can do,’ LaMoreaux said.”

Because IBM has separated what AI can do from what it can’t do. IBM’s new positions are “less focused on areas AI can actually automate — like coding — and more focused on people-forward areas like engaging with customers.”

Guess what? Bots are not engaging. Well, maybe they’re more engaging than AI gurus…

Can you use people?

But I will go one step further and claim that human product marketers and content writers are more engaging than bot product marketers and content writers.

Believe me, I’ve tested this. Bredebot can fake 30 years of experience, but it’s not genuine.

If you want to engage with your prospects, don’t assign the job to a bot. That’s human work.

Stop losing prospects! Use Bredemarket content for tech marketers
Content for tech marketers.

Bash Script Vulnerabilities

I can’t say WHY I’m looking at bash script vulnerabilities, but they’ve been around since…well, this Kaspersky article is based upon CVE-2014-6271.

The “bash bug,” also known as the Shellshock vulnerability, poses a serious threat to all users. The threat exploits the Bash system software common in Linux and Mac OS X systems in order to allow attackers to take potentially take control of electronic devices. An attacker can simply execute system level commands, with the same privileges as the affected services….

“But just imagine that you could not only pass this normal system information to the CGI script, but could also tell the script to execute system level commands. This would mean that – without having any credentials to the webserver – as soon as you access the CGI script it would read your environment variables; and if these environment variables contain the exploit string, the script would also execute the command that you have specified.”

An authorization nightmare as a hostile non-person entity runs amok.

And it’s still a threat, as two recent CVEs attest…and that’s all I’ll say.

Why Would a Robot Fish?

Sadly the question “why would a robot fish?” was shared in a private Facebook group, so I cannot share the entire question with you. But I can share my response.

“Some humans don’t fish for food, but for relaxation. But if robots need downtime, it doesn’t have to be at a stream with a pole.”

After thinking, I composed the prompt for the Google Gemini picture that illustrates this post.

“Create a realistic picture of a robot by a stream in the woods, fishing. The eyes and other parts of the robot’s head indicate that its internal controls are in maintenance mode, or that the robot is ‘relaxing.’”

My own content creation process with Bredemarket includes a “sleep on it” step which lets my brain reset before taking a fresh look at the content.

The generative AI equivalent is to take the output from the initial prompt, start a new independent chat, and write a second prompt to re-evaluate the output of the first prompt.

Which I guess would be “fishing.”

Impressionable Bots?

Update to my prior post: Google Analytics shows lower numbers for February 5.

Why?

Google Gemini suggests bots may be to blame.

The internet is full of “bots” (automated scripts from search engines or malicious actors).  

Google Analytics has an industry-leading database of known bots and filters them out very aggressively to give you “human” data.  

Jetpack also filters bots, but its list is different. Jetpack often catches fewer bots than Google, which usually results in Jetpack showing higher traffic numbers than GA.

Still unanswered: why did the bots swarm on that particular day?

Looks like disregarding the traffic is the correct choice.

New 1954 Technology: The Finger Stop

If I were alive in 1954, I would understand why I would need a movie to figure this “dialing” thing out.

The movie from “the telephone company” emphasizes that you MUST bring your finger all the way to the finger stop when dialing the two letters and five numbers to talk to another person on the phone.

A model showing the finger stop.

Here’s the movie.

How to dial your phone, 1954.

Was this truly an improvement over the old system, in which you simply spoke the number to your friendly operator?

Probably not…but as phones became more useful, the old system wouldn’t have enough operators in 1954. Already there were 51 million phones in the United States; what if that number doubled?

And yes, that number did double…in 1967.

With some of those 100 million users dialing phone numbers WITHOUT worrying about the finger stop, as touch tone phones were introduced in 1963, supported by a new underlying technology dual-tone multi-frequency (DTMF).

And…well, a lot of other stuff happened.

In 2026 some of us don’t dial at all. We just say “Call Mom” to our non-human “operator” on our smartphones.

And many of the operators are out of a job.

The NHIs Are There, But We Don’t Know What They Are Doing

Permiso has released its 2026 State of Identity Security Report, and the results aren’t pretty. The first data point of interest:

“95% [of surveyed organizations] say AI systems can create or modify identities without human oversight”

Which is OK, provided that the organizations have the proper controls. But that brings us to the second data point:

Only 46% have full visibility into all human, non-human, and AI identities”

This is…not good.