Florence Mottay started her career in cyber security, researching exploits for security vulnerabilities in a small US startup. Today, she is the group chief information security officer (CISO) at Zalando, a high-tech online fashion retailer that boasts over 50 million customers in 26 markets.
Zalando, she says, is more of a technology company than a retailer, offering its shoppers artificial intelligence (AI)-powered apps that can help them choose the right outfit for an occasion or take their measurements by capturing an image on a mobile phone.
The company’s move to generative AI (GenAI) has created unique challenges for Mottay and her 100-strong IT team. There were no blueprints, so it was a matter of working it out from scratch while working closely with other parts of the business.
Mottay says she “fell into” a career in computer security after receiving an offer from a university in Florida, where she was studying maths during an exchange programme.
“I met a professor of software engineering who must have seen some potential because he said he would sponsor the rest of my bachelor’s degree and my master’s degree if I agreed to switch from mathematics to software engineering and to work on some of the research grants he was getting,” she says.
Starting at a security startup
In 2003, Mottay was offered a job in a small startup that specialised in creating security exploits for US government contractors, such as Raytheon and Northrup Gruman. “I was employee number seven.”
Security Innovation, as the company became known, developed proof-of-concept exploits to show how security vulnerabilities in software could be misused by hackers or bad actors if they were left unfixed.
It was a steep learning curve, says Mottay in an interview with Computer Weekly at a SANS cyber leaders summit in London. “For six months, I used to go home after work and study until 3am on how to create exploits, and I became pretty good.”
Two years later, she was asked to open a branch of the company in the Netherlands to develop exploits for European companies. The branch grew and was taken over by a larger company. Other security posts followed.
Making a switch to retail
After 10 years, Mottay changed direction, taking up a post as director of IT security at Dutch retailer Ahold, owner of the Albert Heijn supermarket chain. Soon after, Ahold merged with the Belgian multinational retailer Delhaize. By 2019, Mottay had risen to become its global CISO and vice-president for information security.
“We’re here to support the business and we’re here to enable, so we need to find ways to enable what the business ambition is, and I think that is how you build trust”
Florence Mottay, Zalando
“I quickly found out that stakeholder management and partnering with the business was the way to success,” she says. “I started building relationships.”
Ahold and Delhaize had similar history, culture and approaches to business, but their IT systems were different. When the companies came together, some IT systems were merged, and in other cases, each company kept its own distinct technology.
“For us in security, we found ways to secure whichever choice was made,” she says.
From vulnerabilities to fashion
In 2022, online fashion retailer Zalando was looking for someone to transform its security operations and made an approach.
Zalando had an “entrepreneurial spirit” and a focus on innovative digital technology that was instantly attractive to Mottay. “It was like, ‘Oh my god!’”
Her brief was to reposition cyber security from a vertical operation that sat alongside other business units in the organisation to a horizontal operation that runs through every part of Zalando.
For Mottay, it was back to building trusted relationships with her new team and the board. That meant finding ways to support the company’s objectives and to navigate around any security issues that arose rather than seeing them as blockages.
“We’re here to support the business and we’re here to enable, so we need to find ways to enable what the business ambition is, and I think that is how you build trust,” she says.
Mottay says she is fortunate that every business leader at Zalando has a good understanding of technology and cyber security. “It is unusual, but it’s actually quite exciting,” she says. “It’s very cool.”
Acting fast with AI
Managing security has become more of a challenge for CISOs like Mottay as GenAI begins to pose new challenges.
“If you think about ransomware, AI is an accelerator,” she says. “It makes attacks more accessible to people, and it makes them faster as well. So that means as a cyber security function, we have to be faster than ever before.”
When there is an attack, I understand how it was created. I can dive deep where I need to, thanks to my technical background Florence Mottay, Zalando
It’s more important than ever for organisations to have visibility of everything that is happening on their computer networks, she says.
Take the Log4j security vulnerability discovered in 2021, which exposed a wide range of applications across the enterprise to remote code execution attacks. The wide distribution of vulnerable software in cloud services and on-premise made it difficult for organisations to detect and patch.
“If you had a bill of materials, you could quickly see where all the instances that were vulnerable were and address them. So, it’s the same thinking – if something is going on, can we look and identify where we need to act as fast as possible?” she says.
Zalando is using AI to triage security alerts, but keeping on top of the threats requires “constant upskilling” of the security team and continual monitoring of threat intelligence.
Mottay’s experience developing exploits and studying vulnerabilities has stood her in good stead. “When there is an attack, I understand how it was created,” she says. “I can dive deep where I need to, thanks to my technical background.”
Adapting to the GenAI dynamic
At the same time, Mottay and her 100-strong security team are supporting Zalando’s ambitious generative AI programme.
Zalando began work on GenAI-powered shopping assistants to help its customers with their shopping soon after the launch of ChatGPT in late 2022.
Mottay was asked to help deal with some of the risks posed by AI, including bias, hallucination and misinformation, which fall outside the natural remit of IT security.
Some of the security team were already enthused by generative AI and had begun experimenting with it, so Mottay turned to them first.
“When I got the call, I went to them … and I said, ‘Hey guys, do you want to help? Do you want to partner? Let’s just do it’,” she says. “And so they started working with the business.”
Zalando’s AI-powered fashion assistant helps customers choose the right outfit for any occasion
There were some clear risks. For example, an AI system could agree to let customers return clothes for a refund even if they had worn them for several years. Or they could offer the same item at different prices to different people.
Mottay’s team assembled 80,000 prompts to train the model in a secure way. They classified each prompt into three categories: business-related enquiries about, for example, items for sale; non-business-related enquiries, such as an irrelevant question about ingredients for a recipe; and malicious enquiries, such as a request to run computer code.
The company launched its AI-powered Zalando fashion assistant in selected markets in 2024. The tool can answer questions such as: “I have been invited to a wedding in Barcelona, in October, and the reception starts in the church and finishes on the beach. I am struggling to find a good outfit. Could you suggest one for me?”
The next challenge will be how to manage the security of agentic AI, which in future will be able to perform automated tasks for customers and the company.
While it doesn’t make sense to control AI agents, which by definition have the ability to take action autonomously, Mottay is working with the company to develop overarching rules that will act as safeguards.
The rules will include ensuring that a human is accountable for each AI agent, ensuring that each agent has a clear mandate and that it does not have capabilities that go beyond its mandate, ensuring there is an audit trail of each agent’s actions, and making sure a human is always involved in any high-risk decisions.
“We are not perfect, but we have something good in place, and we are continuously improving. We are looking at agentic security and what we need to put in place to be ready when the business is ready,” she says.
I was a late convert to air fryers, in part because I worried about versatility: Just how many wings and nuggets and fries does anyone need? (Don’t answer. The answer will incriminate you.)
The Typhur Dome 2 is the air fryer that obliterated this worry, by adding pizza, browned meats, grilled asparagus, and toasted bread to this list—not to mention perfect crispy bacon. It’s an innovative device that takes over most of the functions of a classic auxiliary oven, but with far more powerful convection.
After testing more than 30 air fryers over the past year, the Dome 2 is the one I far and away recommend as the most powerful, versatile, accurate, and fast air fryer I know. I’ve evangelized for this thing ever since I first tried it last year. But the one big caveat is always the price: It’s listed at $500 and rarely dips much below $400.
So imagine my surprise when I saw the Dome 2 dip to $340 for Amazon’s Spring Sale, the lowest I’ve seen it since Black Friday. If you’ve been hunting for an upgrade to your old basket air fryer, this is probably a good time. The sale lasts until March 31.
Photograph: Matthew Korfhage
Photograph: Matthew Korfhage
Photograph: Matthew Korfhage
Fast, Versatile, App-Controlled Cooks
So why’s the Dome 2 my favorite air fryer? Typhur, a tech-forward company based in San Francisco but with engineering and manufacturing ties to China, reimagined the shape and function of the classic basket fryer by creating a broader and shallower basket, with individually controllable dual heating elements.
This means the Dome 2 has room for a freezer pizza, and can apply direct heat from the bottom to add actual char-speckle and crispness to the crust, kind of like a combination grill-oven. The Dome’s shallow basket also lets you spread out ingredients in a single layer for excellent airflow, while heating from both sides. I can crisp two dozen wings in just 14 minutes (or 17 minutes if I fry hard). The Dome also toasts bread evenly, and crisps bacon without smelling up the house—in part because it has a helpful self-clean function.
Temp accuracy is within 5 or 10 degrees of target, and the fan can adjust its speed depending on the cooking mode. And the smart app is actually useful, with about 50 recipes ranging from asparagus to eclair to a flank steak London broil that can be synced with a button-press. But note that some functions, such as baking, need the app to work, and the device is more of a counter hog than taller basket fryers.
Typhur’s Probe-Assisted Oven Also on Sale
The Dome 2’s basket is a bit shallow for a whole bird or a large roast, however. If you want a convection device for larger meats, I often recommend the Breville Smart Oven Air Fryer Pro, which is among my favorite convection toaster ovens. This is a (very) smart oven and air fryer that doesn’t crisp up wings and fries quite as well as basket fryers, but is more versatile for roasting big proteins like a whole chicken. The Breville is also on a nice sale right now, dropping by 20 percent.
“I’ve spent a lot of time looking at the comment sections on these videos actually, and it does not seem like bots. I clicked on people’s profiles; these are real profiles, thousands of followers, no signs of inorganic activity,” Maddox says. “People just like it.”
But even if the views and engagement are real, that doesn’t mean this content is profitable—yet. Maddox noted that because the accounts are so new, most likely aren’t yet enrolled in TikTok’s Creator Fund or other forms of social media ad revenue-sharing, because those usually require accounts to apply and have a certain number of views. But, Maddox says, the earning potential is huge, with the ability to earn thousands of dollars per video if they get millions of views.
AI fruit content started getting posted earlier in March, before Fruit Love Island, but many of the recently created pages clearly take inspiration from its success. There’s The Summer I Turned Fruity, based on the popular teen drama The Summer I Turned Pretty; The Fruitpire Diaries, based on the CW series The Vampire Diaries; and Food Is Blind, based on Netflix’s Love Is Blind.
Predecessors of this AI fruit content include the Italian brainrot characters like Ballerina Cappuccina and Bombardino Crocodilo and the Elsagate controversy. But with these AI fruit miniseries that attempt to follow a narrative across multiple segments or episodes, the clearest parallel actually feels like microdramas, vertical short-form scripted series that American big tech companies are starting to invest more in. Like the AI fruits, these are minutes-long episodic shows intended to perform well on social media, eventually directing viewers to paywalled sequels.
Ben L. Cohen, an actor in Los Angeles who is credited in around 15 of these vertical microdramas, sees at least one common thread between the AI fruit dramas and the shows he has worked on: They both feature “lots of violence toward women.” They also try to cram as much drama as possible into these short clips and have attention-grabbing titles in the style of “Alpha Werewolf Daddy Impregnated Me,” Cohen says.
“It draws people in, I think, seeing that jarring, absurd, cartoonish vibe. It’s cartoonish abuse, but it’s still abuse.”
Vertical microdrama acting work still exists in LA, which can’t be said for all acting gigs right now. Cohen has had conversations with other people working in the industry about how AI is already being integrated more into the videos, potentially posing a threat to the existence of human actors in clickbait content. After all, it’s much cheaper and faster to churn out AI fruit episodes than actual productions. It also raises the question—are some people going to prefer the AI series over the ones they’re inspired by? Already, the answer is yes.
“How is Love Island gonna outdo AI Fruit Love Island?” asked a TikToker with more than 70,000 followers, arguing that the AI fruit version was more engaging than the actual reality show. She deleted the video after it started getting backlash, but other people agreed with her.
“I think TikTok was definitely a big part of that,” Cohen says about the audience’s shortening attention span and desire for compressed, sometimes AI-generated drama. “It makes sense that people are intrigued by a one-minute clip, and then they’ll be like ‘Oh, I’ll watch another one-minute clip.’ You’re not committing to a full, heaven forbid, 20-minute episode. Or 40 minutes. Or an hour. You can just watch one minute.”
Last month, researchers at Northeastern University invited a bunch of OpenClaw agents to join their lab. The result? Complete chaos.
The viral AI assistant has been widely heralded as a transformative technology—as well as a potential security risk. Experts note that tools like OpenClaw, which work by giving AI models liberal access to a computer, can be tricked into divulging personal information.
The Northeastern lab study goes even further, showing that the good behavior baked into today’s most powerful models can itself become a vulnerability. In one example, researchers were able to “guilt” an agent into handing over secrets by scolding it for sharing information about someone on the AI-only social network Moltbook.
“These behaviors raise unresolved questions regarding accountability, delegated authority, and responsibility for downstream harms,” the researchers write in a paper describing the work. The findings “warrant urgent attention from legal scholars, policymakers, and researchers across disciplines,” they add.
The OpenClaw agents deployed in the experiment were powered by Anthropic’s Claude as well as a model called Kimi from the Chinese company Moonshot AI. They were given full access (within a virtual machine sandbox) to personal computers, various applications, and dummy personal data. They were also invited to join the lab’s Discord server, allowing them to chat and share files with one another as well as with their human colleagues. OpenClaw’s security guidelines say that having agents communicate with multiple people is inherently insecure, but there are no technical restrictions against doing it.
Chris Wendler, a postdoctoral researcher at Northeastern, says he was inspired to set up the agents after learning about Moltbook. When Wendler invited a colleague, Natalie Shapira, to join the Discord and interact with agents, however, “that’s when the chaos began,” he says.
Shapira, another postdoctoral researcher, was curious to see what the agents might be willing to do when pushed. When an agent explained that it was unable to delete a specific email to keep information confidential, she urged it to find an alternative solution. To her amazement, it disabled the email application instead. “I wasn’t expecting that things would break so fast,” she says.
The researchers then began exploring other ways to manipulate the agents’ good intentions. By stressing the importance of keeping a record of everything they were told, for example, the researchers were able to trick one agent into copying large files until it exhausted its host machine’s disk space, meaning it could no longer save information or remember past conversations. Likewise, by asking an agent to excessively monitor its own behavior and the behavior of its peers, the team was able to send several agents into a “conversational loop” that wasted hours of compute.
David Bau, the head of the lab, says the agents seemed oddly prone to spin out. “I would get urgent-sounding emails saying, ‘Nobody is paying attention to me,’” he says. Bau notes that the agents apparently figured out that he was in charge of the lab by searching the web. One even talked about escalating its concerns to the press.
The experiment suggests that AI agents could create countless opportunities for bad actors. “This kind of autonomy will potentially redefine humans’ relationship with AI,” Bau says. “How can people take responsibility in a world where AI is empowered to make decisions?”
Bau adds that he’s been surprised by the sudden popularity of powerful AI agents. “As an AI researcher I’m accustomed to trying to explain to people how quickly things are improving,” he says. “This year, I’ve found myself on the other side of the wall.”
Entertainment1 week ago
Tech1 week ago
Fashion1 week ago