Mark Virag

The Cybernetic Teammate

Here is a recent HBS study on the role of GenAI as a collaborator in a team work environment. What I liked most about the study is that it is field work – real-world tasks in a real company, Procter & Gamble (read more about field work in my review of Gary Klein’s book). It must have been a fun field trip for the Harvard kids. By the way, you may recognize Karim Lakhani as the author of Competing in the Age of AI.

GenAI’s ability to engage in natural language dialogue enables it to participate in the kind of open-ended, contextual interactions that characterize effective teamwork

The introduction recaps the literature on team work, and points to some testable hypotheses about using GenAI as a “cybernetic teammate.” They then proceed to a product development exercise using the company’s standard methods, with a large sample (n=776) of employees in randomly-assigned groups.

The image shows a chart for one of the outcomes, proposal “quality.” For quality, AI-augmented teams were more likely to produce proposals ranking in the top decile. This chart is a little scary, if you think about it, because the bump from adding AI is bigger (and cheaper) than the bump from adding more people.

In a nutshell, teams do better than individuals, but individuals using AI do better than teams. I see this on my LinkedIn feed all the time, and I can vouch for it myself. Shrewd founders see AI as a force multiplier, allowing them to go farther alone before needing to bring in partners.

The study also found that using AI produced proposals better balanced between marketing and technical orientation. Apparently, this is a big skills divide at P&G. Marketers will produce groovy ideas that aren’t feasible, and vice-versa for the tech people. Note the bimodal curve in Figure 11. So, the basic team needs at least one of each skill – unless you’re using AI. AI had the effect of bringing solutions more toward the middle ground.

Finally, test subjects self-evaluated for emotional bien-être, and discovered that working with AI was almost as satisfying as working with other people. So, if you can’t afford a marketing colleague for your lonely, overworked engineer, you can at least get him a cybernetic teammate.

AI Datacenters Are Eating the World

AI datacenters are categorically different from traditional “hyperscale” cloud providers. The older datacenters were optimized for networking and storage – think streaming video and commerce websites.

AI datacenters are optimized for computing, and density is king. The goal is to pack as many parallel processing chips – Nvidia GPUs and Google TPUs – into a rack, and as many racks into the building, as possible.

This means that power consumption and cooling requirements are through the roof. One rack in a typical AWS datacenter might draw 20 kilowatts, while the latest Nvidia rack draws 132 kW. Pack the building full of those, and…

Project/Company	Target Capacity	Status & Timeline	Key Details
xAI Colossus Expansion	1.2 GW	Expansion underway; 150 MW substation completing Q4 2025, full 1.2 GW by late 2025–early 2026	Building on the existing 250–300 MW Colossus cluster (built in 122 days). Involves on-site natural gas plant and grid upgrades; faces EPA scrutiny but leverages pre-existing factory infrastructure for speed.
OpenAI Texas Campus	1 GW (phased from 300 MW)	Phase 1 (300 MW) operational; Phase 2 construction started Jan 2025, full GW by mid-2026	Houses hundreds of thousands of GPUs; includes 210 substations and on-site electrical upgrades. Already straining ERCOT grid—could equal ~10% of regional peak during heat waves.
Meta	1–5 GW (supercluster)	Ground broken 2024; first 1 GW online 2026, scaling to 5 GW by 2030	Zuckerberg’s “gigawatt-plus” initiative; Meta’s largest yet, with $64–72B spend in 2025 alone. Focuses on liquid cooling for high-density AI racks; part of broader multi-GW campus plans.
Microsoft OpenAI “Stargate”	1–5 GW	Planning advanced; construction to start late 2025, launch 2028	$500B joint venture with Oracle/Nvidia; aims for massive AI sovereignty. Includes SMR nuclear pilots; power sourcing via PPAs and on-site generation to bypass grid delays.

Microsoft has two 300 MW datacenters. This is comparable to peak load for the city of Tacoma, during their summer AC season. Within a few years, all the leading AI vendors will have datacenters above 1GW. That’s why Microsoft just made a deal to restart the infamous Three-Mile Island nuclear power plant.

A cynic might observe that, while the TMI facility was deemed unsafe to power homes and businesses in Pennsylvania, regulators were willing to reconsider once Microsoft came knocking. Likewise, in Europe, nuclear-powered France is winning the datacenter race over green Germany.

After years of woodburning and windmills, the voracious demands of AI are forcing the world to take another look at nuclear power.

Reality-Based Management

On May 29, 1919, a team of astronomers led by Sir Arthur Eddington photographed the star field behind a solar eclipse. Comparing the position of these stars at night, versus their position during the eclipse, they proved Einstein’s theory that starlight was deflected by the Sun’s gravity.

This experiment made a profound impression on Karl Popper, a young philosopher studying the scientific method. In order to be “scientific,” Popper wrote, a theory must make predictions that can be tested by experiment.

If Eddington’s team had not found the predicted result, Einstein’s theory would have been dead. As Popper wrote, “confirmations should count only if they are the result of risky predictions.” In his famous essay on falsifiability, he contrasts this with the work of Marx and Freud, also popular at the time.

In those theories, Popper found only confirmation bias: “you saw confirmed instances everywhere: the world was full of [post hoc] verifications of the theory.” A theory that is “irrefutable” is not scientific, he wrote. A scientific theory, like Einstein’s, must make definite predictions that could be disproved.

One hundred years later, Scott Adams would warn his readers against confirmation bias, directing them instead to test their ideas based on predictive power: “The best way to judge the accuracy of an idea is not by logic but by its predictive power. If an idea predicts the future accurately, it is a useful idea.”

Business leaders I have worked with pride themselves on “reality based” management. You can’t plan a strategy or launch a new investment based on an incorrect understanding of your market. Maintaining an accurate model of reality takes concerted effort. Read Popper’s full essay here

Top 8 Car Dealer Security Tools

Today’s post on Information Security is coauthored by ISC2 2024 Board Chair Dan Houser

This time last year, CDK Global was hacked and ransomed. Fifteen thousand dealers were locked out of their systems, causing an estimated $1 billion in losses. CDK suffered a follow-up attack, which disrupted their efforts to recover. Car dealers also faced a secondary wave of scam artists looking to profit from the confusion.

We did quarterly audits with a checklist, counting violations like passwords on sticky notes, unlocked cabinets, and contracts left out.

Car dealers are a hacker’s dream target. Here you have a lucrative business with many employees, high turnover, and disparate computer systems. While big dealer groups have security teams and contingency plans, smaller groups are poorly equipped to handle security. Sophos describes ransomware as an “existential threat” for a small business.

I have written before about the special challenges facing smaller dealers, and this is another example. In today’s post, we’ll cover the “software stack” of tools you need to protect your dealership.

Dealership Security Stack

These eight tools are the minimum you need to keep your dealership safe. The working title for this post was “top ten,” but we were able to narrow it down.

Managed Detection and Response – CrowdStrike, SentinelOne
Vulnerability Scanning – Rapid7, Tenable
Multifactor Authentication – Microsoft, Duo
Next-Gen Firewall – Cisco, Fortinet
Security Awareness Training – Ninjio, KnowBe4
Secure Backups – Veeam, Acronis
Email Scanner – Mimecast, Abnormal, Proofpoint
Antivirus – Sophos, McAfee, Bitdefender

Managed Detection and Response

This would have been a “top ten” list, including endpoint detection, response, and incident management. Nowadays, these all roll up into bundled services like Arctic Wolf, which may include “eyes on glass” in a Security Operations Center (SOC). An outsourced SOC is key for early detection, unless you feel like hiring your own staff to watch the monitors 24/7.

Vulnerability Scanning

According to Sophos, exploited vulnerabilities are the leading cause of ransomware attacks, particularly when coupled with phishing. Hackers regularly devise new ways to compromise popular systems. Whenever a new “exploit” is discovered, vendors rush to deliver a patch for it. Scanners like Rapid 7 warn you of unpatched vulnerabilities.

Multifactor Authentication

This is where, in addition to the password, a system confirms your identity a second way, like sending a text message to your phone. All systems should have this, including your dealership’s network.

Next-Gen Firewall

It may seem like your network is self-contained, but it has internet traffic with your OEM portal, your DMS vendor, and F&I platforms – to name just a few. These should all be certified and encrypted, but a wily hacker might still compromise the connection. An advanced firewall can inspect network traffic, looking for suspicious data packets.

Security Awareness Training

Trained employees are your first line of defense against the top two attack vectors – account takeover and email compromise. Dan motivates his training with “InfoSec at Home,” like protecting your personal Wi-Fi and keeping your kids safe online.

Awareness training software includes hitting your employees with simulated phishing attacks, and follow-up training for the “easy clickers.” I like Ninjio because the lessons are short, topical, and entertaining – perfect for the kind of personnel and turnover you have in a dealership.

Secure Backups

Backing up your data is super important. During the CDK attack, many dealers discovered their data was on CDK and nowhere else. In 57% of ransom attacks, victims could not restore their data because the hackers had also compromised their backups.

Use the 3-2-1 rule: Have three copies of your data, including the primary system, with two in different places, like a NAS device with cloud storage, and one of these offsite. The offsite copy should be isolated from any network access.

Email Scanner

A common attack vector is malicious software sent via email, or “man in the middle” impersonation attacks. I know of one dealer who wired $250,000 to a hacker’s account, because the wire instructions appeared to come from an OEM’s email. You’ll need a scanner like Mimecast, with some kind of pattern matching (AI) and a deep blacklist, to keep evildoers out of your inbox.

Antivirus

You should have antivirus software running on all your computers, and managed at the network level. Most car dealers will be running Windows LAN with Active Directory, and you can use that to push Defender or Symantec to all computers in the domain.

Once your security stack is in place, you’ll need to test it. There are various ways to do this. You can hire consultants to check your work, run scans, and maybe even try to break in – a “penetration test.” You can also run a “tabletop exercise,” in which you simulate how you would deal with a major security incident.

As a CTO, I find that an increasing share of my attention must now be devoted to Information Security. Having come up as a developer, this is not my favorite thing. So, the first thing on my list is to consult a certified security professional – like Dan.

Hire a CISO. This means Chief Information Security Officer. The list of interview questions is long, but my personal favorite is: tell me about a notable incident and how you handled it. If you can’t afford someone full time, you can retain a part-time “virtual” CISO.