Intercast June 2026 – AI Bias Requires Creative Solutions

Welcome to the June 2026 edition of Intercast’s monthly newsletter for cybersecurity professionals. As always, we’ll bring you the latest news and views to bring you up to speed.

In This Issue:

  • Most US Security Execs Would Consider Ransomware Payments
  • AI Model Judging Tackles Overconfidence
  • Linux Founder Shares AI Bug Report Frustration
  • AI Bias Requires Creative Solutions
  • Cybersecurity Report Hallucinations Cause Controversy
  • Best Of The Rest

Most US Security Execs Would Consider Ransomware Payments

Nearly two-thirds of CISOs in the United States say they’d consider paying ransoms to cybercriminals. They say they are more concerned with downtime than losing data or direct financial losses.

The survey by Absolute Security found 63 percent of US CISOs would consider making the payment after a ransomware attack, compared with 47 percent in the United Kingdom. That’s partly down to culture and experience, with UK executives believing it was less likely a payment would actually lead to data being restored. Another key factor is that US executives face less financial penalties if personal data is exposed than is the case in Europe.

Overconfidence could be an issue however. The study found 83 percent of CISOs were confident they’d recover quickly from an attack. However, among those who had actually suffered a ransomware attack, 57 percent reported taking more than a week to recover and 20 percent said it took at least two weeks.

AI Model Judging Tackles Overconfidence

A new approach to training AI models tackles the problem of overconfidence. The technique requires models to say how certain they are about an answer and then “rewards” them based not just on accuracy but on how calibrated their confidence levels were.

Historically AI models are very wary about saying they are unsure of an answer, with one theory being that training data is based heavily on internet discussion forums where uncertain people are inherently less likely to comment. Another big problem is that most feedback systems designed to train models simply work on whether the answer is correct, rewarding lucky guesses just as much as reasoned conclusions.

The new approach, Reinforcement Learning with Calibration Rewards, asks models to give a percentage figure for how confident they are in the answer. Rather than simply judge and give feedback to the models based on overall accuracy, the criteria is how closely the actual level of accuracy (across all responses) matches the model’s level of confidence.

Linux Founder Shares AI Bug Report Frustration

The founder of Linux says AI-powered bug reports have made managing the system’s security almost impossible. Explaining a pattern that’s repeated across the industry, Linus Torvalds said AI-bug hunting leads to widespread duplication with the same bug “discovered” and reported countless times.

While it might seem a great idea that AI-powered tools make it easier for anyone to spot and report a bug, Torvalds says there’s a simple problem: “If you found a bug using AI tools, the chances are somebody else found it too.” He says people need to add value to bug reports, for example by showing the issue is repeatable or giving a meaningful assessment of its impact.

It’s a problem that recently led to concerns that the Common Vulnerabilities and Exposure program could become unworkable with the sheer number of reports making it much harder to identify which vulnerabilities should be priorities to fix.

AI Bias Requires Creative Solutions

Researchers are working on ways to remove bias from AI training data without unintentionally increasing other biases, a problem likened to whack-a-mole. The solutions involve physically altering the model of the data.

At the moment, much of the work to remove bias involves project debiasing: in effect, altering data to directly reverse the bias. The problem is that this often creates knock-on effects, with researcher Marzyeh Ghassemi giving the example that trying to remove or reduce racial bias in data about a group of people can in turn heighten gender bias.

The attempted solution, Weighted Rotational DebiasING (WRING) is designed particularly for vision language models. It’s difficult to comprehend without understanding the model as being a physical map of relationships between data. In simple terms, the approach means changing the coordinates of the data containing the bias in a specific way. This means the relationship between this data and the rest of the dataset is unchanged, but the model is no longer able to distinguish between this data in terms of the variable where the bias was spotted.

Cybersecurity Report Hallucinations Cause Controversy

A major consultancy firm has withdrawn a cybersecurity report after accusations it included widespread inaccurate or non-existent sources and claims. The errors appear to be AI hallucinations.

The report came from EY Canada, a regional office of what used to be known as Ernst & Young. Titled “Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems”, it came under heavy criticism from a company called GPTZero.

Often such AI detection tools bring a heavy risk of false positives in identifying writing supposedly created by a large language model rather than a human. However, in this case the problems appeared to be objective errors with non-existent sources and links.

GPTZero identified 16 of the 27 citations in the report as being fabrications or errors. EY withdrew the report and told the Financial Times that it “takes the accuracy of all the content we publish seriously and we have an organisation-wide commitment to the responsible use of AI.”

Best of the Rest:

Here’s our round up of what else you need to know:

Back to Blog