Why Authorization Sprawl Is the Next Big Security Blind Spot and How to Fix It

4 min read

Authorization Sprawl, What is Authorization SprawlDespite major investments in cybersecurity, organizations continue to face breaches. Most security mechanisms implemented guard against threats such as password theft. However, there is a growing concern with the unchecked expansion of user access, permissions, and tokens across apps, clouds, and systems.

This growing challenge is known as authorization sprawl, and it is becoming one of the most dangerous and least visible threats in modern enterprise security.

According to insights from the SANS keynote at the RSAC 2025 Conference, attackers are increasingly exploiting this sprawl to gain legitimate, persistent access that bypasses multifactor authentication (MFA), security information and event management (SIEM) alerts, and endpoint detection and response (EDR) visibility altogether.

What is Authorization Sprawl?

Authorization sprawl occurs when access permissions multiply uncontrollably across systems, users, and applications. Every time a team or department adds a new SaaS integration, service account, or API key, another layer of permission is introduced.

In an attempt to make access to multiple applications easy, users also have single sign-on (SSO), designed to help log in once and access multiple applications securely. Here, users are granted access to several connected systems through SSO, adding to the authorization sprawl problem.

Over time, all these factors create a complex ecosystem that even security teams have a hard time tracing who can access what.

Unlike authentication, which verifies who someone is, authorization determines what one can do. When permissions expand without review, attackers take advantage of forgotten tokens, dormant accounts, or outdated roles to move freely inside systems.

Why Traditional Defenses Miss It

Most defenses focus on identity verification, such as MFA, conditional access, and endpoint protection. But once a user is authenticated, there is no monitoring. This is the blind spot that attackers exploit. Instead of breaking in, they log in using legitimate session tokens, application programming interface (API) keys, or open authorization (OAuth) grants.

The misuse of valid credentials or access tokens enables cloud-related breaches. These attacks bypass traditional detection tools because they appear to be normal activity by authorized users.

A recent incident involving Salesloft’s Drift application highlights how damaging authorization sprawl can be. Drift, an AI chatbot often integrated with Salesforce, was exploited after attackers gained access to Salesloft’s GitHub account and later its AWS environment. From there, they stole OAuth tokens and authentication credentials, exposing Salesforce data from potentially hundreds of organizations. This incident is an example of how interconnected SaaS systems and unchecked authorization links can create a cascading breach effect, where one weak point leads to multiple breaches across services.

The Business Impact of Authorization Sprawl

Aside from increasing technical risk, authorization sprawl erodes compliance, governance, and trust.

  1. Regulatory Exposure – Frameworks like GDPR, SOC 2, and HIPAA require strict access control and auditability. Untracked permissions make demonstrating compliance nearly impossible.
  2. Operational Risk – An overprivileged account can unintentionally leak data, delete configurations, or expose APIs.
  3. False Sense of Security – Zero Trust frameworks often stop at identity verification. Failing to continuously validate authorization is equivalent to protecting the front door while leaving internal doors wide open.

How to Fix Authorization Sprawl

Luckily, solving this problem does not require removing existing security controls but rather extending visibility and discipline into authorization.

  1. Conduct Regular Access Audits – Map users, roles, and permissions across your environment. Be sure to look for redundant privileges, dormant accounts, and orphaned API keys. Use tools that help visualize hidden paths and privilege escalation routes.
  2. Implement Structured Access Control – Use frameworks like role-based access control (RBAC) or attribute-based access control (ABAC). Standardizing roles ensures fewer exceptions and easier auditing.
  3. Automate Reviews and Revocations – Integrate identity and access management (IAM) with HR systems so access automatically changes when employees leave or change roles. This helps eliminate the temporary access that never gets removed.
  4. Shorten Token Lifetimes and Rotate Credentials – Session tokens and personal access tokens (PATs) should have an expiration period, such as 30 to 90 days. Using automated key rotation policies will help prevent long-lived access tokens from becoming backdoors.
  5. Enforce the Principle of Least Privilege – Grant users and systems only the minimum access needed.
  6. Extend Zero Trust to Authorization – Verification shouldn’t end with login. Apply continuous authorization checks.

Conclusion

As cloud ecosystems, APIs, and integrations continue to multiply, authorization complexity will grow exponentially. Businesses that invest in mapping and controlling authorization sprawl will stay ahead of both attackers and regulators. In cybersecurity, visibility equals control, and this begins with knowing exactly who can do what.

New Rules for Inherited Traditional IRA Distributions

3 min read

Inherited Traditional IRA DistributionsThe rules for IRAs inherited after 2020 changed when Congress passed the Secure Act in 2019. The new rules eliminated the opportunity for non-spousal beneficiaries to “stretch” inherited IRA earnings over their own lifetime. Up until this year, required minimum distributions (RMDs) and associated penalties were waived while the IRS clarified the new rules; but in 2025, they are in full force for most inherited IRA beneficiaries.

For clarity: Non-spouses who inherited IRA assets after 2020 MUST take RMDs starting this year.

RMD Rules For Non-Spouses

For Traditional IRAs inherited after 2020, the first thing a non-spousal beneficiary must do is transfer the inherited assets into an inherited IRA under his own name. Note that RMDs are then required only if the original owner had reached their RMD age before dying. Under this scenario, the beneficiary must take required minimum distributions going forward, including any RMD not taken in the year the original IRA owner died. Over the next nine years, the new inherited IRA owner must take annual RMDs based on his own life expectancy and deplete the account within 10 years of the decedent’s death.

However, if the original account owner was NOT required to take minimum distributions as of the time he passed, the inherited IRA beneficiary is NOT required to take them – unless he reaches RMD age during the 10-year holding period(starting at age 73, or age 75 effective 2033). Either way, he still must empty the account and pay the requisite tax bill within 10 years of the original account owner’s death.

In addition to paying taxes owed on RMDs, inherited account owners are subject to a 25 percent penalty on any amount shy of that year’s required distribution. Should you miss an RMD, you may be able to reduce the penalty to 10 percent if the correct distribution is taken within two years.

RMD Rules For Spouse Beneficiaries

A spousal beneficiary of the original IRA owner has more options than a non-spouse. For starters, she can retain the original account under her own name. Similar to the non-spouse beneficiary, if the decedent spouse HAD reached his RMD age, the surviving spouse must take required minimum distributions as well, including any RMD not taken in the year the original owner died. However, RMDs thereafter will be calculated based on the surviving spouse’s life expectancy, and there is no requirement to deplete the account within 10 years.

If the original IRA owner had?NOT?started taking RMDs, then the spouse does not have to take RMDs until she reaches the age required to do so. At that point, the RMDs will be based on her own life expectancy.

A spousal beneficiary also has the option to transfer the inherited assets into her own IRA. Under this scenario, her RMD schedule is based on her own age. This option allows her to delay taking RMDs until she reaches RMD age, regardless of the RMD status of the deceased spouse. This strategy provides the opportunity for the inherited assets to grow longer, tax-deferred.

For clarity: the 10-year rule for full distribution does not apply to spouses.

Note that the rules discussed herein do not apply to Traditional IRAs inherited by Trusts or “Eligible Designated Beneficiaries” (EDBs), which refer to chronically ill or disabled beneficiaries, beneficiaries who are younger than the deceased account owner by 10 years or less, or minor children of the account owner.

It’s best to work with a financial advisor or IRA account custodian to choose the option best suited to your circumstances – and ensure you adhere to the appropriate rules.

Controversial Defense Funding Bill, Shoring Up ESOP Plans, and Leave Benefits for Public Health Personnel

3 min read

Shoring Up ESOP PlansNational Defense Authorization Act for Fiscal Year 2026 (S 2296) – Introduced by Sen. Roger Wicker (R-MS) on July 15, the Senate passed this legislation on Oct. 9. The bill is a carve-out of the 2026 budget bill intended to fund military appropriations for the 2025-2026 fiscal year. The bill was largely supported by Republicans but less so by Democrats, who are in favor of keeping the government closed until all of their budget concerns are addressed. In addition to establishing funding and policies for military and defense-related activities, the bill includes a roadmap for bomber modernization, a real-time database for contractor compliance oversight, and authorizing programs for nuclear weapons facilities. The legislation would authorize $32.1 billion over the President’s budget request, and the White House opposes provisions in the bill that thwart the President’s ability to control immigration and conduct foreign affairs, including submitting plans to Congress ahead of actions, dictating the terms of intelligence support to Ukraine, and enabling the Defense Department to bypass the Administration’s tariffs. The bill currently rests with the House, which asserts it will not return to regular session until the Senate passes the current controversial CR budget bill.

Employee Ownership Representation Act of 2025 (S 1728) – This bipartisan bill seeks to expand the membership of the Advisory Council on Employee Welfare and Pension Benefit Plans to include two representatives of employee ownership organizations. While the council presently includes 15 members from business, labor, and the public, the council has no expertise specific to Employee Stock Ownership Plans (ESOPs). The legislation was introduced by Sen. Bill Cassidy (R-LA) on May 13 and passed in the Senate on Oct. 9. It currently awaits consideration by the House.

Retire Through Ownership Act (S 2403) – The main purpose of this bill is to provide a clear definition for certain closely held stock that aligns valuations with IRS standards in an effort to mitigate valuation risk for ESOPs. It would also provide “safe harbor” for trustees relying on these guidelines. The Act was introduced by Sen. Roger Marshall (R-KS) on July 23. It passed in the Senate on Oct. 9 and currently lies with the House.

Uniformed Services Leave Parity Act (S 1440) – Introduced by Sen. Tammy Duckworth (D-IL) on April 10, this legislation would authorize leave benefits (parental leave, emergency leave) to Public Health Service (PHS) officers. The bill sponsors assert that the current lack of these important benefits is a challenge to recruiting and retaining PHS personnel, who should be on par with the same benefits offered to uniformed service members. The bill passed in the Senate on Oct. 9 and is up for review in the House.

Internal Revenue Service Math and Taxpayer Help Act (HR 998) – This bill was introduced on Feb. 5 by Rep. Randy Feenstra (R-IA). Among other provisions, it instructs the IRS to provide taxpayers with details of notices that relate to a math or clerical error. The bill passed in the House on March 31 and in the Senate on Oct. 20. It currently awaits the President’s signature to become law.

The Silent Threat: How Simple Misconfigurations Are Fueling 2025 Worst Cyberattacks

4 min read

Simple Misconfigurations Are Fueling 2025 Worst CyberattacksAs organizations invest heavily in next-gen firewalls, AI detection, and threat intelligence, grave cyberattacks have been reported as a result of overlooked misconfigurations. According to the latest statistics, about 23 percent of cloud security incidents are directly connected to misconfigurations. These missteps create easy entry points for cybercriminals that may lead to data breaches, ransomware demands, and financial loss.

What are Misconfigurations?

Misconfigurations are overlooked errors in system setups that create vulnerabilities without the need for hackers to apply advanced hacking techniques. These silent threats are human-driven oversights when configuring software, hardware, or cloud services. Good examples include improperly set permissions in cloud storage, insecure API keys left in code repositories, inadequate security monitoring, and unsecured access points like IoT devices with default passwords.

These issues arise from human error, which accounts for 82 percent of misconfigurations. This is also compounded by today’s cloud era, where businesses depend on cloud platforms, software as a service stacks (SaaS), and AI-driven infrastructure. Many organizations now use multiple providers, and this makes configurations challenging. Rushed deployment also adds to the misconfiguration problem, especially when a thorough audit is not conducted. Unlike malware or phishing scams, misconfigurations remain undetected until exploited.

2025’s Worst Cyberattacks Fueled by Misconfigurations

This year alone, there has been a surge in incidents related to misconfiguration, which is alarming. There were more than 9.5 million cyberattacks in the first half of the year. A good example is the Coinbase breach of May 2025, in which data from more than 70,000 customer records was stolen. This breach is attributed to insider threats exploiting misconfigured permissions.

Recently, cybersecurity researchers revealed a botnet campaign that exploited misconfigured DNS sender policy framework (SPF) records across 20,000 domains and compromised more than 13,000 MikroTik routers. This enabled large-scale spam and spoofing attacks.

In many regions, misconfigured VPN gateways and remote access tools have also contributed to ransomware campaigns. This is through attackers bypassing perimeter defenses by exploiting a misconfigured VPN portal.

IoT weaknesses have also seen entire networks of smart devices compromised, simply because administrators did not change the default login credentials. The entry points ranged from security cameras to industrial sensors, allowing attackers to access more sensitive corporate systems.

Why Organizations Keep Making the Same Mistakes

  • Talent shortage – Many IT teams are stretched and lack sufficient experts to catch every misstep.
  • False confidence in automation – While automated tools are a great help, they are not foolproof. Overreliance on these tools and having a set-and-forget mindset can leave room for security breaches.
  • Velocity over security – This happens when rapid delivery of product features overshadows the slower discipline of security reviews.
  • Siloed responsibility – In many organizations, security is delegated to a separate team instead of being embedded across different units like the development, operations, and business units.
  • Awareness gap – Many teams underestimate how a single overlooked setting, like an open test environment, can escalate into a full-scale breach.

Prevention Strategies and Best Practices

Fortunately, misconfigurations are one of the preventable causes of security breaches. Preventing misconfigurations requires proactive measures that include:

  • Continuous auditing and testing – It is crucial to ensure regular audits and testing of automated tools for configuration management to detect and reduce the window of exposure.
  • Adopt zero-trust models – No device or user should be trusted by default; grant only minimum access where required.
  • Strengthen access controls – Always change default device credentials, partition networks, and enforce MFA across all accounts.
  • Automated detection tools – Use cloud security posture management, compliance-as-code, and drift detection to catch misconfigurations in real time.
  • Cross-functional training and culture – Employee training is vital, as human error accounts for 82 percent of incidents. Security literacy should extend to both technical and non-technical teams.
  • Follow industry guidelines – Align with recognized security frameworks (NIST, ISO, CIS) and CISA’s published guidance on the Top Ten Cybersecurity Misconfigurations. For example, avoid using default configurations, enforce patch management, and properly segment networks.
  • Incident response readiness – Have a well-drilled response playbook to ensure minor disruption in case the defenses fail.

Conclusion

Simple misconfiguration remains a silent enabler of devastating cyberattacks through avoidable errors. Business owners must prioritize configuration hygiene to build resilient digital infrastructures and protect against future threats.

It is a clear lesson that cybersecurity doesn’t always depend on battling sophisticated hackers but rather ensuring they don’t get an easy way in.

Ideas for Small Business Succession Planning

4 min read

Small Business Succession PlanningIt can be hard to build up your own business, but it can be harder to sell it for what it’s worth. In fact, only around three in 10 family-owned businesses survive for the next generation. Whether family-owned or in a partnership of non-family owners, business succession is no easy feat.

Succession Planning

It is very important to have a succession plan, even if the business is fairly new. That’s because it gives heirs a roadmap for what to do if the owner dies unexpectedly. The first step is to figure out who you want to run the business after you. If you want to pass it on to one or more family members, be sure to ask if they’d like to own it. Note that the family route may need to be considered a year or more before the transfer to ensure the successive owner has time to learn the ropes.

If you decide to sell the business to a third party, consider if you want to sell it outright or retain partial ownership and continue to get a share of the profits. Also, think about whether or not you want to participate in running the business once ownership changes hands.

Business Owner Partners

In the case of a shared business, a succession plan can help clarify the intent of both owners and provide a legal path of succession if one owner dies. In a worst-case scenario, instead of the surviving partner taking the reins to run the business on his own, he may end up having to run it alongside the deceased owner’s spouse, who might not possess the skills, experience, or proclivity for the business. Or maybe the surviving spouse decides not to sell the business but receive a share of the profits without doing any work.

Key Man Insurance

If the surviving owner would simply like to buy out the deceased owner’s interest in the business, there are certain financial strategies available in the event he doesn’t have the assets to do so. One vehicle is called key man insurance, which refers to policies paid for by the business to cover the death of the business owner. Death proceeds are specifically earmarked to keep the business operating upon the death of the owner.

Buy-Sell Agreement with Life Insurance

A succession plan that includes a Buy-Sell Agreement contract specifies what will happen to the business shares of the owner upon his death. In most cases, the surviving business partner will use the life insurance proceeds to buy the shares at a predetermined value, which ensures that the deceased’s family is adequately paid for his share of the business upon his death.

Family-Owned Business

In the case of a family-owned business, a family member who is active in the business may take out an insurance policy on the owner and use the proceeds to buy out the interests of the non-active family members after the owner dies.

Private Annuity

Another option is a private annuity, in which the owner sells his business to his children in exchange for a fixed annuity income, based on IRS interest rates, for the rest of the owner’s life and, if elected, that of his spouse. If the owner outlives his life expectancy, the children may end up paying him more than the business is worth. However, if the owner dies sooner, they may pay less than the business is worth.

Family Limited Partnership

With a family limited partnership, the business owner transfers some or all of his business to individual family members while he is alive. When the owner dies, the portion of the business that has been transferred is no longer considered a part of the owner’s estate and is therefore not subject to estate taxes.

Seller Financing

If the owner has trouble selling the business to a third party, including perhaps a valuable employee who would like to take over, consider a seller financing agreement. Instead of paying the owner a lump sum, the buyer pays him a fixed, regular payment over a set number of years. Future business revenue secures the note, and the current owner would be qualified to know how well business revenues might hold up under the new ownership. Some sellers set up a finance agreement for just five years or so, after which time the buyer is expected to qualify to refinance with a conventional loan. It’s also possible for the financier to sell the new owner’s note if he decides down the road to get out of the financing role. The good news is that, should the buyer default on the loan, the seller would still own the company.

Enhancing Homebuyer Protections, Wildfire Risks, 911 Response and Domestic Manufacturing

3 min read

HR 2808, HR 2483, HR 3400, S 306, S 725, S 433Homebuyers Privacy Protection Act (HR 2808) – Introduced by Rep. John Rose (R-TN) on April 10, the House passed this bill on June 23, and the Senate passed it on Aug. 2. Signed into law on Sept. 5, this bipartisan bill prohibits a consumer reporting agency from selling a mortgage applicant’s personal information to other lenders without their explicit consent. The legislation is designed to safeguard homebuyers’ personal financial information and eliminate the frequent bombardment of other lender marketing offers during the financing process underway with the applicant’s existing lender.

SUPPORT for Patients and Communities Reauthorization Act of 2025 (HR 2483) – This bill renews billions of dollars in federal funding for programs responsible for preventing overdoses and further strengthening treatment and recovery services. The renewal of funds to nationwide county programs is timely, given the current behavioral health and substance abuse disorder crises. The bill was introduced by Rep. Brett Guthrie (R-KY) on March 31, passed in the House on June 4 and in the Senate on Sept. 18; it currently awaits signature by the president.

TRAVEL Act of 2025 (HR 3400) – Also known as the Territorial Response and Access to Veterans’ Essential Lifecare Act, the purpose of this bill is to enable VA physicians and specialists to travel to hard-to-reach areas in U.S. territories for up to one year. The Act is designed to help fill critical gaps in VA medical services across the Pacific territories by compensating providers with travel bonuses. The legislation was introduced by Representative Kimberlyn King-Hinds (R-Northern Mariana Islands) on May 14. It passed in the House on Sept. 15 and currently lies with the Senate.

Fire Ready Nation Act of 2025 (S 306) – Introduced by Sen. Maria Cantwell (D-WA) on Jan. 29, this legislation would establish a fire weather program at the National Oceanic and Atmospheric Administration (NOAA). The new program would enable scientists to better predict wildfires, fire weather, and fire risk via forecasting, detection, and modeling, as well as respond quickly to prevent devastation to families, homes, and businesses due to wildfires. The legislation was passed in the Senate on Sept. 10 and is now under review in the House.

Enhancing First Response Act (S 725) – This bill was introduced on Feb. 25 by Sen. Amy Klobuchar (D-MN) and passed in the Senate on Sept. 10. The law would reclassify 911 dispatchers as public safety workers from their current role as office and administrative support in the federal Standard Occupational Classification system. In addition, the bill contains provisions to improve access to the 911 call system during major disasters and make the system more resilient against outages and disruptions. The fate of this bipartisan bill now rests in the House.

National Manufacturing Advisory Council Act (S 433) – This Act was introduced by Sen. Gary Peters (D-MI) on Feb. 5. It seeks to establish a working group of representatives from industry, labor, and academia to advise Congress on policies and programs to enhance domestic manufacturing despite the challenges of global competition, U.S. supply chain issues, and the current tariff solution. The bipartisan legislationwas  passed unanimously in the Senate on July 14 and is currently under review in the House.

Canceling Government Funding and Expanding Protections for Veterans

3 min read

hr 4, hr 517, hr1316, s 423, hr1815, s 264, s201Rescissions Act of 2025 (HR 4) – A rescission bill cancels funding previously approved by Congress upon request by the president. Congress has 45 continuous legislative days to enact or reject the proposal, during which time the funds may be temporarily withheld. Introduced by Rep. Steve Scalise (R-LA) on June 6, the House passed this bill on June 12 and the Senate passed it on July 17. Signed into law on July 24, this bill cancels nearly $9 billion in funding for a variety of programs, including foreign aid and the Corporation for Public Broadcasting.

Filing Relief for Natural Disasters Act (HR 517) – On July 24, the president signed into law this bill that allows taxpayers to postpone their filings if their state governor has declared a natural disaster, rather than waiting for the president to declare a federal disaster. The bill was introduced by Rep. David Kustoff on Jan. 16, passed in the House on March 31 and in the Senate on July 10.

Maintaining American Superiority by Improving Export Control Transparency Act (HR 1316) – Introduced by Rep. Ronny Jackson (R-TX) on Feb. 13, this legislation is designed to crack down on U.S. adversaries acquiring cutting-edge technology. The bill mandates that the Secretary of Commerce submit an annual report to Congress detailing dual-use export license applications and other requests for authorization for the export, re-export, release and in-country transfer of controlled items to arms-embargoed countries such as China, Russia, Iran and North Korea. The legislation was passed in the House on May 5, the Senate on May 22 and was signed into law on Aug. 19.

PRO Veterans Act of 2025 (S 423) – The purpose of this act is to prevent fraud and abuse via increased oversight of the Veterans Affairs Department, including critical skill bonuses paid out to senior executives. Moreover, the bill requires quarterly, in-person briefings to congressional veterans’ committees regarding VA departmental budget shortfalls. The legislation was introduced by Sen. Dan Sullivan (R-AK) on Feb. 5, passed in the Senate on April 8 and in the House on July 21. The bill was enacted on Aug. 19.

VA Home Loan Program Reform Act (HR 1815) – This bill was introduced on March 3 by Rep. Derrick Van Orden (R-WI), passed in the House on May 19, the Senate on July 15, and signed into law on July 30. The law reauthorizes the VA home loan partial claim and Veterans Affairs Servicing Purchase (VASP) programs. These programs are designed to help distressed veteran homeowners avoid foreclosure by enabling the VA to purchase a portion of indebtedness (25 percent to 30 percent of the unpaid principal balance) of a VA home loan secured by the primary residence of the borrower.

Improving Veterans’ Experience Act of 2025 (S 264) – This bill is meant to improve satisfaction with VA benefits and services by compiling feedback from veterans, families and caregivers. This legislation establishes a Veterans Experience Office (VEO) to manage customer experience initiatives, collect data and coordinate VA departments in order to prevent duplicate efforts and ensure consistent improvements across the board. The bill was introduced on Jan. 28 by Sen. Angus King (I-ME), passed in the Senate on April 8, the House on July 21 and was enacted on Aug. 14.

ACES Act of 2025 (S 201) – This act was introduced by Sen. Mark Kelly (D-AZ) on Jan. 23. It directs the secretary of the VA to study cancer and mortality rates among aviators and aircrews who served in the Navy, Air Force and Marine Corps; and to correlate incidents of cancer among this select group of military personnel. The legislation passed in the Senate on June 3, the House on July 21, and was signed by the president on Aug. 14.

Beyond the Hype: A Strategic Blueprint for AI Investment in 2025 and Beyond

4 min read

AI Investment in 2025Artificial intelligence (AI) is one of the most talked-about technologies today. It has taken a shift from the broad general-purpose tools to specialized innovations that promise real impact. AI is dominating headlines with investor pitches. There has also been a surge in startups promising AI-powered solutions. However, some businesses have already adopted and invested millions into AI projects with little return. As AI advances, business owners and investors need to stop chasing the latest headlines and consider how to best integrate AI to create lasting value.

Understanding the AI Investment Landscape in 2025

Since the AI breakout, it has advanced dramatically. There are three forces that are reshaping the investment and adoption of AI.

  1. Maturation of Foundation Models
    The large language models (LLMs) are now cheaper and faster. They are also customizable. This means that businesses no longer need to build from scratch and can just adapt existing models in their industry.
  2. Regulations and Accountability
    Governments are tightening frameworks around data privacy, transparency, and responsible AI. Compliance has become a key competitive differentiator.
  3. Sector-Specific Applications
    Advancements in AI have given way to specialized use cases. For example, fintech AI can track fraud, while manufacturing AI optimizes the supply chain.

The AI Hype Cycle

According to Gartner’s 2025 “Hype Cycle for Artificial Intelligence.” AI technologies move through predictable stages. These include the innovation trigger, peak of inflated expectations, trough of disillusionment, slope of enlightenment, and plateau of productivity. Between 2023 and 2024, generative AI dominated the headlines. It has now entered the trough of disillusionment as organizations confront their limitations, governance risks, and the difficulty of proving ROI. However, this is not to be seen as a setback, but rather a turning point as businesses shift focus from experimentation to scaling reasonably. Investment is now focused on foundational enablers such as ready data, ModelOps for lifecycle management, and AI agents. By 2025, businesses will be realizing that quick wins are harder than expected. On the bright side, businesses have an opportunity to build sustainable systems that offer measurable business value.

Lessons Learned from the First Wave of AI Adoption

The promises that came with AI led some businesses to invest heavily. This resulted in several mistakes:

  • Chasing innovation over value
    Many businesses rushed to invest in AI-powered projects like chatbots without linking them to actual business goals. For instance, customers have raised concerns about frustration with bank AI bots that confuse rather than help customers, according to the Consumer Financial Protection Bureau (CFPB).
  • Falling for AI hype
    Some businesses invested in companies branding themselves as AI-driven, even when the solutions offered relied on basic automation.
  • Ignoring integration
    Failing to consider that AI is not a plug-and-play solution. This saw some early adopters underestimating the cultural, technical, and operational changes required to integrate AI into workflows.

A Strategic Blueprint for AI Investment

For businesses to invest wisely:

  1. Start with the problem, not the tool
    Instead of shopping for tools to adopt, a business should first ponder what problem it wants to solve. This means clearly defining the problem to solve, such as personalizing marketing campaigns or predicting supply shortages. Clarifying a problem ensures the AI investment is focused and not an experiment.
  2. Build a portfolio approach
    Borrowing from how investors diversify portfolios, a business should also diversify its AI initiatives. They can do this by balancing short-term projects, such as automating repetitive tasks, with long-term projects like predictive analytics. This is to ensure there is a steady return on investment.
  3. Prioritize responsible and compliant AI
    Reputation is crucial, and businesses should avoid mishandling customer data. To do this, companies must invest in compliance, transparency, and explainability as part of their AI strategy.
  4. Invest in people, not just technology
    AI does not replace talent. Companies should invest in training and upskilling their workforce. This prepares employees to work well with the new technology to ensure adoption is smooth and effective.
  5. Build scalable infrastructure
    Even with the most advanced AI model, failing to have the right foundation will result in unsuccessful implementation. The lesson? Companies must invest in flexible systems that can grow with them.

Conclusion

AI is no longer a futuristic concept. It is a business reality. Adopting AI alone is not enough, and businesses need to do it wisely. Businesses should refrain from jumping on the latest trends. Instead, make strategic choices that align with long-term goals. The focus should be on the problems to be solved and not the tools. 

Young Adults: Why Buy Life Insurance?

4 min read

Young Adults: Why Buy Life Insurance?Young adults may not see much reason to purchase life insurance, especially if they have no dependents and/or a partner who makes plenty of money. However, there are several reasons why folks in this situation would want to consider various forms of life insurance.

To Pay Off Debt

Let’s say your parents cosigned for your student loans, car loan or other debts. Should you pass away, your cosigner will be liable to pay off the debt. However, if you name that person the beneficiary of your life policy, he or she can use the benefit to pay off the debt.

Breadwinner

If you are the breadwinner in your household, imagine how your spouse or partner would fare without your income. By naming that person beneficiary of your life insurance policy, you can leave a death benefit to help cushion the blow. This is particularly important if you have shared debt, such as a mortgage.

Stay-At-Home Parent or Spouse

Even people without a traditional salary should consider life insurance coverage. After all, they may provide services that are expensive to replace, such as cooking, cleaning, shopping, and childcare. Even a small life insurance payout can help a working partner cover these expenses during a difficult time.

To Prepare for Future Needs

There are life insurance policies that work double duty – issue a payout upon death as well as build a savings account. For example, whole life and universal life insurance policies use a portion of the premium to build cash value, which can be used for future expenses like the down payment for a house.

Cheaper Now Than Later

Another good reason to buy life insurance when you’re young is that premiums are lower the younger and healthier you are.

Employer Versus Independent Policy

Many employers offer a basic life insurance policy with the option to increase the death benefit by paying a higher premium. Depending on your circumstances and goals, it may be worthwhile to purchase a life policy separate from your employer. This can give you extra coverage and is portable in case you get laid off or decide to start your own business.

Other Adulting Tips

  • Start saving and investing for retirement when you’re young. The power of interest compounding over time works the way credit card debt compounds – but in an investment account, the money that compounds belongs to you. This means you can earn a lot more by the time you retire than if you wait until your 30s or 40s to start investing (even if you contribute more at those ages).
  • If your employer offers a 401(k) plan, take advantage of any free money. Many employers offer matching contributions up to a certain limit, so even if you defer only a small amount of income to your 401(k), your employer will typically double it.
  • Another good investment vehicle for young adults is the Roth IRA. You can save up to  $7,000 a year (2025) in a Roth and tap your contributions at any time for any reason. This makes a great double-duty investment that can also serve as an emergency fund, a short-term savings fund for a new car or down payment for a house, and, ultimately, for retirement. The only taxes you pay are on the net investment gains above your original contributions, and even that is tax-free after age 59½. If you don’t have spare income to contribute to a Roth, remember it’s a good vehicle to open when you receive a raise or a bonus.
  • Lots of young adults test their potential parenting skills by adopting a pet, and may wonder if it’s worthwhile to buy pet insurance. First of all, shop around for quotes because you may find that it is surprisingly affordable. The next variable to consider is the age of your pet. If you adopt a young pet, premiums will likely be cheape,r and you’ll be able to renew your insurance each year with little problem and reasonable increases. However, if you prefer to adopt an older pet, or a purebred known for significant health issues, you may find premiums are significantly higher and, at some point, you may no longer be able to renew your pet insurance policy. Keep these guidelines in mind when considering whether or not you can afford a pet.

The Big Beautiful Bill, Rolling Back Public Television and Radio, and Regulating the Cryptocurrency Industry

4 min read

The Big Beautiful BillOne Big Beautiful Bill Act (HR 1) – Introduced by Rep. Jody Arrington (R-TX) on May 20, this bill passed in the House on May 22, the Senate with changes on July 1, and once again in the House on July 3. Signed into law on July 4, this bill includes the following provisions:

  • Makes permanent the income and estate tax provisions passed in the Tax Cuts and Jobs Act of 2017.
  • Increases the annual limit to $7,500 for Dependent Care Flexible Spending Accounts (FSAs), starting in 2026.
  • Makes permanent the ability for employers to offer tax-free student loan repayment assistance up to $5,250 a year, with the cap indexed for inflation.
  • Starting in 2026, new tax-advantaged “Trump Account” savings plans may be opened for eligible children under age 18. The account will receive a one-time $1,000 deposit by the government (for children born in 2025 through 2028) and allow for non-deductible/after-tax contributions of up to $5,000 a year (indexed for inflation). However, note that funds cannot be withdrawn before the beneficiary turns 18, and money withdrawn before age 59½ is subject to both income taxes and a 10 percent penalty (with exceptions for college tuition and a first-time home purchase).
  • While the bill calls for untaxed tips and overtime pay, this tax break will be delivered in the form of a deduction claimed on individual tax returns. For cash or charged tips, up to $25,000; for overtime pay, the deduction is up to $12,500/$25,000 for joint filers. Phase-out deductions will apply to both based on income.
  • Allows up to a $10,000 tax deduction for interest paid on an auto loan used to purchase a qualified vehicle.
  • New tax deduction for seniors age 65+: $6,000 for single filers; $12,000 for joint filers.
  • The bill does not include an extension of the enhanced credits for the Affordable Care Act, scheduled to expire at the end of the year. This is expected to increase average exchange health insurance premiums by 75 percent starting next year.

Relating to consideration of the Senate amendment to the bill (H.R. 4) to rescind certain budget authority proposed to be rescinded in special messages transmitted to the Congress by the president on June 3, in accordance with section 1012(a) of the Congressional Budget and Impoundment Control Act of 1974 (HRes 590) – On July 17, Rep. Virginia Foxx (R-NC) introduced this rescissions bill, which essentially cuts $1 billion from the Corporation for Public Broadcasting (CBP). The CBP is a private, nonprofit corporation that was authorized by Congress in 1967 to be the steward of the federal government’s investment in public broadcasting. The elimination of this federal funding will force many local public radio and television stations to shut down. The legislation, which also rescinds $8 billion from a variety of foreign aid programs, was passed as a House rule that enabled full passage of the rescissions bill due to a provision that avoids a direct vote on the bill. The bill passed in the House on July 18 and does not require approval by the Senate or to be signed into law by the president.

GENIUS Act (S 1582) – Introduced by Sen. Bill Hagerty (R-TN) on May 1, this legislation is designed to regulate the currently unregulated cryptocurrency industry. The Act requires issuers to back stablecoins on at least a $1-to-$1 basis. The bill is intended to set guardrails for the industry via full reserve backing, monthly audits, and anti-money laundering compliance regulations. This bill also enables a wider range of issuers to enter the market, including banks, fintechs, and major retailers. The legislation was passed in the Senate on June 17, the House on July 1,7, and was signed into law on July 18.

Anti-CBDC Surveillance State Act (HR 1919) – Introduced by Rep. Tom Emmer (R-MN) on March 6, this is a companion bill to the Genius Act. It would prohibit Federal Reserve Banks from offering certain products or services directly to individuals and disallow the use of central bank digital currency for monetary policy, among other provisions (CBDC stands for Central Bank Digital Currency). The bill passed in the House on July 17 and currently awaits its fate in the Senate.

Digital Asset Market Clarity Act of 2025 (HR 3633) – Another Genius Act companion bill, the goal of this legislation is to provide a regulatory system by the Securities and Exchange Commission and the Commodity Futures Trading Commission for the sale of digital commodities. The bill was introduced on May 29 by Rep. French Hill (R-AR), passed in the House on July 17, and currently lies with the Senate.