Chatbots are becoming first stops for employees with “how to”-style IT questions.

Although such queries potentially free overworked IT pros from having to ask, “Did you try restarting?” for the hundredth time this week, this reliance on LLMs may also blind the help desk to problems brewing within the organization’s tech stack.

Robert Rohrman, SVP of IT infrastructure at IT certification and training body CompTIA, has seen an increase in employees’ turning to LLMs for their questions. While a help desk go-around may save tech-support time away from the queue, he notes, there are downsides.

“You want to make sure that people using chatbots are getting proper information,” Rohrman said. “There are ways for corporations to control that.”

Bot do we have here?—BH

It’s all in the name.

A “maintainer” leads and supports an open-source project with necessary maintenance like code reviews. They also maintain in the continuity sense: They’re the steady presence handling feedback from a community of users.

But like your fantasy-football commissioner who disappeared after no one paid their dues, sometimes maintainers are ready to step away from a project.

And some succession plans are better than others. Open-source software security company Sonatype’s 2026 “State of the Software Supply Chain” report found that up to 15% of open-source components in enterprise dependencies are end-of-life (EOL), or abandoned without anyone ready to patch vulnerabilities as they arise. That means “permanent exposure,” Sonatype wrote, and “organizations inherit flaws that cannot be remediated upstream.”

More on those pressure points, here.—BH

Put the danger in context.

That’s the message to customers from cloud platform Vercel after threat actor ShinyHunters breached the company’s system and absconded with user data.

Attackers gained access to a Vercel employee’s credentials via AI platform Context.ai’s Google Workspace OAuth app, which was breached in 2024. The way permissions for API Key applications are set up means that attacks like this can often see high success rates. While Vercel stores its information “fully encrypted at rest,” as CEO Guillermo Rauch detailed in a post on X, the breach was still significant.

“We have numerous defense-in-depth mechanisms to protect core systems and customer data,” Rauch wrote. “We do have a capability however to designate environment variables as ‘non-sensitive.’ Unfortunately, the attacker got further access through their enumeration.”

How API keys aren’t delivering security.—EH

CollabWORK connects you to the hidden job market through IT Brew and other trusted channels. Browse roles curated specifically for this community by clicking through to the job board.