Listen to this Post
Introduction:
The artificial intelligence revolution has been heralded as the most transformative technological leap since the advent of electricity—but not everyone is convinced. Dr. Jeffrey Funk, a retired professor, technology consultant, and author of Unicorns, Hype and Bubbles, has emerged as one of the most vocal skeptics of the current AI gold rush. Through his extensive research and LinkedIn analyses, Funk argues that we are not witnessing a genuine technological breakthrough but rather the most inflated bubble in business history—one that dwarfs even the dot-com era. This article examines Funk’s critical perspective on generative AI, explores the technical limitations of large language models (LLMs), and provides actionable cybersecurity and IT insights for organizations navigating the hype.
Learning Objectives:
- Understand Dr. Jeffrey Funk’s core arguments regarding the AI investment bubble and the overhyped nature of generative AI.
- Identify the technical limitations of transformer models, including their inability to perform causal reasoning and their propensity for hallucinations.
- Learn practical Linux and Windows commands for auditing AI systems, securing cloud infrastructure, and implementing responsible AI governance.
You Should Know:
1. The Generative AI Bubble: Hype vs. Reality
Dr. Funk contends that the current enthusiasm for generative AI mirrors past speculative bubbles, where valuations far exceed tangible value creation. He points to several indicators: venture capital funding that reached record highs in 2021, the meteoric rise of AI-related share prices, and the proliferation of startups promising AI-driven disruption without demonstrating sustainable business models. “We are in the biggest bubble ever,” Funk asserts, “one even bigger than the one that motivated the title of my book”.
The core of Funk’s critique lies in the disconnect between AI’s capabilities and the expectations placed upon it. While generative AI has shown utility in niche applications—such as video advertisement creation, content summarization, and basic code generation—it has consistently failed to deliver on more ambitious promises. For instance, the dream of AI replacing radiologists has given way to the more modest reality of AI-assisted transcription in hospitals. Self-driving vehicles continue to struggle with edge cases, and delivery drones remain impractical for urban environments. “After years of trying to replace radiologists, drivers, police officers, and home flippers, they are now focused on augmentation,” Funk observes, “a better goal, but also a difficult one for most applications”.
Step‑by‑step guide for auditing AI investments and claims:
Step 1: Evaluate the Use Case. Before investing in or deploying an AI solution, clearly define the problem it aims to solve. Ask whether the problem requires high accuracy or can tolerate occasional hallucinations.
Step 2: Assess the ROI. Calculate the potential return on investment by comparing the cost of implementation (including infrastructure, training, and maintenance) against the expected productivity gains. Funk notes that many AI applications generate “small wins” that do not justify their valuations.
Step 3: Demand Transparency. Insist on detailed performance metrics from AI vendors, including accuracy rates, hallucination frequencies, and edge-case failure rates. Avoid vendors that rely on vague promises of future capabilities.
Step 4: Pilot Before Scaling. Implement AI solutions in controlled, low-stakes environments before rolling them out organization-wide. Rodney Brooks, co-founder of iRobot and Robust.ai, emphasizes that successful AI deployments often require “a person somewhere in the loop” or “a very low cost of failure”.
Step 5: Monitor Continuously. Establish ongoing monitoring protocols to track AI performance and detect degradation over time. Research shows that LLM outputs degrade when they consume increasing quantities of AI-generated content.
2. The Technical Limitations of Large Language Models
Perhaps Funk’s most damning critique targets the fundamental architecture of LLMs. He argues that transformer models—the technology underpinning ChatGPT and similar systems—do not perform causal reasoning. Instead, they learn statistical relationships between tokens (words) without understanding the underlying concepts or their relationships.
To illustrate this limitation, Funk often poses a riddle: “A man and his son are in a car crash. The man, who is gay, dies, but the son survives, yet when he is wheeled into surgery, the surgeon says, ‘I cannot operate on this man, he is my son!’ Who is the surgeon?” The correct answer—that the surgeon is the boy’s other father—requires understanding that the boy has two fathers. LLMs, which learn relationships between tokens rather than facts, frequently fail such tests.
This inability to reason causally has serious implications. LLMs cannot reliably handle edge cases or infer causality from data. They are, in Funk’s words, “regurgitation machines” that produce outputs based on patterns they have seen during training. When asked a question that requires reasoning beyond pattern matching, they often hallucinate—generating plausible-sounding but incorrect information.
Step‑by‑step guide for testing LLM reasoning capabilities:
Step 1 (Linux/macOS): Use `curl` to send a prompt to an LLM API and test its reasoning:
curl -X POST https://api.openai.com/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{
"model": "gpt-4",
"messages": [{"role": "user", "content": "A man and his son are in a car crash. The man dies, but the son survives. When the son is wheeled into surgery, the surgeon says, \"I cannot operate on this man, he is my son!\" Who is the surgeon?"}]
}'
Step 2 (Windows PowerShell): Use `Invoke-RestMethod` to perform the same test:
$body = @{
model = "gpt-4"
messages = @(
@{
role = "user"
content = "A man and his son are in a car crash. The man dies, but the son survives. When the son is wheeled into surgery, the surgeon says, \"I cannot operate on this man, he is my son!\" Who is the surgeon?"
}
)
} | ConvertTo-Json -Depth 10
Invoke-RestMethod -Uri "https://api.openai.com/v1/chat/completions" `
-Method Post `
-Headers @{"Authorization"="Bearer YOUR_API_KEY"; "Content-Type"="application/json"} `
-Body $body
Step 3: Evaluate the response. If the LLM fails to identify the surgeon correctly, document the failure and consider whether the application requires causal reasoning.
Step 4: Test the LLM with a variety of reasoning puzzles, including the Monty Hall problem and the classic river-crossing riddle.
Step 5: Implement a human-in-the-loop verification process for any application where reasoning errors could have significant consequences.
3. The Cybersecurity Implications of AI Hype
The intersection of AI hype and cybersecurity presents a dual challenge. On one hand, organizations are rushing to deploy AI-powered security tools, often without fully understanding their limitations. On the other hand, threat actors are leveraging AI to develop more sophisticated attacks. The emergence of AI-assisted ransomware groups like FunkSec—which allegedly used AI tools to develop malware and automate attacks—demonstrates the double-edged nature of this technology.
Funk’s skepticism about AI capabilities should inform cybersecurity strategy. Security teams must recognize that AI-powered detection systems are not infallible; they can generate false positives, miss novel threats, and be manipulated by adversarial inputs. Moreover, the same hallucinations that plague LLMs in general applications can occur in security contexts, leading to incorrect threat assessments.
Step‑by‑step guide for hardening AI‑powered security systems:
Step 1 (Linux): Audit AI model integrity by verifying checksums and monitoring for unauthorized modifications:
sha256sum /path/to/ai-model.bin Compare against known-good hash
Step 2 (Linux): Implement input validation and sanitization to prevent adversarial attacks:
Example: Sanitize user inputs before feeding to an AI model input=$(echo "$user_input" | tr -d '\n\r' | sed 's/[^a-zA-Z0-9 .,?!-]//g')
Step 3 (Windows PowerShell): Monitor AI system logs for anomalous behavior:
Get-WinEvent -LogName "Application" | Where-Object { $<em>.ProviderName -match "AI" -and $</em>.LevelDisplayName -eq "Error" } | Select-Object TimeCreated, Message
Step 4: Deploy behavioral AI-driven defense mechanisms that can counter AI-assisted attacks. Ensure these systems are regularly updated and tested against emerging threat patterns.
Step 5: Establish an incident response plan specifically for AI-related security incidents, including procedures for isolating compromised AI systems and restoring from clean backups.
4. Responsible AI Governance and Regulation
Funk is deeply concerned about the concentration of power in the hands of a few tech companies and the lack of meaningful regulation. He argues that the companies building AI “talk a good game about ‘Responsible AI,’ but their words do not match their actions”. He points to four general problems: (1) generative AI systems are indifferent to the truth; (2) responsible AI rhetoric is not matched by responsible practices; (3) generative AI is wildly overhyped relative to its actual deliverables; and (4) we are headed toward an AI oligarchy.
These concerns have direct implications for organizations deploying AI. Companies must implement robust governance frameworks that ensure AI systems are transparent, accountable, and aligned with human values. This includes establishing clear policies for data usage, model training, and output validation.
Step‑by‑step guide for implementing responsible AI governance:
Step 1: Establish an AI ethics committee with representatives from legal, compliance, security, and business units.
Step 2: Develop and enforce data governance policies that ensure training data is ethically sourced and free from bias.
Step 3: Implement model explainability tools that can trace AI decisions back to their inputs. For example, use SHAP (SHapley Additive exPlanations) or LIME (Local Interpretable Model-agnostic Explanations) to interpret model outputs.
Step 4: Conduct regular audits of AI systems to ensure compliance with internal policies and external regulations. Document all findings and remediation actions.
Step 5: Create a public-facing transparency report that discloses how AI is used, what data is collected, and how decisions are made.
- Practical Commands for AI System Auditing and Hardening
For IT and security professionals responsible for AI infrastructure, the following commands provide a foundation for auditing and hardening AI systems.
Linux Commands:
Monitor system resources used by AI workloads:
top -u $(whoami) | grep -E "python|tensorflow|pytorch"
Check for unauthorized network connections from AI services:
netstat -tunap | grep -E "python|tensorflow|pytorch"
Audit file permissions on AI model directories:
find /path/to/ai/models -type f -exec ls -la {} \;
Scan for vulnerabilities in AI dependencies:
pip list --outdated safety check
Windows Commands:
Monitor AI process activity:
Get-Process | Where-Object { $_.ProcessName -match "python|tensorflow|pytorch" }
Check for open ports used by AI services:
netstat -ano | findstr LISTENING
Audit file permissions:
icacls C:\path\to\ai\models
Scan for known vulnerabilities:
winget upgrade --all
What Undercode Say:
- Key Takeaway 1: Generative AI is not a magical solution but a tool with significant limitations. Organizations must approach AI deployment with realistic expectations and robust validation mechanisms.
- Key Takeaway 2: The AI investment bubble poses systemic risks, including misallocation of capital, concentration of power, and potential regulatory backlash. Cybersecurity professionals must prepare for both the opportunities and threats that AI presents.
Analysis: Dr. Jeffrey Funk’s critique of generative AI serves as a necessary corrective to the uncritical enthusiasm that pervades the technology industry. His arguments are grounded in empirical observations: the slow diffusion of AI in physical applications, the persistence of hallucinations, and the inability of LLMs to perform causal reasoning. For cybersecurity professionals, Funk’s insights are particularly valuable. They remind us that AI is not a panacea for security challenges; it is a tool that must be used judiciously, with full awareness of its limitations. The emergence of AI-assisted ransomware groups like FunkSec underscores the need for vigilance. At the same time, the hype surrounding AI creates opportunities for attackers to exploit organizational overconfidence. By adopting a skeptical, evidence-based approach to AI, security teams can better protect their organizations while avoiding the pitfalls of the current bubble.
Prediction:
- -1: The AI investment bubble will eventually burst, leading to a significant correction in tech valuations and a wave of startup failures. Organizations that over-invested in AI without achieving tangible returns will face financial strain.
- -1: The limitations of LLMs—particularly their inability to reason causally—will become increasingly apparent, leading to a backlash against AI in high-stakes applications such as healthcare, finance, and autonomous vehicles.
- +1: The eventual correction will separate hype from substance, allowing genuinely useful AI applications to emerge and thrive. Organizations that focused on augmentation rather than replacement will be well-positioned for long-term success.
- +1: The regulatory response to AI will mature, establishing clear standards for transparency, accountability, and safety. This will create a more stable environment for innovation and reduce the risk of AI-related harms.
- -1: Cybercriminals will continue to leverage AI to develop more sophisticated attacks, including AI-generated phishing campaigns, automated vulnerability scanning, and adaptive malware. Defenders must counter AI with AI, but they must also recognize that AI is not a silver bullet.
▶️ Related Video (74% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Dr Jeffrey – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
