AI Boom Exposes Gaps In Consulting Firms’ Capabilities - 1

Image by Benjamin Child, from Unsplash

AI Boom Exposes Gaps In Consulting Firms’ Capabilities

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Consulting firms made exaggerated AI promises to clients, who now handle generative AI projects independently as their initial work failed to deliver the promised results.

In a rush? Here are the quick facts:

  • Many consultants lack more AI expertise than client internal teams.
  • Executives say consultants overpromised and delivered limited practical applications.
  • AI demand exists, but firms may profit more in four to five years.

The consulting industry invested billions of dollars during the last three years to help businesses implement AI, as they wanted to lead the adoption of this technology.

But reality has fallen short. WSJ reports that many clients argue that consultants have no more AI experience than their internal teams, and they struggle to scale successful experiments across the business.

Dave Williams, Chief Information and Digital Officer at Merck, said, “We love our partners, but oftentimes they’re learning on our dime,” as reported by WSJ.

Executives across industries report similar frustrations. WSJ reports that Greg Meyers, Chief Digital and Technology Officer at Bristol-Myers Squibb, said, “If I were to go hire a consultant to help me figure out how to use Gemini CLI or Claude Code, you’re going to find a partner at one of the Big Four has no more or less experience than a kid in college who tried to use it.”

WSJ notes that the company terminated its one-year partnership with a major consulting firm to start working on generative AI projects independently.

WSJ reports that others echoed the sentiment. Magesh Sarma of AmeriSave Mortgage said, “They overpromised […] we discovered that they really also had no idea how to do these things. They were just as good or as bad as what we would have been able to do in house.”

Pat Petitti, CEO of Catalant, added, “Man, they came in, they charged us $20 million and what I feel like we got was a very long report on where AI is going without any real practical application,” as reported by WSJ.

Still, some value remains. Large consulting firms can provide industry insights and extra support.

WSJ reports that Accenture, KPMG, and others report rising AI demand. Fiona Czerniawska, CEO of Source Global Research, said, “You’ve got a generation of CIOs that are going to be quite skeptical about consultants’ ability to deploy AI…However, from the consulting firms’ point of view, there will be a second wave and this is where they will make most of their money.”

For now, the consulting industry is learning the hard way: AI promises are easier to sell than to deliver.

Crypto Users At Risk After Hackers Exploit NPM JavaScript Libraries - 2

Image by Kanchanara, from Unsplash

Crypto Users At Risk After Hackers Exploit NPM JavaScript Libraries

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Hackers hijacked popular NPM packages by injecting them with malicious code, stealing cryptocurrency funds from billions of users who downloaded the affected packages.

In a rush? Here are the quick facts:

  • Popular libraries affected include chalk, strip-ansi, debug, and color-convert.
  • Malware hijacks cryptocurrency transactions by replacing wallet addresses in browsers.
  • Only users updating packages during the attack window are at high risk.

The Node Package Manager (NPM) ecosystem suffered its biggest supply chain attack to date, as first reported by Bleeping Computer (BC). Hackers embedded malware into popular JavaScript libraries, which users download billions of times each week..

The attackers used fake NPM support emails to send package maintainers false alerts, prompting them to update their two-factor authentication.

Josh Junon (qix), a targeted maintainer, confirmed the phishing attack, stating it came from a fake domain, ‘npmjs[.]help.’ Attackers introduced harmful code into three widely used packages, which together receive more than 2.6 billion weekly downloads: chalk, strip-ansi, and debug.

CoinTelegraph explains that the malware acts as a crypto-clipper, monitoring web browser transactions for cryptocurrency addresses and replacing them with attacker-controlled addresses.

“The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations,” explained Charlie Eriksen from Aikido Security, as reported by BC.

He added, “What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users’ apps believe they are signing.”

CoinTelegraph notes that the attack specifically targets users who installed or updated compromised packages through web-based applications. Developers using pinned older versions remain protected, but software wallet users who rely on one latest software wallets face the greatest danger.

Hardware wallets requiring manual transaction verification offer the strongest security protection.

BC says that NPM has removed some malicious versions, including the debug package, downloaded 357.6 million times per week. Security experts advise users to handle cryptocurrency transactions with care until all affected packages complete their full security update.