Blog

Honest writing on AI runtime governance, compliance, and the security challenges that come with deploying AI agents in regulated industries.

Cloud Security Lessons
Governance
10 min

Cloud Security's Lessons for AI Governance: What We Already Learned Once

Every AI governance mistake was already made with cloud. Shadow IT, shared credentials, missing audit trails. The playbook exists.

Jens Bontinck April 24, 2026 Read article
CISO Readiness Score
Framework
12 min

The CISO AI Readiness Score: A Self-Assessment Framework

8 dimensions, scored 0-4. A practical framework to measure where your organization stands on AI agent governance.

Jens Bontinck April 21, 2026 Read article
EU AI Act Timeline
EU AI ActCompliance
11 min

EU AI Act Compliance: What You Should Be Doing Right Now

Enforcement starts August 2027. Here is a quarter-by-quarter timeline with specific actions for each phase.

Jens Bontinck April 17, 2026 Read article
Auditable Agents
ArchitectureCompliance
10 min

Designing Auditable AI Agents from Day One

Most teams retrofit auditability. Here are five design principles for agents that generate compliance evidence as a byproduct.

Jens Bontinck April 14, 2026 Read article
Agent Identity
Architecture
10 min

Why Your AI Agent Needs an Identity, Not Just an API Key

Shared API keys mean you can't tell agents apart. Here is what real agent identity looks like.

Jens Bontinck April 10, 2026 Read article
Cost of Waiting
Business Case
9 min

The Cost of Waiting: What Happens When AI Governance Comes After the Incident

Three scenarios. Three cost calculations. The math is clearer than you think.

Jens Bontinck April 7, 2026 Read article
DORA and AI
Compliance
11 min

DORA and AI: What Financial Services Need to Know

DORA treats AI agents as ICT assets. Operational resilience testing, incident reporting, third-party risk.

Jens Bontinck April 3, 2026 Read article
Zero Trust
GovernanceThreat Model
10 min

Zero Trust for AI Agents: What Least Privilege Actually Means

Least privilege for humans is well understood. For AI agents, it barely exists.

Jens Bontinck March 31, 2026 Read article
Prompt Injection
Threat Model
10 min

Prompt Injection Is Not an AI Problem. It's an Agent Problem.

The real risk is not making the model say bad things. It's making the agent do bad things.

Jens Bontinck March 27, 2026 Read article
Governance vs Ethics
Governance
9 min

AI Governance Is Not AI Ethics

Ethics is about what you should build. Governance is about what you can prove you controlled.

Jens Bontinck March 24, 2026 Read article
Sandboxing
Deep DiveThreat Model
12 min

Sandboxing AI Agents: Why Isolation Alone Is Not Enough

Kernel sandboxes lock down the process. Policy governs what the agent is allowed to do.

Jens Bontinck March 20, 2026 Read article
Article 14
EU AI ActCompliance
11 min

EU AI Act Article 14: What Human Oversight Actually Requires

Everyone knows they need "human oversight." Almost nobody agrees on what that means.

Jens Bontinck March 17, 2026 Read article
Shadow AI
OrganizationGovernance
9 min

Shadow AI Is a Governance Problem, Not a Security Problem

Your teams are deploying AI agents without telling security. You need a governed path that's faster than going around you.

Jens Bontinck March 13, 2026 Read article
Audit Trail
Compliance
11 min

What Your AI Audit Trail Is Missing

Most teams log prompts and token counts. When the auditor asks what happened, the answer is incomplete.

Jens Bontinck March 10, 2026 Read article
Agent Security
Threat Model
10 min

AI Agent Security Is Not LLM Security

The threat model is fundamentally different from securing a language model.

Jens Bontinck March 6, 2026 Read article
Governance Gap
GovernanceCompliance
12 min

The Governance Gap: Why AI Agent Security Requires a New Category

AI agents are deploying faster than governance can keep up. Here's what needs to change.

Jens Bontinck March 3, 2026 Read article