Honest writing on AI governance.
Thought leadership on AI runtime governance, EU AI Act compliance, prompt injection defence and the security challenges of deploying AI agents in regulated industries.
AI-Powered Cybersecurity Meets AI Governance
AI is transforming cybersecurity. But who secures the AI doing the securing? When your security tools are autonomous agents, they need governance too.
Read articleSecuring AI Agents in Regulated Industries
When a bad AI decision has a dollar figure, a patient outcome, or a legal liability attached, security is not optional.
Read articleReal-Time Monitoring for AI Agents: Beyond Dashboards
Dashboards were built for human-speed decisions. When AI agents process 200 cases per hour, you need monitoring that can keep up.
Read articleAI Security in 2026: What CISOs Actually Need
The AI security landscape shifted from model safety to agent governance. Here is what matters now.
Read article
The IETF Just Published an AI Agent Auth Framework. Here's What It Gets Right.
draft-klrc-aiagent-auth-00 proposes SPIFFE, OAuth 2.0, and WIMSE for agent identity. A technical reading of what it means and what it misses.
Read article
Cloud Security's Lessons for AI Governance: What We Already Learned Once
Every AI governance mistake was already made with cloud. Shadow IT, shared credentials, missing audit trails. The playbook exists.
Read article
The CISO AI Readiness Score: A Self-Assessment Framework
8 dimensions, scored 0-4. A practical framework to measure where your organization stands on AI agent governance.
Read article
EU AI Act Compliance: What You Should Be Doing Right Now
Enforcement starts August 2026. Here is what to do before the deadline.
Read article
Designing Auditable AI Agents from Day One
Most teams retrofit auditability. Here are five design principles for agents that generate compliance evidence as a byproduct.
Read article
Why Your AI Agent Needs an Identity, Not Just an API Key
Shared API keys mean you can't tell agents apart. Here is what real agent identity looks like.
Read article
The Cost of Waiting: What Happens When AI Governance Comes After the Incident
Three scenarios. Three cost calculations. The math is clearer than you think.
Read article
DORA and AI: What Financial Services Need to Know
DORA treats AI agents as ICT assets. Operational resilience testing, incident reporting, third-party risk.
Read article
Zero Trust for AI Agents: What Least Privilege Actually Means
Least privilege for humans is well understood. For AI agents, it barely exists.
Read article
Prompt Injection Is Not an AI Problem. It's an Agent Problem.
The real risk is not making the model say bad things. It's making the agent do bad things.
Read article
AI Governance Is Not AI Ethics
Ethics is about what you should build. Governance is about what you can prove you controlled.
Read article
Sandboxing AI Agents: Why Isolation Alone Is Not Enough
Kernel sandboxes lock down the process. Policy governs what the agent is allowed to do.
Read article
EU AI Act Article 14: What Human Oversight Actually Requires
Everyone knows they need "human oversight." Almost nobody agrees on what that means.
Read article
Shadow AI Is a Governance Problem, Not a Security Problem
Your teams are deploying AI agents without telling security. You need a governed path that's faster than going around you.
Read article
What Your AI Audit Trail Is Missing
Most teams log prompts and token counts. When the auditor asks what happened, the answer is incomplete.
Read article
AI Agent Security Is Not LLM Security
The threat model is fundamentally different from securing a language model.
Read article
The Governance Gap: Why AI Agent Security Requires a New Category
AI agents are deploying faster than governance can keep up. Here's what needs to change.
Read article