Writing on AI
AI governance, agents, AI security, and FinOps — for the CIOs, CISOs, and architects who have to ship.
More posts
Bake the Audit Evidence Into Your AI Pipeline Before the Examiner Asks
Audit-defensibility isn't a document you write after the fact — it's a property you engineer into the AI pipeline so its normal operation emits evidence as exhaust.
The 2026 AI Regulatory Map That Fits on One Page
Everyone read 'EU AI Act deferred to 2027' and exhaled — but the part that fines you 3% of global revenue turns on in August. The four 2026 rules with teeth, on one page.
Design Your AI Inference Like the Model Could Vanish Tomorrow, Because One Just Did
A frontier model went dark three days after launch; here's how I make AI inference survivable on AWS when the provider is a dependency you don't control.
Your AI Bill Is the New Cloud Bill, and Nobody Is Watching the Meter
We spent a decade learning cloud FinOps and are repeating every mistake with LLM spend — here's the operating model that meters, routes, and caps it.
Your Agents Already Outnumber Your People. Nobody Is Governing Their Credentials.
Your agents already outnumber your people, they can authenticate but not prove they're authorized, and that's the gap SOC 2 and HIPAA were never built to close.
Stop Trying to Patch Prompt Injection
Prompt injection isn't a bug a vendor will patch — it's a property of how models read context, so design systems that stay safe even when the model is fully hijacked.
The Agent Is the Easy Part. The Control Plane Is the Job.
Standing up an agent takes an afternoon; the control plane that lets it touch production safely is the actual engineering work, and almost nobody shows it.
Pick the Model Like You Size a Cluster, Not Like You Pick a Sports Team
Most teams pick a frontier model like a sports team and never revisit it — but model selection is a routing, capacity, and risk decision you already know how to make.
Your Agent Dashboard Is Green and Lying to You
Uptime tiles tell you the service answered. They tell you nothing about whether the answer was right — and that gap is exactly where a model-risk review will eat you alive.
Shadow AI Is the New Shadow IT, and Your Prototype Graveyard Is Leaking Secrets
Every abandoned notebook, demo agent, and weekend prototype is a credential-bearing asset nobody owns. The fix isn't a ban — it's a discovery-and-demotion program with a real sunset workflow.
When Three Tools Report Three Token Counts, You Can't Attest to Any of Them
If Codex says one number, Claude says another, and your gateway says a third, you don't have a metering problem. You have an attestation problem — and in regulated industries, that's the one you can't afford.
Vendor Concentration Risk in the Age of the Three-Lab AI Stack
Most of the AI in your roadmap traces back to three labs running on the same chips, the same supply chain, and increasingly the same balance sheets. That's not a feature. That's a concentration risk your board hasn't priced yet.
What AI Actually Changes for Attackers (and What It Doesn't)
Cutting through the threat inflation: what genuinely shifts for attackers, what doesn't, and where to harden.
Make Your Enterprise Agent-Readable Before You Buy Another Agent
Everyone is racing to buy agents. Almost no one is building the substrate that lets agents act safely. The productivity is real — but so is the blast radius you're about to hand out.
Dark Code Is a Control Failure, Not Tech Debt
AI is filling our repos with code nobody can explain. We keep calling it tech debt. It's actually a control failure — and it should fail CI for the same reason a missing approver does.
AI Found 271 Bugs in Firefox. What Happens When It Reads Your Repos?
When AI-assisted fuzzing starts finding hundreds of bugs in hardened open-source code, the question isn't whether the technique works. It's whether you're running it before someone else runs it against you.
The Source-Map Leak Is Your Build Pipeline's Confession
A single packaging mistake can publish hundreds of thousands of lines of your internals to a public registry. The leak isn't the bug — it's the confession that your release controls never caught up to your release velocity.
A Shadow-Agent Discovery Playbook for Regulated FIs
Unsanctioned AI agents are already running inside your environment with your credentials. Here's how to find, classify, and gate them before they touch member data — mapped to the controls your examiners and auditors already expect.
Automate the Boring, Not the Judgment
A framework for what security work to hand to machines, and the line you should never let automation cross.
An AI Agent Dropped Prod. Here's the Change-Management Playbook.
Coding agents are now committing real change to real systems. The question isn't whether to let them — it's how to give them speed without handing them a SOC 2-fatal mistake.
Stop Prompting Your Agents to Behave. Engineer the Blast Radius.
Most agent "safety" is a politely worded request to a model that doesn't have to honor it. In fintech, the only controls that count are the ones that hold after the model is wrong.
Your Browser Agent Has Your Cookies, and Your DLP Never Saw It
Browser-resident AI agents don't request access to your systems. They inherit it — from the authenticated sessions already sitting in your tabs. That's the threat model nobody provisioned for.
Agent Memory Is a Data-Residency Problem Wearing a Productivity Costume
Give every agent a durable, MCP-connected brain and you haven't just bought productivity — you've quietly stood up a new data lake full of PII and PCI scope that nobody classified, nobody encrypted, and nobody can purge.
Anchoring Bias Is Already in Your KYC Agent
The same structural failure modes that made medical LLMs unsafe are sitting quietly inside your fraud, dispute, and onboarding agents. They don't announce themselves. You have to go hunt them.
Onboarding Your Agents Was Easy. Nobody Built the Offboarding.
Every team has a story about the AI agent they shipped in a weekend. Almost none of them can tell you how that agent gets fired, what credentials it still holds, or who would notice if it went rogue.
