Writing
Short pieces and in-depth articles on AI, identity, and accountability for boards and security leaders.
Featured whitepaper
The Semantic Proxy Pattern
A technical reference architectural design pattern for enterprise AIgentic Actor authorization built on three independent layers: a mandatory semantic proxy that evaluates Actor actions against allowlist policy, subnet isolation that makes proxy traversal topologically mandatory, and per-Actor cryptographic identity that enables instance-level attribution and revocation. Draws on implementations from Brex, Cisco, Microsoft, CNCF standards, and production healthcare deployments.
Key questions this whitepaper addresses
- Why do existing network security controls fail against semantic agent threats?
- How does the semantic proxy pattern differ from traditional guardrails embedded in the primary model?
- What implementation components are needed for each of the three architectural layers?
Recent writing
We publish paired pieces each week — one for boards and committees, one for CISOs and security architects — on the same theme. In-depth articles appear on a bi-monthly cadence.
Security leaders
The CoSAI Evaluation: What the Field's Most Complete Toolkit Reveals About the Verification Posture
CoSAI's Agentic IAM framework is the most detailed published guidance on AIgentic identity. It shares the same structural limit as every prior framework.
The IETF AIGA Draft: An Evaluation
IETF AIGA draft evaluated: Tiered Risk-Based Governance, Immutable Kernel Architecture, Constitutional Constraints, and four additions to make it operational.
The NIST NCCoE Concept Paper: An Evaluation
NIST's NCCoE concept paper identifies five AI agent IAM focus areas. What it establishes, where it reaches its limit, and what security architects must add.
Nine Seconds: What the PocketOS Incident Reveals
A Cursor AI agent deleted PocketOS's entire production database in nine seconds. Three architectural failures made this inevitable — and the proxy architectural design pattern is the answer.
The CSA Agentic Trust Framework: An Evaluation
CSA Agentic Trust Framework: what it establishes, where behavioral verification fails for non-deterministic actors, and four additions to make ATF operational.
Governing AIgentic Actors: Identity, Trust and Control
Governing AIgentic Actors is an architectural problem, not a verification one. The Actor Identity Lifecycle is the operational answer a CISO can execute now.
Treat Your AI Agents Like You Treat Untrusted Code
AI agents in production need a three-layer security architecture: semantic proxy enforcement, subnet isolation, and per-agent identity. Here's how to build it.
The Identity Crisis at the Heart of AIgentic Systems
AIgentic architecture dissolves the application-as-gatekeeper model. A technical briefing on the four-layer identity architecture — directories, workload PKI, verifiable credentials, and DIDs — emerging to replace it.
Governing AIgentic Actors: Identity, Trust and Control
10-slide deck on Actor governance, topology-first architecture, and the Actor Identity Lifecycle for AIgentic systems.
The Semantic Proxy Pattern
12-slide technical reference on the semantic proxy pattern: three-layer defense architecture for enterprise AI agent authorization.
Treat Your AI Agents Like Untrusted Code
10-slide deck on the three-layer agent security architecture: semantic proxy, subnet isolation, per-agent identity.
Boards
The CoSAI Evaluation: What Industry Consensus on AIgentic Governance Means for Boards
CoSAI is the fourth framework to establish human governance as a requirement for AIgentic systems. For boards, that consensus is a liability question.
What the IETF's AI Governance Draft Means for Board Accountability
The IETF's AIGA draft defines five AI agent risk tiers with specific infrastructure requirements. Here's what boards need to know and ask.
What NIST's AI Agent Governance Work Means for Your Board
NIST's NCCoE identifies five AI agent governance focus areas with no compliance force yet. Here's what boards need to know and ask right now.
The Agent Problem: Why Your AI Workforce Needs a Different Kind of Oversight
AI agents take real actions at machine speed without per-action human review. A board-level briefing on the oversight infrastructure your organization needs.
Who's Running Your Organization? The Identity Challenge of the AI Agent Era
AI agents are becoming first-class actors inside enterprises, without appearing in any directory. A briefing for boards and security leaders on the identity gap and the architecture that closes it.
The Agent Problem: Why Your AI Workforce Needs a Different Kind of Oversight
10-slide board briefing on AI agent oversight infrastructure and the four governance properties boards should verify.
Stay current
We publish short pieces for boards and security leaders on AI, identity, and governance. No hype, no spam. Each piece is designed to be read in two minutes and reused in your own internal conversations.
Get in touch