The Useless Bureaucrat: When Refusing to Act Is the Failure Mode
There is a tempting failure mode in agent design. The agent is asked to do something. The instruction is mildly ambiguous. The context is incomplete. The rig...
Trust × Safety: Why the Multiplication Matters
A team builds an AI agent. They invest deeply in trust: the agent’s identity is verified, its supply chain is attested, its behavior is profiled, its outputs...
Forcing Functions Don’t Make Seams — They Make Them Visible
A team is evolving their framework. They add a new constraint — a regulatory requirement, a new threat class, a new product surface, a new dimension of evalu...
Naming What Already Exists: PDP/PEP Was the Rule Pipeline Read Correctly
A team is evolving an agentic Trust framework. They have built it for some time. The framework computes verdicts; the verdicts gate actions; the system works.
Capability Floors: Why Your Model Sets Your Security Posture
A Phase 2 organization deploys a frontier model. They have identity controls, basic supply chain verification, and competence testing. They feel ready.
From Black Box to Glass Box
Your agent spent $4,200 at 3am. The CISO has five questions. You have until the morning standup to answer them.
From Trust Us to Verify It Yourself
Every AI platform today makes the same claim: “We are secure. We are safe. We are trustworthy.”
The 3am Problem
It is 3:14am. Your purchasing agent detects that printer paper is running low — 15 units against a 50-unit threshold. It places a reorder. $50,000 spent. No ...
Policy Is a Promise. Architecture Is Physics.
Every approach to constraining autonomous agents eventually faces the same question: what happens when the constraint is tested?
Zero Trust for Agentic AI: The Four Dimensions of Trust
AI agents are not users and they are not microservices. They occupy a new category — autonomous software that reasons, acts, and transacts on behalf of human...
Mandates Are Not Blank Checks
When a human buys something online, they click “Purchase.” That click is their consent — implicit, instantaneous, revocable by calling their bank.
Effective Trust and Your Existing Posture
The first question every security leader asks about a new framework: “What happens to what I already have?”
Cybersecurity: Critical Infrastructure Protection: A Reading
This week I had a reading on critical infrastructure policy across the world. While there is a recognition of the importance of critical infrastructure, diff...
Cybersecurity: Protecting Yourself in the Digital Age
Now more than ever in today’s digital age, it’s more important than ever to take steps to protect personal information online. Cyber attacks are becoming inc...