Operational knowledge, codified. Each piece translates direct enterprise experience into frameworks practitioners and executives can act on — from blog posts on emerging threats to published books and research articles.
Blog
Project Glasswing goes beyond faster vulnerability discovery. It eliminates the foundational constraints modern cybersecurity depends on. AI-driven vulnerability discovery collapses the time between exposure and exploitation to near-zero, rendering detection, prioritization, and patch-based models structurally insufficient. The only defensible model is control at runtime, enforced at machine speed.
Read article →Why the Control Plane Is Non-Negotiable
If agentic AI can act without traversing a hardened enforcement boundary, you have policy theater — not risk management. Runtime governance requires a control plane that enforces policy at the moment an agent intends to act, provides auditable evidence, and constrains delegated authority. The gap between governance intent and governance effect is the largest unpriced risk in enterprise AI today.
Read article →What the PyPI Supply Chain Attack Means for Every Organization Running AI
LiteLLM versions 1.82.7 and 1.82.8 on PyPI were compromised with credential-stealing malware as part of a month-long campaign by TeamPCP that included Trivy, KICS, a self-propagating npm worm, and Kubernetes wipers with Iran-targeted destruction. The implications for AI governance are immediate.
Read article →What the AWS AgentCore Sandbox Bypass Means for AI Governance
BeyondTrust Phantom Labs demonstrated a full sandbox escape from AWS Bedrock AgentCore using DNS-based C2. The implications for AI governance are significant, and most organizations are not accounting for this class of risk.
Read article →Inside the ACR Control Plane
The ACR Control Plane is now a working reference implementation—open source, deployable, and designed to prove that runtime AI governance is not theoretical. It is operational.
Read article →Why 2026 Is the Year Enterprises Must Move From Policy to Runtime Control
AI governance is entering its enforcement era. Learn why enterprises must move from policy documents to runtime control architectures like the ACR Standard.
Read article →Books
Controlling Autonomous Action at Runtime
The definitive guide to governing agentic AI in production. Covers the ACR Standard, runtime enforcement architecture, agentic threat defense, and evidence-first governance for enterprise environments.
Buy Digital Edition — $9.99
Total Cyber Security for Small and Medium Sized Businesses
Foundational enterprise security guidance — risk programs, incident response, and the operational controls that protect business infrastructure.
View on Amazon
Analysis of how social platforms are weaponized for influence operations, disinformation, and threat intelligence — applying the same analytical rigor used in security operations.
View on AmazonArticles
Experts Exchange · 2023
Experts Exchange · 2023
Experts Exchange · 2023
Experts Exchange · 2017
Experts Exchange · 2017
Experts Exchange · 2017
Experts Exchange · 2017
Experts Exchange · 2017
Runtime AI control strategies, enforcement architecture patterns, and ACR Standard updates — direct from the practitioner who built them.
No spam. Unsubscribe anytime.