Category: Frameworks
-
RAG Is Data Access: Retrieval Authorization Is the Control
RAG is not just an AI retrieval pattern. In enterprise environments, it is a new data access path. This post explains why retrieval authorization is the real control, where the boundary actually sits, and what security, IAM, and platform teams should review before connecting sensitive content to assistant workflows safely.
-
Practical Retrieval Authorization Patterns for RAG Systems
Teams are adopting AI assistants fast, often without treating retrieval as a new access path. This practical guide explains how to secure RAG systems with real authorization patterns: preserve permissions through chunking, enforce policy at retrieval time, separate trust zones, and keep adoption moving with guardrails instead of friction intact.
-
Secrets and Tokens: Rotation SLAs, Blast Radius, and Attacker Dwell Time
Long-lived secrets are not harmless leftovers. They are blast radius waiting for an incident. This post breaks down rotation SLAs, attacker dwell time, delegated OAuth risk, and the operational habits that keep non-human credentials from becoming tomorrow’s breach path. Built for practitioners who have to run the mess in production.
-
Agents Are Identities: The New Control Plane for Enterprise AI
AI agents are not just features. Once they connect Slack, Jira, internal data, and downstream tools, they become operating identities with permissions, authority, and blast radius. This post explains why agent governance is an identity problem, not a prompt problem, and offers a framework: name, scope, bind, watch, prove, retire.
-
Agent Inventory and the Agent Register: The Control You Need Before Agent Sprawl Becomes Identity Debt
AI agents do not create a new governance problem so much as a faster identity problem. This post explains why agent inventories, Agent Registers, and ownership discipline matter, how discovery differs from authorization, and what teams need to prove scope, effective access, lifecycle, and accountability before something breaks in production.
-
When Your MDM Becomes the Weapon
A cyberattack on Stryker in March 2026 disrupted operations across 79 countries without a single piece of malware. Publicly reported attack path: Microsoft Intune administrative abuse. This post breaks down what happened, what could not have been predicted, what the governance gaps were, and what every Intune admin should do…
-
Approved Tool, Expanding Agent: The Ownership Model That Works
Approved SaaS platforms keep gaining agentic capability. The original security review does not expand with them. This post covers the RACI model, re-review triggers, and anti-patterns that break accountability when trusted tools evolve, plus what NIST AI RMF and OWASP Agentic Top 10 say about why one-time approval was never…
-
Defending Against Modern Cyber Threats: A Day in the Life of Security Operations
Modern security incidents don’t fail in one place – they move. A phish becomes an identity problem. A third-party app becomes a data exposure problem. A zero-day becomes a privilege problem. This post follows a SecOps lead through five real attack scenarios and the process discipline that keeps operations standing.
-
The 90-Day Agent Identity Governance Plan
AI agents are moving fast, but governance is not keeping up today. This practical 90-day plan shows how to bring agent identities under control with ownership, least privilege, data-aware boundaries, and lifecycle discipline before hidden access, unmanaged connectors, and pilot magic turn useful automation into the next preventable security incident.
-
Shadow Agents Are the New Shadow IT
Shadow agents are the new shadow IT. This blog explains how unsanctioned agents, hidden connectors, and delegated access create new security risk, and why inventory, ownership, boundaries, and review are the practical controls that keep pilot magic from turning into production debt.
Tech That MattRs 