Category: Thought Leadership
-
Documentation Is Now a Control, Not an Afterthought
The dangerous workflow is not always the one that fails. Sometimes it is the one that keeps working. This post explains why documentation has become a control for automated and agentic workflows, especially when ownership, scope, permissions, evidence, and operating intent drift over time.
-
Receipts or It Didn’t Happen: Evidence-Grade Logging for Agents
When agents read data, call tools, update records, and trigger downstream work, the final answer is not the whole story. Evidence-grade logging gives teams the connected receipts they need to explain what happened later.
-
Joiner-Mover-Leaver for AI Agents: Create, Rotate, and Retire Access Before It Drifts
AI agents need lifecycle management because they can hold credentials, inherit permissions, call tools, and act across systems. Learn how joiner-mover-leaver maps to create, rotate, and retire controls for agentic AI and non-human identities.
-
Mandiant Got Inside. The AI Threats Were Not What Anyone Expected.
Mandiant’s AI Risk and Resilience report shows a useful gap between perceived AI risk and real implementation failures: browser caching, SQL injection, broken access control, SSRF, excessive agency, and missing visibility.
-
Quantum’s First Real Job
IBM’s recent KCuF3 quantum materials simulation result is one of the clearest near-term proof points for enterprise-relevant quantum computing. This post breaks down what changed, what did not, and why the result matters to SecOps teams, platform engineers, and CISOs watching hybrid compute, governance, and post-quantum planning right now.
-
AI Identity Management at the Scale of One
AI identity management matters long before enterprise scale. This field note walks through what changed when AI-assisted work got its own identity across Asana, Google Docs, Slack, and email. The result was cleaner attribution, clearer boundaries, noisier receipts, and a more honest record of how work actually moved through systems.
-
The Workflow Got Faster. The Record Got Fuzzier.
AI can make a workflow faster while making the audit trail less truthful. This post looks at how tool use, delegated authority, and fuzzy attribution collide once systems start acting across tools, why productivity is still the point, and what identity, logging, and governance controls have to catch up afterward.
-
RAG Is Data Access: Retrieval Authorization Is the Control
RAG is not just an AI retrieval pattern. In enterprise environments, it is a new data access path. This post explains why retrieval authorization is the real control, where the boundary actually sits, and what security, IAM, and platform teams should review before connecting sensitive content to assistant workflows safely.
-
Secrets and Tokens: Rotation SLAs, Blast Radius, and Attacker Dwell Time
Long-lived secrets are not harmless leftovers. They are blast radius waiting for an incident. This post breaks down rotation SLAs, attacker dwell time, delegated OAuth risk, and the operational habits that keep non-human credentials from becoming tomorrow’s breach path. Built for practitioners who have to run the mess in production.
-
Agents Are Identities: The New Control Plane for Enterprise AI
AI agents are not just features. Once they connect Slack, Jira, internal data, and downstream tools, they become operating identities with permissions, authority, and blast radius. This post explains why agent governance is an identity problem, not a prompt problem, and offers a framework: name, scope, bind, watch, prove, retire.
-
Agent Inventory and the Agent Register: The Control You Need Before Agent Sprawl Becomes Identity Debt
AI agents do not create a new governance problem so much as a faster identity problem. This post explains why agent inventories, Agent Registers, and ownership discipline matter, how discovery differs from authorization, and what teams need to prove scope, effective access, lifecycle, and accountability before something breaks in production.
-
When Your MDM Becomes the Weapon
A cyberattack on Stryker in March 2026 disrupted operations across 79 countries without a single piece of malware. Publicly reported attack path: Microsoft Intune administrative abuse. This post breaks down what happened, what could not have been predicted, what the governance gaps were, and what every Intune admin should do…
Tech That MattRs 