Who Authorized the AI?
AI authority rarely arrives through one reckless decision. It accumulates through reasonable approvals until no one can say who authorized the workflow.
AI authority rarely arrives through one reckless decision. It accumulates through reasonable approvals until no one can say who authorized the workflow.
AI output is often close enough to look finished, but not close enough to trust. I’m working through how AI is forcing me to get clearer about standards, judgment, voice, and what good work actually looks like.
AI agents are not just helping individual contributors move faster. They are helping us build better review loops around the work before we pull real people in.
Why microsegmentation still matters in the AI era, and why the path forward has to be smaller, smarter, and more honest. If you have ever been part of a microsegmentation project, you know the hard part usually does not start with the technology. It starts in a room. Network teams
Every quarter, enterprises ask familiar questions about human access. Does this user still need access to this application? Does this admin still need elevated privileges? Is this service account still active? Are these permissions still aligned to the person’s role? What access should be revoked before it becomes a
Something shifted at RSAC 2026 last week. The conversations that previously orbited around "how do we secure AI" moved toward something more specific and more urgent: how do we extend Zero Trust, the framework most enterprises have been building toward for the better part of a decade, to
OpenClaw became the most-starred repository in GitHub history in about 60 days. By early March, it had passed 250,000 stars, overtaking React, a project that took over a decade to reach that number. If you work in enterprise security or architecture and haven't heard of it
I keep hearing about post-quantum cryptography. It comes up in industry reports, vendor announcements, and security news with increasing frequency. My sense is that most security professionals are in the same place I am: aware that something is happening, not entirely sure what it means for them, and uncertain
We've been talking about the cybersecurity workforce shortage for over a decade now. At this point, it's almost background noise in the industry. Someone publishes the ISC2 numbers, we all read the headlines, nod along, and go back to work. Millions of unfilled roles globally, the
It's been a minute since I posted here. I've been heads-down in the security trenches, but something has been eating at me that I need to get out in the open. Every week, I'm in conversations with enterprise architects, security leaders, and IT
Key Takeaways * Combining data privacy protection with AI system safeguards enterprise AI implementations from unauthorized access and data breaches * Organizations implementing private AI must address unique challenges, including model isolation, data residency requirements, and secure inference pipelines * The NIST AI Risk Management Framework, ISO/IEC 27001, and emerging standards like
Key Takeaways * Zero trust AI security requires distinct approaches for AI systems that enterprises consume versus AI systems they develop internally * Traditional perimeter-based security measures fail to protect distributed AI workloads across multi-cloud environments and third-party services * Identity-centric controls for AI models, data pipelines, and inference