Writing
Short pieces and in-depth articles on AI, identity, and accountability for boards and security leaders.
Featured whitepaper
The Semantic Proxy Pattern
A technical reference architecture for enterprise agent authorization built on three independent layers: a mandatory semantic proxy that evaluates agent actions against allowlist policy, subnet isolation that makes proxy traversal topologically mandatory, and per-agent cryptographic identity that enables instance-level attribution and revocation. Draws on implementations from Brex, Cisco, Microsoft, CNCF standards, and production healthcare deployments.
Key questions this whitepaper addresses
- Why do existing network security controls fail against semantic agent threats?
- How does the semantic proxy pattern differ from traditional guardrails embedded in the primary model?
- What implementation components are needed for each of the three architectural layers?
Recent writing
We publish paired pieces each week — one for boards and committees, one for CISOs and security architects — on the same theme. In-depth articles appear on a bi-monthly cadence.
Security leaders
The Identity Crisis at the Heart of Agentic AI
Agentic AI dissolves the application-as-gatekeeper model. A technical briefing on the four-layer identity architecture — directories, workload PKI, verifiable credentials, and DIDs — emerging to replace it.
The Semantic Proxy Pattern
12-slide technical reference on the semantic proxy pattern: three-layer defense architecture for enterprise AI agent authorization.
Treat Your AI Agents Like Untrusted Code
10-slide deck on the three-layer agent security architecture: semantic proxy, subnet isolation, per-agent identity.
Boards
The Agent Problem: Why Your AI Workforce Needs a Different Kind of Oversight
10-slide board briefing on AI agent oversight infrastructure and the four governance properties boards should verify.
Who's Running Your Organization? The Identity Challenge of the AI Agent Era
AI agents are becoming first-class actors inside enterprises, without appearing in any directory. A briefing for boards and security leaders on the identity gap and the architecture that closes it.
Stay current
We publish short pieces for boards and security leaders on AI, identity, and governance. No hype, no spam. Each piece is designed to be read in two minutes and reused in your own internal conversations.
Get in touch