Blog

The thinking behind AI security review.

Threat models, governance evidence, and the decisions that hold up under scrutiny. Written for security architects and the committees they report to.

Newsletter

New posts in your inbox,
when they publish.

Threat modeling, governance evidence, and what AI Committees actually need — written for security architects and AI governance leads. No cadence promises.

No spam. Unsubscribe anytime.

Regulation13 min

ISO 42001 audit readiness — the controls that fail most often

ISO 42001 certification audits surface the same gaps repeatedly: incomplete risk registers, missing re-assessment triggers, and evidence that describes intent rather than practice. Here is what auditors look for and how to close the gaps before they find them.

Reference10 min

Security review for agentic AI procurement — a buyer's checklist

Procurement teams are approving agentic AI systems without the security vocabulary to ask the right questions. This checklist covers the eight areas a security review must address before an agentic system reaches production.

Technical11 min

LLM output validation — the controls that actually work

Prompt injection and hallucination are symptoms. The root cause is missing output validation at the right lifecycle gates. This piece maps the validation controls that close the gap, with examples from assessed systems.

Foundations10 min

What goes in an AI risk register — and what does not

Most AI risk registers are either generic IT risk registers with 'AI' added, or threat lists with no ownership or treatment. This piece defines the five fields every AI risk entry needs and the common entries that do not belong.

Technical12 min

Threat modeling a RAG pipeline — retrieval, context, and generation risks

RAG pipelines introduce three distinct attack surfaces that standard LLM threat models miss: the retrieval boundary, the context window, and the generation gate. Here is the full threat model with controls for each.

Regulation11 min

DPAs and AI systems — what DPOs actually need to document

Data Protection Authorities are starting to ask about AI systems in DPA reviews. This piece maps what DPOs need to document, what regulators are looking for, and the gaps that appear most often in organisations that have not prepared.

Technical13 min

Attack path analysis for AI systems — beyond CVE scoring

CVE scores tell you a vulnerability exists. Attack path analysis tells you whether it is reachable, exploitable, and connected to a blast radius that matters. Here is how to apply it to AI system assessments.

Governance11 min

AI incident response — what the playbook needs that IT playbooks miss

AI incidents have three properties that standard IT incident response playbooks do not handle: non-deterministic reproduction, model-level root cause, and evidence that degrades over time. Here is what the playbook needs.

Regulation8 min

Is your AI system high-risk under the EU AI Act? How to find out

The EU AI Act's Annex III lists 8 categories of high-risk AI. Most AI teams don't know whether their system is in scope. Here's how to determine your risk tier — and what it means for what you need to build.

Foundations9 min

Clearance vs approval — why the distinction matters for AI governance

Most organisations conflate security clearance with business approval for AI systems. The distinction matters: clearance is a security gate, approval is a business decision. Conflating them produces systems that are approved but not cleared — or cleared but not governed.

Regulation10 min

An AI Risk Disposition that holds up in regulator review

Most AI risk dispositions are written for internal approval, not external scrutiny. When a regulator or auditor asks for the record, they look for different things — here is what must be in the disposition to hold up.

Technical12 min

Security review for fine-tuned models — what changes from base model assessment

Fine-tuned models inherit the base model's risk profile and add their own. Training data provenance, alignment drift, and capability overhang are the three areas a security review must address that base model assessments typically skip.