Long-form notes from AI security review.
What AI Committees ask for, what regulators read, and what is missing from most threat models. Written for security architects, AI governance leads, and DPOs.
New posts in your inbox,
when they publish.
Threat modeling, governance evidence, and what AI Committees actually need — written for security architects and AI governance leads. No cadence promises.
Evaluating a RAG pipeline for security, not just relevance
RAG evaluation frameworks are designed to measure retrieval quality and answer relevance. Security evaluation asks different questions: what data boundaries does the pipeline cross, what can be extracted, and what controls enforce the intended scope?
General-purpose AI obligations under the EU AI Act
The GPAI provisions of the EU AI Act introduce obligations for foundation model providers. This piece explains what GPAI means, which obligations apply, and what deployers of GPAI-powered systems need to understand.
Privilege escalation paths in agentic AI
Agentic AI privilege escalation does not require a kernel exploit. It requires a model that can be convinced to invoke a tool it was not intended to invoke. This piece maps the escalation paths and the review controls that block them.
Excessive agency — when an LLM can do too much
OWASP LLM08 excessive agency is the risk that an LLM system has been given more capability than it needs to complete its task — and that excess capability can be exercised by a manipulated model. Least-privilege is the control.
Reading a model card as a security reviewer
Model cards were designed for ML practitioners. A security reviewer reads them differently — looking for training data, capability claims, limitations, and evaluation methodology. This piece explains how to extract security-relevant information from a model card.
Design-time vs runtime AI security — where review belongs
Runtime AI security tools watch for anomalies in production. Design-time review asks whether the system should go to production in the first place. Both matter, but conflating them creates blind spots at each layer.
Re-assessment triggers — the field most dispositions skip
A disposition without re-assessment triggers is a decision without an expiry. It stays valid regardless of what the AI system becomes. Re-assessment triggers are the mechanism that keeps a disposition honest over time.
When to re-assess an AI vendor
An AI vendor assessment is not a one-time exercise. Model updates, new features, changed data-handling terms, incidents at the vendor, and expanding use cases in your organisation are all triggers that require a fresh assessment.
The ISO 42001 evidence checklist for security reviews
An ISO 42001 audit will ask for specific evidence across each control domain. This checklist maps the evidence required for conformance and aligns it with the artefacts an AI security review already produces.
Prompt-context injection through MCP tools
MCP tools return data that is injected into the model's context. When that data contains instructions, the tool becomes an injection vector. This piece explains how context injection works through MCP and the controls that prevent it.
Vector database security for RAG pipelines
Vector databases are infrastructure. They inherit all the access-control and injection requirements of any other data store — plus some RAG-specific ones. This piece maps the security requirements for a vector database in a production RAG pipeline.
EU AI Act obligations for deployers (not just providers)
Most EU AI Act coverage focuses on providers — organisations that develop or place AI systems on the market. But deployers — organisations that use AI systems for their own purposes — have significant obligations of their own.
Free resources
Practical templates for every framework covered here.
AI Security Review Template
Full review pack with threat model, controls, and evidence grading.
OWASP Agentic Top 10 Controls
Each risk mapped to required controls and lifecycle gates.
AI Risk Disposition Memo
Clearance decision template with rationale and sign-off log.
AI Go-Live Security Checklist
Production gate checklist for security architects and CISOs.