Long-form notes from AI security review.
What AI Committees ask for, what regulators read, and what is missing from most threat models. Written for security architects, AI governance leads, and DPOs.
New posts in your inbox,
when they publish.
Threat modeling, governance evidence, and what AI Committees actually need — written for security architects and AI governance leads. No cadence promises.
Human-in-the-loop boundaries that actually hold
Human-in-the-loop is the most common control in agentic AI risk plans. It is also the control most often specified in a way that does not hold. This piece defines what a robust HITL boundary requires — and the failure modes that hollow it out.
Model denial of service and cost-exhaustion attacks
LLM denial of service is different from traditional DoS. An attacker does not need to crash the service — they need to make it expensive to run. Cost-exhaustion attacks are under-defended and growing in the assessed systems we review.
Who runs the AI security review — roles and hand-offs
AI security reviews involve more people than a single security team: architects who describe the system, security engineers who threat-model it, governance leads who accept the risk, and DPOs who validate data handling. This piece maps the hand-offs.
Preserving evidence after an AI incident
AI incident evidence degrades in ways that traditional IT incident evidence does not. Model context windows are ephemeral, log retention is often incomplete, and model weights change. This piece defines the evidence-preservation steps to take immediately after an AI incident.
The anatomy of an AI evidence pack
An AI evidence pack is the complete set of artefacts a governance committee needs to make a defensible decision. This piece defines what goes into one — and why the order and labelling of the artefacts matters as much as the content.
Why SOC 2 is not AI assurance
SOC 2 tells you that a vendor's infrastructure and processes meet a defined set of trust service criteria. It does not tell you how the vendor's model behaves, what data it was trained on, or how it handles edge cases. AI assurance requires different evidence.
Building an AI management system (AIMS) from scratch
An AI management system is the governance infrastructure for AI: the policies, procedures, roles, and records that allow an organisation to make defensible AI decisions at scale. This piece defines what it takes to build one.
Vetting a third-party MCP server before you connect it
Every third-party MCP server connected to an agent extends that agent's attack surface. This piece defines the vetting process: source review, tool manifest audit, permission scope, and the evidence required for a security review.
PII leakage through RAG retrieval
RAG pipelines built over internal document corpora frequently contain personal data that was never intended to be queryable by the model. PII leakage through retrieval is the most common data-protection issue we encounter in RAG security reviews.
Security review for multi-agent systems
When agents orchestrate other agents, every trust assumption in the single-agent model multiplies. This piece defines the additional review surface for multi-agent systems: inter-agent trust, capability delegation, and blast-radius containment.
EU AI Act vs GDPR — where they overlap for AI systems
The EU AI Act and GDPR overlap significantly for AI systems that process personal data. This piece maps the overlap, explains where the obligations are additive rather than duplicative, and identifies the review artefacts that satisfy both.
LLM supply-chain risk — models, weights, and dependencies
LLM applications have a supply chain that extends to pre-trained models, fine-tuning datasets, inference providers, and plugin ecosystems. This piece maps the supply-chain attack surface and the review questions for each layer.
Free resources
Practical templates for every framework covered here.
AI Security Review Template
Full review pack with threat model, controls, and evidence grading.
OWASP Agentic Top 10 Controls
Each risk mapped to required controls and lifecycle gates.
AI Risk Disposition Memo
Clearance decision template with rationale and sign-off log.
AI Go-Live Security Checklist
Production gate checklist for security architects and CISOs.