Long-form notes from AI security review.
What AI Committees ask for, what regulators read, and what is missing from most threat models. Written for security architects, AI governance leads, and DPOs.
New posts in your inbox,
when they publish.
Threat modeling, governance evidence, and what AI Committees actually need — written for security architects and AI governance leads. No cadence promises.
AI risk acceptance — who actually signs
Risk acceptance for AI systems is often attributed to a committee rather than a named individual. When something goes wrong, no one is accountable. This piece defines who should sign risk acceptance for AI systems and what that signature requires.
ISO 42001 vs ISO 27001 — what is new for AI
Organisations that already hold ISO 27001 certification often ask how much ISO 42001 adds. The answer depends on how much AI the organisation operates. This piece maps the new requirements and the areas where 27001 controls can be extended rather than replaced.
Tool poisoning in MCP servers
MCP tool poisoning is the attack where a malicious tool description manipulates the model into invoking tools or revealing data outside its intended scope. The attack surface is the tool manifest — every tool description is untrusted input.
Data poisoning in RAG knowledge bases
A RAG knowledge base is only as trustworthy as the documents in it. Data poisoning attacks insert malicious content into the knowledge base — not to corrupt the index, but to influence model outputs when those documents are retrieved.
Building an EU AI Act system inventory
The EU AI Act requires organisations to know which AI systems they deploy and which tier each one falls into. Building that inventory is harder than it sounds when AI is embedded in SaaS, vendor products, and internal tooling.
Mapping the agentic AI attack surface
The agentic AI attack surface has five distinct layers: the prompt channel, the tool surface, the memory layer, the orchestration boundary, and the output channel. This piece maps each layer with its associated threats and controls.
Prompt injection, explained for security reviewers
Prompt injection is the most widely discussed LLM attack and the most widely misunderstood. This piece cuts through the confusion: what it is, what its variants are, how it differs from SQL injection, and what controls actually reduce the risk.
The AI security review checklist, by lifecycle gate
A checklist that follows the lifecycle of an AI system — intake, architecture, threat model, control plan, disposition, pilot, production. Each gate has different review questions and different evidence requirements.
The NIST AI RMF, explained for practitioners
The NIST AI Risk Management Framework gives organisations a structure for managing AI risk across four functions: Govern, Map, Measure, and Manage. This piece explains each function in terms a security practitioner can act on.
The AI section your vendor security questionnaire is missing
Standard vendor security questionnaires cover data processing agreements, SOC 2, and encryption. They do not cover model governance, re-assessment triggers, or incident notification for model updates. This piece fills the gap.
Writing an AI governance committee charter
An AI governance committee without a charter is a meeting with a name. The charter defines the committee's authority, composition, quorum, decision types, and escalation paths. This piece defines what a working charter requires.
MCP security — the four attack surfaces of a Model Context Protocol server
MCP servers extend a model's capabilities by exposing tools, resources, and prompts. Each extension point is an attack surface. This piece defines the four surfaces and the review questions for each.
Free resources
Practical templates for every framework covered here.
AI Security Review Template
Full review pack with threat model, controls, and evidence grading.
OWASP Agentic Top 10 Controls
Each risk mapped to required controls and lifecycle gates.
AI Risk Disposition Memo
Clearance decision template with rationale and sign-off log.
AI Go-Live Security Checklist
Production gate checklist for security architects and CISOs.