Articles on Artificial Intelligence
Below are my perspectives on Artificial Intelligence, drawn from my work as a security leader and practitioner.
- Artificial Intelligence Making Sense of Security for AI: The AI Defense Matrix The AI Defense Matrix maps eight AI asset classes to NIST CSF functions, giving security leaders one grid to assign ownership, find gaps, and select controls. Sounil Yu and I co-authored it as the...
- Tools Build a Decoy MCP Server to Catch AI Agent Attackers Your AI agent's MCP config can be a target for an attacker who reaches your machine. A decoy MCP server entry pointing at a Cloudflare Worker can reveal the attacker's presence and their intent.
- Tools The Personal AI Stack: A Power User's Guide An AI tool like Claude Code gives you solid general-purpose capabilities out of the box. To make it truly indispensable, add the layers that teach it who you are, how you work, and what you do.
- Risk Management Trust Boundary of SaaS Will Include Customers' AI Agents SaaS vendors should assess whether their trust boundary includes customers' AI agents. Liability has pushed banks toward securing the customer's device four times, and the fifth wave is forming...
- Artificial Intelligence What to Make of AIUC-1, a New AI Agent Certification New certifications start as claims and earn credibility through cycles of scrutiny. AIUC-1, a compliance framework for AI agent vendors, is at that starting point. How its structure, governance, and...
- Product Management Scoring Your Security Product Strategy in the AI Era AI has made commodity software easy to produce, leaving traditional SaaS exposed. Applied to cybersecurity, a seven-dimension rubric scores security product strategies to help leaders identify...