IV Minute Updates
The Security Frameworks That Should Govern Them — and Don’t
A framework-by-framework evaluation of STRIDE, NIST CSF, OWASP, SOC II, and HIPAA —
and the VIII questions every CISO should be asking their vendor right now.
The VII structural problems with current LLM alignment — through the lens of developmental psychology.
The Retrofit Problem in Agentic AI Security
Look at how the AI industry has approached alignment. Pre-training ingests the entire internet without value discrimination — the model learns everything, including what it should never reproduce. Once that capability has been built, alignment is applied afterward through reinforcement learning from human feedback, fine-tuning, and constitutional methods. The values are retrofitted onto a model whose worldview has already formed. The result is a system that performs well in evaluation and behaves unpredictably in deployment, because the values were never the foundation. They were the paint.
When you bolt a foundational property onto an architecture that was not built to hold it, the property fights the architecture. The friction shows up as cost. In artificial intelligence, this happens at three points across the lifecycle, and each one creates its own line item.
The Five Layers of Runtime AI Defense — Why Minimizing What an Attacker Can Do Is Not Enough, and What Comes Next
Most security architectures in production today are designed around a single objective: minimize what an attacker can do. Detect the intrusion. Contain the breach. Eject the adversary. Restore the system. This is not wrong. It is foundational, and it is exactly what an organization without architectural governance has to do, because all the energy of its security program is consumed by the minimization itself.