Zero-Trust enforcement for enterprise AI.

DeepInspect authorizes, redacts, or blocks every AI request inline, then writes a cryptographically signed forensic record for regulatory defense.

CALLERUsersApplicationsAgentsrequestDEEPINSPECT GATEWAY< 50ms · fail-closedIdentityrole · env · tokenData classPII · PHI · PCIPolicy v12per-role action mapallowredactblockUPSTREAMModelsMCP toolsProvidersSIGNED FORENSIC RECORDidentity · policy · payloads · hmac

Who Owns AI Governance Liability in an Enterprise?

AI governance is a responsibility boundary. Regulators and boards want enforcement records, not dashboards.

The boundary falls on the enterprise rather than the model provider. Provider terms of service place contractual responsibility for how a model is used inside a customer environment on the customer. A regulatory inquiry about a specific AI decision reaches the CISO and the compliance officer, and the durable answer is a runtime record of how each AI request was handled together with the policy version in effect at the time.

Enterprises own:

Regulatory exposure
Audit outcomes
Breach narratives
Board accountability

Each obligation maps to an operational record only the enterprise can produce. Regulatory exposure resolves when the enterprise shows the specific decisions the system made and the policy versions in effect. Audit outcomes improve when the auditor reads records that each carry a per-record cryptographic signature verifiable on its own. Breach narratives hold together when every AI interaction in the sequence carries its own integrity proof. Board accountability follows the pattern of financial controls, signed attestations rather than best-effort summaries.

Governance requires reconstruction of who accessed what data and why a decision was allowed.

The risk lives in ungoverned AI usage inside your enterprise.

Recent thinking.

All posts →

July 15, 2026

MCP Security vs API Security: What Changes When Tools Are Discovered at Runtime

MCP looks like an API, so teams reach for their API security playbook and inherit its blind spots. This article walks four places where MCP security departs from classic API security: tools are discovered at runtime rather than fixed at design time, tool descriptions are an input the model trusts, the caller is often a non-human identity, and authorization is per tool call rather than per endpoint. It shows which API controls carry over and which do not.

Read →

July 15, 2026

LLM Security Testing: The Four Categories and What Each One Measures

LLM security testing spans four categories that measure different failures: prompt injection resistance, jailbreak resistance, data exfiltration exposure, and output safety. This article defines each category, the objective it tests, and the metric it reports, then wires them into a repeatable program with a CI gate. It marks the point every testing effort has to state: testing quantifies exposure, and an enforcement layer is what closes it at runtime.

Read →

July 15, 2026

MCP Security Checklist: A Deployment Audit Instrument With Pass Criteria

A checklist you can run against a Model Context Protocol deployment, grouped into transport, authentication, authorization, egress, audit, and supply chain, with an explicit pass criterion for each item. It is written as an audit instrument rather than an essay, and it marks which items a network control can verify on the HTTP transport and which belong to host hardening for stdio servers.

Read →