Blog

Analysis on enterprise AI governance, inline policy enforcement, agentic AI security, and regulatory compliance.

Making Vector Search Identity-Aware in RAG Systems

Most RAG stacks retrieve top-K chunks first and enforce permissions later in the app. At scale, this breaks the trust boundary and degrades retrieval quality. When users only have access to a subset of the corpus, post-filtering collapses top-K into a tiny context window, even when many relevant authorized chunks exist deeper in the index. The fix is to make retrieval identity-aware so authorization becomes part of ranking. In the blog, I walk through how to design identity-aware retrieval so access control is enforced during search, not after it.

RAGABACDatabase-NativeZero-TrustSecurityVector SearchData Security
Read post →

Managing the Agentic Blast Radius in Multi-Agent Systems(OWASP 2026)

The most complex risks in the 2026 OWASP list are not about a single bad action, but about how agents exist over time, interact with each other, and propagate behavior across systems. Unchecked blast radius occurs when **probabilistic agent behavior becomes persistent, trusted, and shared across systems**. This post continues from my previous two pieces on [Loss of Intent as a Failure Mode in OWASP Agentic AI Risks](/blog/loss-of-intent-as-a-failure-mode-in-owasp-agentic-ai-risks-2026) (Part 1) and [Identity and Execution Risks in Agentic AI – The Capability Gap](/blog/identity-and-execution-risks-in-agentic-ai-the-capability-gap-owasp-2026) (Part 2) and is the final part of the series.

AISecurityAgenticAIAIEngineeringCybersecurityOWASP
Read post →

Identity and Execution Risks in Agentic AI - The Capability Gap (OWASP 2026)

When moving from intent to execution, the security model for Agentic AI shifts from intent interpretation to traditional systems hardening. Once an LLM can invoke tools and assume identities, the capabilities we grant an agent become the primary attack surface. This post continues from my first piece on [Loss of Intent as a Failure Mode in OWASP's Agentic AI Risks](/blog/loss-of-intent-as-a-failure-mode-in-owasp-agentic-ai-risks-2026). Here, I focus on the second bucket in the [OWASP Top 10 for Agentic Applications 2026](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/): agents with too much power.

AISecurityAgenticAIAIEngineeringCybersecurityOWASP
Read post →

Loss of Intent as a Failure Mode in OWASPs Agentic AI Risks (2026)

OWASP recently released the Top 10 Vulnerabilities for Agentic Applications (2026). One thing is clear that the agentic systems fail differently than traditional applications or simple LLM integrations. The failure mode is not bad output, but the system taking a valid action for the wrong reason. In this post, I break down three OWASP vulnerabilities that stem from loss of intent, explain how they show up in real systems, and outline some mitigations.

AISecurityAgenticAIAIEngineeringCybersecurityOWASP
Read post →

Unbounded Agent Execution can result in Denial-of-Service Attacks

Agents often appear structured at the planning level, but at runtime their execution becomes increasingly non-deterministic once tools, retries, partial failures, and replanning are introduced. This can easily become an economic denial of service (EDoS) attack.

AISecurityAgenticAIDistributedSystemsCloudSecuritySystemsDesignAIInfrastructureCyberSecurity
Read post →

Prompt Injection in CI/CD Pipelines – GitHub Actions Issue (PromptPwnd)

Aikido Security recently uncovered a new class of CI/CD vulnerabilities they call **PromptPwnd**. The gist of the issue is simple: steps in the CI/CD workflows (e.g. GitHub Actions and GitLab pipelines) are increasingly using AI agents like Gemini CLI, Claude Code and OpenAI Codex to triage issues, label pull requests or generate summaries. These workflows sometimes embed untrusted user content—issue titles, PR descriptions or commit messages—directly into the prompts fed to the model. In this blog I will explore the core of the issue and some potential solutions.

AIAnigravityLLM SecuritySecurityAI SecurityPrompt InjectionDev Sec Ops 'CI'CDCI CD 'GitHub Actions' 'Supply Chain Security'
Read post →

Reducing AI Agent Vulnerability to Hidden Inputs (Learning from the Antigravity Incident)

The core of the issue with the Antigravity failure was that the AI assistant treated data as instructions, then executed those instructions through its tool layer with no human in the loop. This can happen not just in IDEs but agents in general.In this blog, I will demonstrate the failure using a local model and some scripting and will present good practices on how to prevent them.

AIAntigravityLLM SecuritySecurityAI SecurityPrompt Injection
Read post →

AI Security is a Workflow Problem

From a development perspective, most AI security problems come from the workflow around the model, not the model itself. The issues usually show up in the inputs, the data paths, and the decisions that run without any guardrails.

AISecurityWorkflowLLMAI Security
Read post →

Securing AI adoption

AI adoption is accelerating across industries, transforming how businesses operate and innovate. As companies embrace AI, it is crucial to understand the security and privacy implications. This article will explore security considerations when building custom AI solutions and integrating AI into business operations.

Artificial IntelligenceAIMachine LearningMLLLMSecurityShift LeftOWASP
Read post →