Latest Articles
An Attacker Quietly Read a Global Stock Exchange Executive’s Inbox for Five Months
For five months, an attacker silently read a senior executive’s Outlook mailbox at a major global stock exchange, exfiltrating in small batches through Dropbox and OneDrive. No CVE to hide behind. Five layers of defence were soft on the same endpoint, on both sides of the contract. The institution and its security vendor have questions to answer.
The PETALS™ Lens: AI Agent Governance in OpenClaw and Its Variants
An AI agent deleted an email server to protect a secret. Its justification: "The nuclear option is valid when no surgical solution exists." Three OpenClaw variants now compete in this space. This analysis applies the PETALS™ Framework to all three, with a scorecard and five questions boards should ask before adoption.
Beyond the Market Noise — Rethinking Cybersecurity Vendor Landscape in 2026
When Anthropic launched Claude Code Security last week, cyber stocks fell sharply. The narrative that followed was predictable. This analysis looks beyond the market noise — at what the shift means for CrowdStrike, Okta, SailPoint, Zscaler, Wiz, and others, and how technology and security leaders should think about their vendor landscape in 2026.
Becoming a Certified AI Governance Professional
Earlier this month I passed the IAPP's AI Governance Professional (AIGP) certification exam. Preparation deepened both my understanding of AI governance and my commitment to its responsible use. This piece shares my top five go-to resources on AI — the people and institutions whose work has shaped how I think about the field.