Cloud Security Architect

NIST's Cyber AI Profile gives you three jobs: secure your AI, defend with AI, thwart attackers using AI In a bank, those three sit in three teams, on three budgets, with no shared owner. It's an operating-model gap not a control gap. You'll pass the controls and lose at the seams

AI agents are the enterprise's newest unmanaged attack surface

Everyone read the Five Eyes agentic AI guidance as a risk list. The real line: every agent needs a cryptographically anchored identity + short-lived credentials. Identity is the control plane. Capability is just the workload. Stop giving agents passwords. Give them passports.

Everyone read the Five Eyes agentic AI guidance as a risk list. The real line: every agent needs a cryptographically anchored identity + short-lived credentials. Identity is the control plane. Capability is just the workload. Stop giving agents passwords. Give them passports.

https://t.co/wARQPGs5FT

https://t.co/lkRFCBt82J

https://t.co/N7aHgeY2Lx

AI SOC is the future and projects like these are making it a reality check it out https://t.co/jDpDBwF4Ek

Follow for practitioner takes on security, AI governance, and financial services risk.

1/ UK financial services is absorbing AI accountability pressure from three regulatory directions at once. Most institutions are not ready for any of them. /thread

7/ Under SMCR, AI accountability lands on a named individual — not a contract clause. The board question is no longer "which AI tools do we approve." It's "who owns the outcome when the supplier's AI behaves unexpectedly." That is a governance architecture decision.