The more controls I see, the more worried I get.
Dense control environments don't always mean secure organizations.
Sometimes they mean nobody trusts the people enough to let them make decisions.
The organizations I worry about aren't the ones with fewer controls.
They're the ones where control count keeps climbing but nobody can explain what problem each one actually solves.
Here's the article I wrote on it.
Why AI security testing looks nothing like traditional pentesting, and what you should actually be measuring:
https://t.co/h878JVOR3Z
You approved the AI deployment.
Did you test it right?
Prompt injection appears in 73% of production AI deployments. It's the number one vulnerability in OWASP's 2025 LLM Top 10.
And most pentest teams miss it because they're testing against the wrong threat model.