Loading…
Tag
ai-security
15 posts with this tag.
Other tags:All postsacceptable-useaccess-controlagentic-aiai-acceptable-useai-adoptionai-agentsai-apisai-assistantsai-behaviorai-codingai-coding-toolsai-complianceai-contentai-copyrightai-costai-disclosure
·13 min read
TypeScript AI Agent Observability and Tracing: 5 Paste-Ready Modules (2026)
5 TypeScript modules for AI agent observability: trace context, token and cost metering, structured event logging, tool-call tracing, and OpenTelemetry export. Express and Next.js compatible, with the governance reasons each one matters.
·12 min read
AI red-teaming and security testing: what regulators now expect in 2026
EU AI Act, NIST AI RMF, and the White House AI executive order all include red-teaming requirements for AI systems. This guide covers what red-teaming means for AI, what testing is required at each risk tier, and how small teams can comply.
·10 min read
Miasma Worm and Phantom Gyp: The npm Supply Chain Attack That Bypasses Security Tools (June 2026)
A self-spreading worm compromised 57 npm packages in under 2 hours using binding.gyp instead of postinstall scripts, bypassing security scanners. What it means for teams that run npm install, and the 5 controls that limit your exposure.
·10 min read
AI Support Chatbots with Account Actions Are a Security Risk: The Meta Instagram Incident and What Your Team Must Govern (2026)
Hackers social-engineered Meta AI into resetting passwords on high-profile Instagram accounts by simply asking. What the attack means for any team deploying an AI chatbot that can take account actions, and the 6 controls that prevent it.
·9 min read
AI Agent Identity: How to Audit What Agents Have Access to Your Systems (2026)
AI agents accumulate OAuth tokens, API keys, and tool permissions without formal approval processes. Here is how to find unauthorized agents in your environment, assess their access, and build an access inventory before something goes wrong.
·10 min read
MCP Server Security: 12-Point Governance Checklist for Teams Using AI Agents with Tools
Model Context Protocol (MCP) servers give AI agents access to your filesystem, databases, and APIs. Here are the 5 attack vectors, 12-point governance checklist, and access scope framework every engineering team should implement before deploying agents with MCP.
·14 min read
TypeScript AI Agent Security Incident Response Playbooks: 4 Paste-Ready Modules (2026)
4 TypeScript modules for AI agent security incidents: prompt injection detector, circuit breaker, audit logger, tool authorization gate. Express and Next.js compatible with full Vitest test suite.
·9 min read
AI Vendor Due Diligence Checklist (2026): 30 Questions Before You Sign
30-question AI vendor due diligence checklist: security, data handling, compliance, and contract terms. Pass/fail criteria for each. Copy into your review.
·8 min read
GitHub Copilot and AI Code Assistants: Governance and IP Risk (2026)
Copilot and Cursor send source code to vendor servers. IP risk, licensing exposure, and the org settings and policy rules engineering teams need to govern this.
·8 min read
AI Vendor Supply Chain Security: Checklist for Small Teams (2026)
AI supply chain attacks: contractor gets infected, tokens stolen, your systems hit. Checklist to map vendor exposure, scope access, and respond within 24 hours.
·8 min read
How to Add AI Tools to Your SOC 2 Program
SOC 2 auditors now ask about ChatGPT, Copilot, and Claude. Which Trust Service Criteria AI affects, what evidence you need, and how to scope AI tools.
·8 min read
Claude vs ChatGPT for Compliance Teams: 2026 Governance Comparison
Claude and ChatGPT differ on GDPR posture, DPA availability, and data retention. Side-by-side governance comparison for small teams in 2026.
Showing 12 of 15 posts.