Blog

Writing on autonomous AI assurance.

Evidence fabric design, domain control architecture, and the governance gap enterprises are walking into.

Case StudyJuly 8, 2026

JADEPUFFER: an assurance reading of the first agentic ransomware

Building on Sysdig's research on the first documented LLM-driven ransomware, we add the assurance lens: each attack stage mapped to specific, cited controls, with what each control does and why it matters, published as a machine-readable map you can consume.

ThesisJune 28, 2026

Twelve Questions. One Decision.

Every autonomous AI action may simultaneously touch identity, delegated authority, regulated data, financial policy, external knowledge, and model behavior before producing an outcome. The decision is horizontal. Today our tooling remains vertical. That mismatch becomes more important as autonomy increases.

Read →
The Seams series · June 2026
ThesisJune 21, 2026

The seams are where agents break

Everyone is publishing security guidance for AI agents. None of it connects at the seams. Here is the crosswalk, and why I built it.

ThesisJune 21, 2026

The three gaps no framework closes

Most of securing an AI agent is well-trodden ground. Three gaps are not. They are why a crosswalk needs to exist, and where I planted a flag of my own.

ThesisJune 22, 2026

A control nobody can prove is not a control

Naming a control is easy. Proving it holds is the hard part. Every Apeiris control carries three proofs: is it configured, does it survive an attack, and what artifact says so on an ongoing basis.

Security layerJune 22, 2026

Identity and authority: who the agent is, and what it can do

Five Security-domain identity controls (IA-01 to IA-05) that decide which agent acted and what it was allowed to do, federating with peer domains.

Security layerJune 23, 2026

Environment and containment: where the agent runs, and what it can reach

Nine Security-domain containment controls (EC-01 to EC-09): sooner or later the agent will be hijacked, so bound the blast radius before it happens.

Security layerJune 23, 2026

Inter-agent and tool protocols: how the agent talks to tools and to other agents

Seven Security-domain protocol controls (PT-01 to PT-07) for the wires between an agent and everything it talks to, where injection risk concentrates.

Security layerJune 24, 2026

Governance and human-in-the-loop: who approves, and what is on the record

The governance layer of Apeiris Security: nine controls for the human checkpoints, records, and accountability that keep an autonomous system answerable.

Security layerJune 24, 2026

Runtime supervision and detection: what the agent actually does, watched live

The runtime layer of Apeiris Security: eight controls for watching an agent as it runs, including the frontier ones nobody has fully solved yet.

Security layerJune 25, 2026

Continuous assurance: proving it before it ships, and after

The assurance layer of Apeiris Security: seven controls that prove an agent is safe to run before it ships, and re-proven on every change after.

Vendor landscape series · June 2026
Vendor mapJune 25, 2026

How the identity layer is being built

A June 2026 snapshot of who is building agent identity and authorization, mapped to the controls. Standards first, vendors second, no recommendations.

Vendor mapJune 25, 2026

How the containment layer is being built

A June 2026 snapshot of who is building agent containment, mapped to the controls, with an honest map of where no product exists yet.

Vendor mapJune 26, 2026

How the inter-agent and tool-protocol layer is being built

A June 2026 snapshot of who is building the agent protocol layer, mapped to the controls, and how much of the security is still optional.

Vendor mapJune 26, 2026

How the governance layer is being built

A June 2026 snapshot of who is building agent governance, mapped by control. Standards and regulation first, vendors second, no recommendations.

Vendor mapJune 26, 2026

How the runtime layer is being built

A June 2026 snapshot of who is building runtime supervision, mapped by control: three industries, no shared control plane, and the seam no one owns.

Vendor mapJune 27, 2026

How the continuous assurance layer is being built

A June 2026 snapshot of who is building continuous assurance, mapped by control. Open tooling and standards lead the labs and vendors here.

ThesisJune 27, 2026

Convergence, new energy, and the seams

The June 2026 capstone: where the field converges, where the new energy is, and the three seams between the layers that no framework closes.