Loading…
Tag
ai-security
17 posts with this tag.
Other tags:All postsacceptable-useacceptable-use-policyaccess-controlaccountabilityadministrative penaltiesAdobe FireflyadtechAfrican musicage gatingagent oversightagentic-aiai-acceptable-useai-adoptionAI Agent Safetyai-agentsai-apis
·5 min read
AI Agent API Token Leak: 24-Hour Incident Response Playbook
24-hour runbook for leaked AI agent tokens: revoke, rotate, audit blast radius, and restore access before costs spiral. 7 copy-paste steps.
·11 min read
AI Browser Agents (Atlas, Comet): 7-Point Governance Policy for Small Teams (2026)
ChatGPT Atlas and Perplexity Comet act inside your logged-in sessions, which breaks the old browser security model. Here is a copy-paste governance policy for teams of 5-50, plus the prompt-injection risk you need to brief staff on now.
·11 min read
Governing Unattended AI Coding Agents: A Small-Team Policy for Background and Overnight Agents (2026)
5 controls to govern AI agents that open PRs while you sleep. Copy this unattended AI coding agent governance policy with merge gates and a kill switch.
·13 min read
TypeScript AI Agent Observability and Tracing: 5 Paste-Ready Modules (2026)
5 TypeScript modules for AI agent observability: trace context, token and cost metering, structured event logging, tool-call tracing, and OpenTelemetry export. Express and Next.js compatible, with the governance reasons each one matters.
·12 min read
NIST AI Red Teaming: What It Is, What It Tests, and How to Run One in 2026
NIST AI 600-1 defines the AI red teaming methodology: adversarial testing for bias, safety, and misuse vulnerabilities before deployment. This guide covers the NIST framework, what a red team exercise tests, and how small teams can apply it without a dedicated security team.
·10 min read
Miasma Worm and Phantom Gyp: The npm Supply Chain Attack That Bypasses Security Tools (June 2026)
A self-spreading worm compromised 57 npm packages in under 2 hours using binding.gyp instead of postinstall scripts, bypassing security scanners. What it means for teams that run npm install, and the 5 controls that limit your exposure.
·10 min read
AI Support Chatbots with Account Actions Are a Security Risk: The Meta Instagram Incident and What Your Team Must Govern (2026)
Hackers social-engineered Meta AI into resetting passwords on high-profile Instagram accounts by simply asking. What the attack means for any team deploying an AI chatbot that can take account actions, and the 6 controls that prevent it.
·9 min read
AI Agent Identity: How to Audit What Agents Have Access to Your Systems (2026)
AI agents accumulate OAuth tokens, API keys, and tool permissions without formal approval processes. Here is how to find unauthorized agents in your environment, assess their access, and build an access inventory before something goes wrong.
·10 min read
MCP Server Security: 12-Point Governance Checklist for Teams Using AI Agents with Tools
Model Context Protocol (MCP) servers give AI agents access to your filesystem, databases, and APIs. Here are the 5 attack vectors, 12-point governance checklist, and access scope framework every engineering team should implement before deploying agents with MCP.
·14 min read
TypeScript AI Agent Security Incident Response Playbooks: 4 Paste-Ready Modules (2026)
4 copy-paste TypeScript modules for AI agent security: prompt injection guard, circuit breaker, audit trail logger, and tool authorization gate. Working code, drop into any Express or Next.js app. Vitest tests included.
·8 min read
AI Vendor Supply Chain Security: Checklist for Small Teams (2026)
AI supply chain attacks: contractor gets infected, tokens stolen, your systems hit. Checklist to map vendor exposure, scope access, and respond within 24 hours.
·9 min read
AI Vendor Due Diligence Checklist (2026): 30 Questions Before You Sign
30-question AI vendor due diligence checklist: security, data handling, compliance, and contract terms. Pass/fail criteria for each. Copy into your review.
Showing 12 of 17 posts.