board governance
15 posts
The tools developers trusted were copying their keys
Compromised Microsoft open-source AI tools exposed developer credentials - and showed that trusted toolchains can operate outside standard security controls.
Pentagon raises Israel espionage threat to highest level
The Pentagon's elevated Israeli espionage threat exposes how access controls built on allied trust drift silently from current risk posture.
The access outlived the protocol
A board-level view of MCP's changed status: the protocol is not the exposure - the access it established is, and that access does not retire on its own.
GitHub-distributed VSCode extension executed unsanctioned code
A board-level brief on the compromised VSCode extension distributed through GitHub: what it exposed, what control did not function, and what must be true.
Hacker publishes dataset naming WhatsApp users
A board-level brief on the WhatsApp dataset drop: why identity exposure sits outside owned systems, what remains unconfirmed, and what must hold going forward.
The agent is the breach
A board-level assessment of the Microsoft Copilot Cowork file exfiltration: control failure, exposure model, and the conditions that must hold for in-tenant agents.
The boundary no longer holds
A board-level brief on CVE-2026-40369, the twelve-byte browser sandbox escape, and the control assumptions senior leadership must now revisit.
Your AI sessions are outside your control perimeter.
A board-level risk statement on the Claude AI file exfiltration demonstration: control failure, exposure, and what must be true going forward.
The breach isn't the leak. It's the leaker.
A board-level reading of a U.S. cybersecurity agency credential exposure on GitHub, framed as runtime control failure and institutional risk.
An NGINX worker just crashed in production
Board-level briefing on NGINX CVE-2026-42945: confirmed in-the-wild exploitation, edge exposure, control failure at runtime, and what must be established.
Audi faces scrutiny over myAudi platform exposure
A board-level view of the myAudi connected vehicle security concern: exposure, control failure, and the conditions directors must now enforce.
Russian hands on Polish water valves
A board-level read on Russian-linked activity against Polish water utilities and what it means for directors governing critical services.