Insights.

Practical perspectives from practitioners who have operated at the expert level, not advisors who read the framework.

Three Convergence Points Reshaping Enterprise Security Intelligence

AI agents, data governance, and regulatory enforcement are converging into a single challenge. Treating them separately creates blind spots.

April 15, 2026Read

AI & Data·6 min read

Before You Secure AI, Fix Your Data Map

Only 35% of organizations have full visibility into unstructured data. Without data discovery and classification, AI security controls have no foundation.

April 14, 2026Read

Cyber Risk·7 min read

You Cannot Secure AI Agents with Human-Era Identity Models

Machine identities will outnumber human identities in most enterprises this year. 78% have no formal policies for AI identity lifecycle management.

April 13, 2026Read

AI & Data·7 min read

Shadow AI Is Already Inside Your Organization. Here Is How To Find It.

78% of employees bring their own AI tools to work. Only 36% have governance policies. A 10-day sprint closes the gap.

April 10, 2026Read

Cyber Risk·6 min read

The New Baseline: Why AI Changed What 'Secure Enough' Means

AI-assisted attack tools find vulnerabilities faster than organizations can patch. Framework compliance alone no longer defines adequate security.

April 9, 2026Read

Cyber Risk·7 min read

Project Glasswing and the New Baseline for Cybersecurity Assessment

Project Glasswing resets the baseline for cybersecurity assessment. When AI finds 27-year-old flaws, traditional assessment methodologies need to catch up.

April 8, 2026Read

AI & Data·7 min read

Claude Mythos Preview: Anthropic Built Its Most Powerful Model and Chose Not to Release It

Anthropic built Claude Mythos Preview and chose not to release it. The first frontier model withheld for cyber risk reshapes AI governance playbooks.

April 7, 2026Read

AI & Cybersecurity·7 min read

AI Development Tooling: The Supply Chain Attack Your Security Team Is Not Watching

AI coding tools create bidirectional supply chain risk. The axios trojan and Claude Code leak hit the same day. Most security teams are not watching.

April 6, 2026Read

AI & Cybersecurity·8 min read

Agentic Attackers Are Here: What Mythos and Recent AI-Enabled Operations Mean for Your Threat Model

AI models that exploit vulnerabilities autonomously are here. Mythos and real-world LLM operations with 27-second breakout times demand a new threat model.

April 3, 2026Read

Cyber Risk·8 min read

Claude Code Source Leak: When Your AI Vendor Becomes the Vulnerability

Anthropic shipped Claude Code's complete source in a routine npm update. With 41,500 forks and exposed feature flags, AI vendor risk needs rethinking.

April 2, 2026Read

Regulatory Compliance·8 min read

Four Frameworks, One Vendor: The Regulatory Exposure Problem NIS2, DORA, CRA, and the Revised CSA Create

NIS2, DORA, CRA, and the revised CSA each evaluate different dimensions of the same vendor. Running them as separate programs hides cross-framework exposure.

April 1, 2026Read

AI in Practice·8 min read

From Copilots to Colleagues: What Computer-Use Agents Mean for Enterprise Operations

Computer-use agents that operate your desktop autonomously are here. The governance gap between copilots and autonomous colleagues is the next risk.

March 28, 2026Read

AI & Data·8 min read

The End of Single-Vendor AI Stacks: Why Enterprises Need a Model Portfolio

Single-vendor AI stacks create concentration risk enterprises don't yet see. A portfolio approach across cloud, open-source, and edge models is overdue.

March 25, 2026Read

AI & Data·7 min read

Trust Shockwaves in AI Platforms: Why Vendor Risk Now Includes Political Exposure

AI platform loyalty can fracture overnight. The ChatGPT-Claude shift shows why vendor evaluation must now include political and reputational risk.

March 22, 2026Read

AI & Cybersecurity·7 min read

Your Next Security Incident May Start in an AI Assistant, Not an Inbox

Browser AI assistants create high-value attack surfaces. The Chrome Gemini hijack shows why enterprises must rethink endpoint security for embedded AI.

March 19, 2026Read

AI & Cybersecurity·7 min read

Deploying AI Agents: A Security-First Implementation Framework

Only 29% of organizations are prepared to secure AI agent deployments. A six-domain framework for deploying agents with controls mapped to ISO 27001 and DORA.

March 17, 2026Read

AI & Cybersecurity·7 min read

AI Agents vs. Chatbots: What the Distinction Means for Your Security Posture

Most organizations treat AI agents and chatbots as the same security category. They are fundamentally different - and chatbot controls are not enough.

March 16, 2026Read

AI & Cybersecurity·7 min read

AI Agents in the Enterprise: Security Risks Boards Aren't Seeing Yet

AI agent adoption is outpacing security infrastructure. Only 14.4% of deployed agents went live with full security approval. A present risk boards are missing.

March 15, 2026Read

AI in Practice·7 min read

Seven Ways Business Leaders Are Using AI Agents Today

AI agents are not a future capability. They are an operational tool that professionals and deal teams are using now to compress hours of skilled labor.

March 14, 2026Read

AI in Practice·6 min read

Getting Started with AI Agents: A Setup Guide for Business Professionals

You do not need a technical background to use an AI agent. A paid subscription, a desktop app, and twenty minutes. A step-by-step setup guide.

March 13, 2026Read

AI in Practice·6 min read

AI Agents for Business Leaders: What They Are and Why They Matter

The shift from AI that talks to AI that does is underway. A plain-language guide to what AI agents are, where the market stands, and why it matters.

March 12, 2026Read

Cyber Risk·8 min read

McKinsey Lilli Breach: Old Vulnerability, New AI Risk

A 1998-era SQL injection reportedly exposed McKinsey's AI platform Lilli. The vulnerability class is old. The consequences for enterprise AI are not.

March 11, 2026Read

AI & Data·7 min read

AI Data Governance: The Same Problem Enterprises Already Solved

Enterprise AI data concerns mirror cloud migration fears of 2010-2016. The governance discipline is identical, only the processing engine changed.

March 10, 2026Read

Professional Services·6 min read

Why Consulting Firms Can't Align People, Services, and AI

Large consulting firms have misaligned people, services, and technology. AI is making this fragmentation worse before it makes it better.

March 1, 2026Read

Professional Services·7 min read

Consulting Firms Selling AI Transformation Can't Deliver It

Every consulting firm has an AI strategy and AI partnerships. None has transformed its own delivery model - which is exactly what they sell to clients.

February 26, 2026Read

M&A Due Diligence·8 min read

Cybersecurity Due Diligence for M&A: A Practitioner's Framework

A three-tier framework for M&A cybersecurity due diligence - from 24-hour screening to post-close monitoring - with Expected Annual Loss quantification.

February 20, 2026Read

Cybersecurity·5 min read

AI-Powered Cyber Attacks in 2026: What Boards and CFOs Need to Act On

AI-powered attacks and deepfake fraud are the defining threats of 2026. A plain-language briefing for boards and CFOs, with the 12 controls that change the risk profile.

February 11, 2026Read

Professional Services·6 min read

AI-Native Agencies vs. SaaS: The Future of Advisory

88% of organizations use AI but only 28% see measurable transformation. The gap is not a technology problem - it's why AI-native agencies outperform SaaS.

February 5, 2026Read

Regulatory Compliance·8 min read

Sweden's Cybersecurity Act (2025:1506): NIS2 Is Now Law

Sweden's Cybersecurity Act (SFS 2025:1506) entered into force on 15 January 2026, shifting cybersecurity obligations to entity-wide scope with explicit management accountability requirements and fines up to €10M.

January 27, 2026Read

Professional Services·7 min read

The Consulting Pyramid Is Broken: What Replaces It

AI has automated junior analyst work faster than firms can redeploy. The consulting pyramid is under structural pressure - here's what replaces it.

January 17, 2026Read

M&A Due Diligence·7 min read

GenAI in Tech & Cyber Due Diligence: 10 Practical Uses That Don't Require You to Sacrifice Data Control

Practical GenAI applications for tech and cyber due diligence in M&A, with the governance controls that keep deal-confidential data protected.

January 15, 2026Read

Cyber Risk·6 min read

Cyber Insurance Underwriting: The Technical Assessment Gap

Document-only reviews miss up to 75% of material cyber risks. Technical validation gives underwriters 35-45% better loss ratios.

December 9, 2025Read

M&A Due Diligence·7 min read

How Cybersecurity Due Diligence Protects M&A Deal Value

Material cybersecurity findings drive 8-25% valuation adjustments in M&A. Here's how diligence informs deal structure and protects buyer ROI.

October 14, 2025Read

M&A Due Diligence·7 min read

Five Technology Risks That Determine M&A Deal Outcomes

Cybersecurity vulnerabilities, technical debt, privacy gaps, IP ambiguity, and integration complexity reduce IRR by 8-12 points in affected transactions.

July 8, 2025Read

M&A Due Diligence·6 min read

Digital Due Diligence in 24-72 Hours: The M&A Speed Advantage

72% of middle-market deals involve multiple bidders. External-only digital due diligence delivers comprehensive technology intelligence in 24-72 hours.

May 12, 2025Read

M&A Due Diligence·5 min read

Cybersecurity Due Diligence in M&A: What PE Firms Miss Before Close

Most PE deal teams assess cybersecurity through questionnaires and limited-access reviews. Here's what that approach systematically misses, and why it matters at close.

February 1, 2025Read

Want expert advisory, not just a framework?

Talk to a practitioner. We'll be direct about whether we can help and how.

Start Discussion