Notes from the
audit floor.
Independent perspectives on the OWASP LLM Top 10, ISO 42001, NIST AI RMF and the EU AI Act — written for security teams, compliance officers and the engineers on the receiving end of the remediation.
The First AI-Orchestrated Cyber Espionage Campaign: A Wake-Up Call for Enterprise Security.
In September 2025, the first documented large-scale cyberattack executed by AI agents was detected. This comprehensive analysis examines what happened, the implications for enterprise security, and what CISOs need to do now.
The First AI-Orchestrated Cyber Espionage Campaign: A Wake-Up Call for Enterprise Security
In September 2025, the first documented large-scale cyberattack executed by AI agents was detected. This comprehensive analysis examines what happened, the implications for enterprise security, and what CISOs need to do now.
Everything we've published so far.
Each note is written by working auditors — the same people who run the engagements, not a marketing team.
AI Risk Assessment Framework 2025: Step-by-Step Implementation Guide
Step-by-step guide to implementing AI risk assessment frameworks. Learn NIST AI RMF methodology, threat modeling for AI systems, and practical risk management strategies for 2025.
LLM Supply Chain Security 2025: Evaluating Third-Party Models & APIs
Comprehensive guide to LLM supply chain security in 2025. Learn how to evaluate third-party models, secure AI APIs, and protect against supply chain attacks in machine learning systems.
AI Audit Framework 2025: Ensuring AI System Quality with ISO 42001 Certification
Complete guide to AI audit frameworks and ISO 42001 certification. Learn how to conduct comprehensive AI audits, ensure system quality, and demonstrate compliance in 2025.
Building Secure RAG Systems 2025: Architecture, Testing & Best Practices
Complete guide to building secure RAG systems in 2025. Learn about vector database security, prompt injection in RAG, data poisoning attacks, and best practices for securing Retrieval-Augmented Generation architectures.
AI Security Testing Methods 2025: Protecting Against OWASP Top 10 LLM Vulnerabilities
Complete guide to AI security testing methods in 2025. Learn OWASP Top 10 for LLMs, penetration testing strategies, and how to protect your AI systems from emerging threats.
AI Governance and Compliance Frameworks 2025: Navigating NIST, EU AI Act & ISO 42001
Comprehensive guide to AI governance frameworks in 2025, including NIST AI RMF, EU AI Act, and ISO 42001. Learn how to ensure compliance and build trustworthy AI systems.
The newsletter for people who file the report.
A short briefing each week: what's new in OWASP, ISO 42001, NIST AI RMF and the EU AI Act — plus the field notes we publish here.
One email, every Friday. No spam. Unsubscribe anytime.