Podcast
The Guardrail
Hosted by Kris Moore · EN
AI governance, security architecture, and compliance intelligence for CISOs, security architects, and GRC professionals. Frameworks, incidents, deadlines, and best practices — analyzed with evidence, delivered with practitioner focus.
AI-Assisted Production: Research and editorial direction by Kristopher Moore. Scripts developed with Claude (Anthropic). Narration by AI voice synthesis (Microsoft Edge TTS). All content is human-directed and editorially reviewed.
11episodes
Episodes
Newest firstAll episodes
Architecture, Not Checklists
3w ago00:41:15Tap to summarizeOn May 1, six allied cyber agencies (the Five Eyes plus the Canadian Centre for Cyber Security and the Australian Signals Directorate) published thirty pages of joint guidance on agentic-AI security — twenty-three named risks, over one hundred best practices, organized into five stacked-dependency risk categories. The board-deck misread is to map it onto a control matrix. The document is an architecture brief. This episode lays out the architectural read, walks the five-to-five mapping against the AAGATE production answer, then covers the CCDH/CNN safety study, the Thinking Machines determinism research, and the Q1/Q2 enterprise breach inventory.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →Trust at the Seam, Continued
May 400:52:49Tap to summarizeTwo questions worth answering this week. What is your engineering team running right now — the canonical AI coding tool you authorized, or a fork routed through a backend you do not control, configured by files an attacker can write into your repository? And if the foundation lab anchoring your AI roadmap stumbles on revenue, sits in active corporate-form litigation, and warns its own CFO about a one-and-a-half-trillion-dollar compute funding gap, what does your off-ramp profile look like in writing today?Episode 10 continues the "trust at the seam" thread from Episode 9 across two new fronts. Part 1 walks the TeamPCP cascade — a forty-two-day, multi-package, cross-ecosystem supply-chain attack chain (Trivy on March 19, litellm on March 24, SAP packages on April 29) that culminated in the first documented weaponization of an AI coding-agent harness configuration as a persistence mechanism. Part 2 walks the OpenAI miss reported by the Wall Street Journal on April 28, the structural reading of the four overdetermined factors behind it (capacity outpacing demand, Anthropic capturing the enterprise wedge, GPT-5.5 pricing posture, DeepSeek V4 shipping at 10–13× lower API cost), and the Musk versus Altman trial in week one — including the bifurcation order that makes the federal jury advisory and the bench remedies trial calendared for May 18. Part 3 lands the compliance calendar.Posture throughout is measured and practitioner-professional. Frameworks named at scope and weight (the supplier-relationship family, the supply-chain entry of the OWASP LLM Top 10, the supplier provisions of the ISO 42001 family) — never by clause number. Closing sign-off: Move at your own pace. Secure your stack. Audit your harnesses. Own your diligence and own your outcomes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →Move at Your Pace, Own the Outcome
Apr 2500:42:13Tap to summarizeTwo incidents this month. Same structural lesson. The perimeter where trust actually breaks in 2026 is not inside the model — it is at the seam around the model. This episode walks the Mythos vendor-access incident and the Sullivan and Cromwell AI-verification incident as paired calibrations of where AI-era failure modes actually sit, then layers in four adjacent threads: a new research consensus that gives procurement teams a tractable divergence-profile instrument for the first time, a supply-chain attack pattern that Mythos is only one instance of (Vercel via Context.ai, Mercor via LiteLLM, the disputed Lovable incident), capacity-tier availability as a load-bearing variable in AI procurement risk, and the three compliance calendar items worth tracking through Q3 (EU high-risk enforcement window, Colorado AI consumer law implementation end of June, NIST AI RMF critical-infrastructure profile concept note).AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →Force Multiplier — Cyber + Kinetic
Apr 2100:51:55Tap to summarizeExplicit UPDATE to Ep 4 "When AI Hacks AI." Three arcs: (1) Claude Code antimalware filter backfiring (Tim Becker + 5-incident casebook, Adversa CC-643 deny-rule bypass, fake-Claude supply-chain campaigns, Cyber Verification Program 2-day SLA); (2) Cyber war 2026 update — Iran-US Feb 28 escalation, APT42 AI-persona tradecraft, CISA AA26-097A Iranian PLC targeting, Salt Typhoon LOTL attribution gap; (3) Battlefield AI — Anduril $20B Army IDIQ, Palantir $10B EA, Silicon Valley 6-firm consortium, Shield AI $12.7B, Germany-Auterion Ukraine drone contract, Lavender/Gospel (DISPUTED), autonomous-weapons governance gap. Includes 14-row Compliance Calendar + 9 framework mappings.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →Do Your Own Work
Apr 800:52:35Tap to summarizeYesterday, April7, 2026, Anthropic released Claude Mythos Preview through Project Glasswing.During pre-release testing, Mythos found a 27-year-old bug in OpenBSD that theworld's most security-focused operating system project had missed for nearlythree decades. It also found a 17-year-old remote code execution in FreeBSD,plus additional issues across FFmpeg, the Linux kernel, and major browserengines.**Mythos is the light. The defects it found are the cockroaches your softwarenever wanted you to see.** They were always there. The interesting question isnot who to blame for Mythos. It is what was already in your environment.Mythos arrived in a month with a lot of other governance-relevant news. Severalhyperscalers had significant incidents — and several of them were rookieoperational hygiene problems happening at the largest, best-funded technologycompanies on the planet. A maintainer with no two-factor authentication on apackage with one hundred million weekly downloads. A production agent acting ona stale wiki page. A default permission that should have been narrower. A DLPlabel the system meant to enforce ignored. These are not exotic adversarytechniques. They are the basics. The craft observation that runs through thisepisode: the hyperscalers are not infallible. Do not outsource your securitythinking to a brand. Do your own work.Eight themes build from Mythos through the broader month and land on apragmatic playbook. The takeaway is not that the sky is falling. The takeawayis that the work in front of you has not changed — you can just see more of itnow.AI Disclosure:This episode was produced with AI assistance. Research synthesis and scriptwriting used Claude (Anthropic) under human editorial direction. Audionarration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →When Courts Draw the Red Lines
Apr 300:41:04Tap to summarizeDescription:First judicial precedent protecting AI safety, Mythos frontier threat leak, ten-state legislation surge, EU AI Act timeline split, and the Pentagon's compliance paradox.A federal judge issued the first judicial precedent protecting AI safety principles, ruling the Pentagon's retaliatory "supply chain risk" designation of Anthropic was "classic illegal First Amendment retaliation." A leaked frontier model codenamed Mythos revealed AI-driven cyberattack capabilities that compress vulnerability exploitation from days to hours. Ten states advanced AI legislation in a single week while the White House pushed a non-binding preemption framework Congress has already rejected twice. The EU AI Act transparency deadline holds firm at August 2, 2026 while high-risk deadlines slide to December 2027.42 sources cited. Full source list in show notes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →The Federal-State Collision
Mar 2500:37:07Tap to summarizeThe most consequential week for AI governance practitioners in 2026: the White House released a seven-pillar National AI Policy Framework urging federal preemption of state AI laws, the New York RAISE Act took effect with 72-hour safety incident reporting, and the OpenClaw agent platform suffered the first major AI agent security crisis of the year with 1,184 confirmed malicious skills and four critical CVEs. Simultaneously, GSA published the most prescriptive AI procurement clause ever proposed, NIST delivered its first post-deployment AI monitoring report (AI 800-4), and the EU signaled a likely one-year delay of high-risk AI Act deadlines.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →When AI Hacks AI — The McKinsey Lilli Breach and What It Means for Enterprise AI Security
Mar 1400:26:42Tap to summarizeA special topic episode covering the most consequential AI platform security incident disclosed to date — now updated with state-sponsored threat context and NDAA policy deadlines.On March 9th, 2026, an autonomous offensive security agent compromised McKinsey's internal AI platform Lilli in approximately two hours. The entry vector was SQL injection — a vulnerability class from the 1990s — through 22 unauthenticated API endpoints. No credentials were used. No zero-day exploits were required.What was exposed: 46.5 million chat messages in plaintext. 728,000 files including strategy documents and M&A analysis. 57,000 user accounts. 3.68 million RAG document chunks with S3 storage paths. And 95 writable system prompts across 12 model types — the ability to silently alter AI behavior flowing to approximately 40,000 consultants without any code deployment.This episode walks through the full attack chain, gives the skeptical view fair treatment (including security analyst Edward Kiledjian's detailed critique), maps the incident to OWASP Web Top 10, OWASP LLM Top 10, NIST AI RMF, and ISO 42001 controls, and provides a seven-point enterprise AI security checklist.New in this edition: how the same elementary vulnerabilities that enabled the Lilli breach are being exploited by state-sponsored actors — Iranian APT groups integrating AI into offensive operations, the Stryker wiper attack, AWS data center drone strikes during Operation Epic Fury, and FY2026 NDAA AI governance deadlines including the April 1st AI Futures Steering Committee.This is one of more than 20 documented AI platform security incidents since January 2025. The pattern is consistent: the AI is new, the security failures are not.27 sources cited. Full source list in show notes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →The Quality Crisis: When Moving Fast Breaks More Than It Ships
Mar 1200:36:08Tap to summarizeThe AI industry spent 2025 moving fast. This episode is about what broke — and why the real danger isn't the technology itself.AI-generated code now creates 1.7x more issues than human-written code in production. Security flaws appear in 45% of AI-generated output. AI-generated code is now the cause of 1 in 5 breaches. Pull requests per author increased 20% — but incidents per pull request grew 23.5%. The productivity gains are real. So is the quality deficit.But models have improved from 4.4% to 81% on SWE-bench in three years. Developer satisfaction is up, burnout is down 17%, and the improvement trajectory is steep. The defect data from 2025 is already narrowing. Survey results showing 96% distrust deserve context: 89% of all workers fear AI's impact on their jobs, and displacement anxiety colors how developers evaluate the tools that might replace them.The real danger isn't the technology — it's the incentive structures around it. 88% of executives are increasing AI budgets. 53% of investors expect ROI in 6 months. Nearly half of respondents acknowledge returns fall short. Quick wins and press releases can hide a corrosive culture that sacrifices quality, security, and sustainability for speed and optics.Key finding: enterprises where senior leadership actively shapes AI governance achieve significantly greater business value. Only 1 in 5 companies has a mature governance model for autonomous AI. Executive teams must roll up their sleeves and be involved. This technology demands it.Over 50 sources cited. Full source list in show notes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).
Transcribe →Over Their Skis: How the Race to AI Powered Engineering Is Outrunning Governance at Machine Pace
Mar 700:43:39Tap to summarizeA comprehensive landscape assessment of AI coding agent governance. 85% of developers use AI coding tools. 41% of all code is AI-generated. Only 6% of organizations have an advanced AI security strategy. This episode maps the full attack surface: AI coding agents (GitHub Copilot, Claude Code, Cursor at $9B valuation), MCP protocol security (30 CVEs in 60 days, 38% of servers lack authentication, 43% vulnerable to command execution), model provenance gaps (multi-model routing, Chinese-origin data residency risks), and real-world exploitation incidents — CVE-2025-6514 MCP supply chain RCE, Supabase/Cursor breach, IDEsaster (24 CVEs across all major coding tools), RoguePilot repository takeover, EchoLeak zero-click M365 Copilot exfiltration, UNC6395/Drift 700-customer compromise, plus this week's disclosures including MS-Agent CVE-2026-2256, PleaseFix, OpenClaw, and Rules File Backdoor. Plus: FOMO-driven adoption analysis (stock price pressure, funding optics), IBM shadow AI data (20% of all breaches, $4.63M average), EU AI Act August 2026 enforcement, and a four-item practitioner playbook.
Transcribe →