Practitioner-grade research published monthly — bridging traditional enterprise security practice (IAM, PAM, CMDB governance) with the agentic AI threat surface that most security programs haven't yet characterized.
A vendor-neutral framework for governing AI agent identities as a first-class identity class — not humans, not service accounts. Covers 8 lifecycle stages, 4 operating modes, 16 event triggers mapped to authoritative data sources, and alignment to NIST AI RMF, OpenID/IETF OAuth, and CNCF SPIFFE/SPIRE.
Read Paper 03 →What the Model Context Protocol is, how it works, and the governance framework you need before agents connect to anything regulated or production-grade. Includes enterprise reference architecture with Systems of Record tier, six required controls, and a full PAM-to-agent controls comparison.
Read Paper 02 →The foundation paper. A practitioner's guide to the security challenges created by autonomous AI agents — prompt injection, blast radius, identity governance, and behavioral monitoring. Written for the enterprise security professional who needs to assess AI risk, not just observe it.
Read Paper 01 →