Essay11 min read
The Compliance Time Bomb in Your AI-Generated Code
EU AI Act enforcement hits August 2026. Colorado's AI Act hits June 2026. Most engineering orgs have zero governance for AI-generated code. The audit is coming.
Insights
Thinking on software identity, agentic development, and the engineering decisions that persist.
Guide13 min read
How to Audit AI-Generated Code for Compliance
Your auditor will ask who wrote the code, against what specification, and how you verified it. Here's how to have answers.
Essay12 min read
MCP Security and the Missing Identity Layer
MCP has 97 million monthly SDK downloads and no built-in identity layer. That's a problem.
Essay12 min read
Non-Human Identity Management for AI Coding Agents
Your AI agents have credentials, make API calls, and access production data. They're operating on borrowed human identities with no scoped permissions. That's an identity crisis.
Essay10 min read
The Invoice Your AI Agent Wrote While You Slept
96% of organizations report AI costs higher than expected. One agent loop cost $47K over 11 days. The FinOps problem nobody budgeted for.
Essay11 min read
The Hidden Cost of AI Agent Sprawl
Every team runs different agents with different configs. Nobody owns the governance. The hidden costs are compounding.
Essay11 min read
Your AI Just Installed a Package That Doesn't Exist. Someone Else Made Sure It Does.
AI models hallucinate package names 20% of the time. Attackers register those names on npm and PyPI. The supply chain attack vector nobody saw coming.
Essay11 min read
Your AI Just Open-Sourced Your Proprietary Code. You Didn't Notice.
Two-thirds of commercial codebases have license conflicts -- an all-time high. AI strips license information during code generation. The legal exposure is real.
Essay11 min read
Your AI Has Root Access. Your Spec Doesn't.
Replit deleted a production database. Amazon's Kiro agent caused a 13-hour outage. Your AI agents have real permissions with no declared boundaries.