Research

Research

Articles, frameworks, and original research on governing AI agents in the enterprise.

Blog

Latest articles

View all
security · · min read

Agent memory poisoning: the OWASP ASI06 threat every framework missed until 2026

Microsoft caught 31 companies poisoning AI memory in 60 days. None of them were threat actors. The MINJA research achieves 98% injection success against GPT-4. OWASP put memory poisoning at ASI06 in their 2026 Top 10 for Agentic Applications. Quarterly audits run on the wrong cadence to catch any of it.

Read article
governance · · min read

The lethal trifecta: governing the three capabilities you can't remove

Five days in January 2026, four AI productivity tools shipped indirect prompt injection vulnerabilities. Same pattern in every case. Simon Willison named it in June 2025: private data access plus untrusted content plus external communication equals data exfiltration. You can't remove any leg without breaking the agent. Governance has to shift from prevention to containment.

Read article
compliance · · min read

SR 26-2 lands: agentic AI was carved out. Here's what banks running agents should do today

Banks waited fifteen years for an SR 11-7 successor. They got SR 26-2 on April 17. Footnote 3 explicitly excludes generative and agentic AI from the guidance. The agencies' AI-specific RFI is coming 'in the near future.' Banks running agents in production right now have no formal guidance and supervisory expectations regardless.

Read article
governance · · min read

The confused deputy problem: lessons from Meta's AI agent Sev-1

On March 18 2026, a Meta AI agent exposed restricted company and user data for two hours. The credentials were valid. The governance was not.

Read article
Reports

Original research

View all
Now accepting participants

State of AI Agent Governance 2026

A survey of engineering, security, and compliance leaders on how organizations discover, classify, monitor, and certify AI agents. Covering adoption, tooling, compliance readiness, and cost visibility across industries.

Participate in the report
Glossary

AI agent governance terms

View full glossary

Agent sprawl

Uncontrolled proliferation of AI agents across teams and environments, without central visibility or governance.

Risk tier

A classification level (low, medium, high, critical) assigned to an agent based on data access, autonomy, and blast radius.

Drift detection

Continuous monitoring that identifies when an agent's configuration, behavior, or compliance posture deviates from its certified baseline.

Policy-as-code

Governance rules written as executable code that can be versioned, tested, and enforced automatically against agent behavior.

LLM proxy

A lightweight intermediary that captures every request between an agent and a language model, logging tokens, latency, cost, and content for audit.

Shadow agent

An AI agent deployed by an individual or team without the knowledge or approval of security, compliance, or IT governance.