The Guardrail

Two questions worth answering this week. What is your engineering team running right now — the canonical AI coding tool you authorized, or a fork routed through a backend you do not control, configured by files an attacker can write into your repository? And if the foundation lab anchoring your AI roadmap stumbles on revenue, sits in active corporate-form litigation, and warns its own CFO about a one-and-a-half-trillion-dollar compute funding gap, what does your off-ramp profile look like in writing today?Episode 10 continues the "trust at the seam" thread from Episode 9 across two new fronts. Part 1 walks the TeamPCP cascade — a forty-two-day, multi-package, cross-ecosystem supply-chain attack chain (Trivy on March 19, litellm on March 24, SAP packages on April 29) that culminated in the first documented weaponization of an AI coding-agent harness configuration as a persistence mechanism. Part 2 walks the OpenAI miss reported by the Wall Street Journal on April 28, the structural reading of the four overdetermined factors behind it (capacity outpacing demand, Anthropic capturing the enterprise wedge, GPT-5.5 pricing posture, DeepSeek V4 shipping at 10–13× lower API cost), and the Musk versus Altman trial in week one — including the bifurcation order that makes the federal jury advisory and the bench remedies trial calendared for May 18. Part 3 lands the compliance calendar.Posture throughout is measured and practitioner-professional. Frameworks named at scope and weight (the supplier-relationship family, the supply-chain entry of the OWASP LLM Top 10, the supplier provisions of the ISO 42001 family) — never by clause number. Closing sign-off: Move at your own pace. Secure your stack. Audit your harnesses. Own your diligence and own your outcomes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).

Two incidents this month. Same structural lesson. The perimeter where trust actually breaks in 2026 is not inside the model — it is at the seam around the model. This episode walks the Mythos vendor-access incident and the Sullivan and Cromwell AI-verification incident as paired calibrations of where AI-era failure modes actually sit, then layers in four adjacent threads: a new research consensus that gives procurement teams a tractable divergence-profile instrument for the first time, a supply-chain attack pattern that Mythos is only one instance of (Vercel via Context.ai, Mercor via LiteLLM, the disputed Lovable incident), capacity-tier availability as a load-bearing variable in AI procurement risk, and the three compliance calendar items worth tracking through Q3 (EU high-risk enforcement window, Colorado AI consumer law implementation end of June, NIST AI RMF critical-infrastructure profile concept note).AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).

Explicit UPDATE to Ep 4 "When AI Hacks AI." Three arcs: (1) Claude Code antimalware filter backfiring (Tim Becker + 5-incident casebook, Adversa CC-643 deny-rule bypass, fake-Claude supply-chain campaigns, Cyber Verification Program 2-day SLA); (2) Cyber war 2026 update — Iran-US Feb 28 escalation, APT42 AI-persona tradecraft, CISA AA26-097A Iranian PLC targeting, Salt Typhoon LOTL attribution gap; (3) Battlefield AI — Anduril $20B Army IDIQ, Palantir $10B EA, Silicon Valley 6-firm consortium, Shield AI $12.7B, Germany-Auterion Ukraine drone contract, Lavender/Gospel (DISPUTED), autonomous-weapons governance gap. Includes 14-row Compliance Calendar + 9 framework mappings.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).

Yesterday, April7, 2026, Anthropic released Claude Mythos Preview through Project Glasswing.During pre-release testing, Mythos found a 27-year-old bug in OpenBSD that theworld's most security-focused operating system project had missed for nearlythree decades. It also found a 17-year-old remote code execution in FreeBSD,plus additional issues across FFmpeg, the Linux kernel, and major browserengines.**Mythos is the light. The defects it found are the cockroaches your softwarenever wanted you to see.** They were always there. The interesting question isnot who to blame for Mythos. It is what was already in your environment.Mythos arrived in a month with a lot of other governance-relevant news. Severalhyperscalers had significant incidents — and several of them were rookieoperational hygiene problems happening at the largest, best-funded technologycompanies on the planet. A maintainer with no two-factor authentication on apackage with one hundred million weekly downloads. A production agent acting ona stale wiki page. A default permission that should have been narrower. A DLPlabel the system meant to enforce ignored. These are not exotic adversarytechniques. They are the basics. The craft observation that runs through thisepisode: the hyperscalers are not infallible. Do not outsource your securitythinking to a brand. Do your own work.Eight themes build from Mythos through the broader month and land on apragmatic playbook. The takeaway is not that the sky is falling. The takeawayis that the work in front of you has not changed — you can just see more of itnow.AI Disclosure:This episode was produced with AI assistance. Research synthesis and scriptwriting used Claude (Anthropic) under human editorial direction. Audionarration by Microsoft Edge TTS (en-US-AndrewNeural voice).

Description:First judicial precedent protecting AI safety, Mythos frontier threat leak, ten-state legislation surge, EU AI Act timeline split, and the Pentagon's compliance paradox.A federal judge issued the first judicial precedent protecting AI safety principles, ruling the Pentagon's retaliatory "supply chain risk" designation of Anthropic was "classic illegal First Amendment retaliation." A leaked frontier model codenamed Mythos revealed AI-driven cyberattack capabilities that compress vulnerability exploitation from days to hours. Ten states advanced AI legislation in a single week while the White House pushed a non-binding preemption framework Congress has already rejected twice. The EU AI Act transparency deadline holds firm at August 2, 2026 while high-risk deadlines slide to December 2027.42 sources cited. Full source list in show notes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).

The most consequential week for AI governance practitioners in 2026: the White House released a seven-pillar National AI Policy Framework urging federal preemption of state AI laws, the New York RAISE Act took effect with 72-hour safety incident reporting, and the OpenClaw agent platform suffered the first major AI agent security crisis of the year with 1,184 confirmed malicious skills and four critical CVEs. Simultaneously, GSA published the most prescriptive AI procurement clause ever proposed, NIST delivered its first post-deployment AI monitoring report (AI 800-4), and the EU signaled a likely one-year delay of high-risk AI Act deadlines.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).

A special topic episode covering the most consequential AI platform security incident disclosed to date — now updated with state-sponsored threat context and NDAA policy deadlines.On March 9th, 2026, an autonomous offensive security agent compromised McKinsey's internal AI platform Lilli in approximately two hours. The entry vector was SQL injection — a vulnerability class from the 1990s — through 22 unauthenticated API endpoints. No credentials were used. No zero-day exploits were required.What was exposed: 46.5 million chat messages in plaintext. 728,000 files including strategy documents and M&A analysis. 57,000 user accounts. 3.68 million RAG document chunks with S3 storage paths. And 95 writable system prompts across 12 model types — the ability to silently alter AI behavior flowing to approximately 40,000 consultants without any code deployment.This episode walks through the full attack chain, gives the skeptical view fair treatment (including security analyst Edward Kiledjian's detailed critique), maps the incident to OWASP Web Top 10, OWASP LLM Top 10, NIST AI RMF, and ISO 42001 controls, and provides a seven-point enterprise AI security checklist.New in this edition: how the same elementary vulnerabilities that enabled the Lilli breach are being exploited by state-sponsored actors — Iranian APT groups integrating AI into offensive operations, the Stryker wiper attack, AWS data center drone strikes during Operation Epic Fury, and FY2026 NDAA AI governance deadlines including the April 1st AI Futures Steering Committee.This is one of more than 20 documented AI platform security incidents since January 2025. The pattern is consistent: the AI is new, the security failures are not.27 sources cited. Full source list in show notes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).

The AI industry spent 2025 moving fast. This episode is about what broke — and why the real danger isn't the technology itself.AI-generated code now creates 1.7x more issues than human-written code in production. Security flaws appear in 45% of AI-generated output. AI-generated code is now the cause of 1 in 5 breaches. Pull requests per author increased 20% — but incidents per pull request grew 23.5%. The productivity gains are real. So is the quality deficit.But models have improved from 4.4% to 81% on SWE-bench in three years. Developer satisfaction is up, burnout is down 17%, and the improvement trajectory is steep. The defect data from 2025 is already narrowing. Survey results showing 96% distrust deserve context: 89% of all workers fear AI's impact on their jobs, and displacement anxiety colors how developers evaluate the tools that might replace them.The real danger isn't the technology — it's the incentive structures around it. 88% of executives are increasing AI budgets. 53% of investors expect ROI in 6 months. Nearly half of respondents acknowledge returns fall short. Quick wins and press releases can hide a corrosive culture that sacrifices quality, security, and sustainability for speed and optics.Key finding: enterprises where senior leadership actively shapes AI governance achieve significantly greater business value. Only 1 in 5 companies has a mature governance model for autonomous AI. Executive teams must roll up their sleeves and be involved. This technology demands it.Over 50 sources cited. Full source list in show notes.AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).

A comprehensive landscape assessment of AI coding agent governance. 85% of developers use AI coding tools. 41% of all code is AI-generated. Only 6% of organizations have an advanced AI security strategy. This episode maps the full attack surface: AI coding agents (GitHub Copilot, Claude Code, Cursor at $9B valuation), MCP protocol security (30 CVEs in 60 days, 38% of servers lack authentication, 43% vulnerable to command execution), model provenance gaps (multi-model routing, Chinese-origin data residency risks), and real-world exploitation incidents — CVE-2025-6514 MCP supply chain RCE, Supabase/Cursor breach, IDEsaster (24 CVEs across all major coding tools), RoguePilot repository takeover, EchoLeak zero-click M365 Copilot exfiltration, UNC6395/Drift 700-customer compromise, plus this week's disclosures including MS-Agent CVE-2026-2256, PleaseFix, OpenClaw, and Rules File Backdoor. Plus: FOMO-driven adoption analysis (stock price pressure, funding optics), IBM shadow AI data (20% of all breaches, $4.63M average), EU AI Act August 2026 enforcement, and a four-item practitioner playbook.

The U.S. government just designated an American AI safety company as a supply-chain risk to national security — for refusing to remove its guardrails. In this inaugural episode: MCP's 97 million SDK downloads with zero security standards, AI-enabled attacks hitting 29-minute breakout times, three compliance deadlines converging by August, Google API keys quietly gaining AI access, and the largest AI-justified layoff in history.