Claude 5 + Computer Use 2.0: What Changes for Endpoint Policy — The Kernel-Scope Bet
A dedicated computer-use permission scope moves the agent's blast radius from the prompt to the OS. Per-tool policy at the kernel is now table stakes — here's why guardrails can't price it.
The Governance Namespace: Using a Global Claude Instruction File as Org-Wide Policy — and Where It Ceilings Out
A global Claude instruction file is config-as-policy — a shared governance namespace injected into every prompt. Treat the 3,000 characters as a scarce budget, and know its coverage ceiling.
The Pros and Cons of API-Based Agent Governance: What Network Telemetry Can and Can't See
API and DSPM telemetry is the most mature lens on agent traffic — but it's a long position on visibility and a short position on control. Here's the honest spread.
A 90-Day Plan for Putting AI Agent Governance Into Production
A 90-day deployment runbook for AI agent governance: baseline the fleet in weeks, codify policy from observed behavior, and mature identity in parallel.
From Block-Until-Ready to Run-With-Guardrails: Agent Governance as Business Enablement
The business is deploying AI agents whether security is ready or not. The agent firewall reframes governance from a 12-month approval bottleneck into the layer that lets you say yes now.
What an Agent Firewall Actually Does (and What It Deliberately Doesn't)
An honest scope statement for the agent firewall category — the three Gartner feature categories it covers at the kernel, and the three adjacent problems it deliberately leaves to the rest of your stack.
The Sequencing Question: What to Deploy This Quarter, What to Build This Year
Agent governance has four requirements but they don't all clear in the same timeframe. A dependency-graph playbook for what to procure this quarter versus build over the year.
Monitoring Isn't Enforcement: Why Most Guardian-Agent Tools Can't Stop Anything
Most guardian-agent tools watch; they don't intervene. Why a dashboard that saw the action 30 seconds late is a risk report, not a control.
Cross-Cloud Agent Governance Is a Promise, Not a Product
No hyperscaler can enforce runtime control over agents once they cross into another provider's cloud. Why the multi-cloud control plane has to be independent.
The Identity-First Trap: When Doing It Right Means the Business Stops Moving
Building agent IAM and information governance the 'right' way is a 12–24 month project. Agents deploy this quarter. The case for inverting the sequence.
Who Actually Owns AI Agent Governance: The RACI Gap Nobody Wants to Solve
Agent governance stalls in pilot because no one owns it cleanly. A RACI frame across CISO, CIO, AI leader, legal, and the business — and where it actually breaks.
Eighty Percent of Your Agent Incidents Will Come From Inside the Building
Gartner says 80% of unauthorized AI agent transactions through 2028 will be internal policy violations, not attacks. That reprices the entire CISO playbook.
The CFO's Calculation: What Ungoverned AI Agents Actually Cost
Three financial scenarios for AI agent governance — wait-and-see, build-it-all-now, enablement-first — with honest math. The do-nothing line is not zero.
The 5-to-7 Percent Question: What Gartner's New Governance Number Means for Your AI Budget
Gartner says 5-7% of agentic AI spend will go to governance by 2028, up from under 1% today. The budget is real. The question is whose P&L absorbs it.
Why the Agent Firewall Is the AV-to-EDR Moment for AI Security: The Incumbent's Dilemma
Endpoint security regenerates once a decade — AV, EDR, XDR. Each handoff minted a new winner and stranded the incumbent. The agent firewall is generation four.
From Network to Identity to Kernel: The Perimeter Migration and the $10B Security Bet
The enterprise security perimeter has moved twice in thirty years — network, then identity. Agent governance forces a third migration, to kernel scope.
The Drift Coefficient: Behavioral Analytics for Agents vs UEBA for Users
UEBA catches the employee who breaks a habit. Agents have no habits and no hesitation — so the metric that matters is the drift coefficient, not the anomaly.
The Agent Risk Score: A Quantitative Posture Dashboard for CISOs
A practical CISO framework: Permission Scope × Reversibility + Frequency × Drift, rolled up endpoint-to-org — the way trading desks already mark portfolio risk.
Big Law's Privilege Problem: Legal-AI Agents and the AmLaw 100 Procurement Bet
Harvey, Spellbook, and CoCounsel reason over privileged communications at speeds no DLP system was built to monitor. Here is the quantitative procurement frame for AmLaw 100 firms.
HIPAA's Blind Spot: Embedded AI in the EMR and the Clinical Desktop Control Plane
Embedded AI in Epic, Cerner, and athenahealth created a new class of data processor your BAA never accounted for. Here is the quantitative frame for healthcare CISOs.
Hedge Fund VBA on Steroids: Pricing Trading-Floor Agent Risk
A trading-floor AI agent is VBA on steroids — uncorrelated tail risk on every desk endpoint. How buy-side CISOs can price and limit it like VaR.
Agent Governance for Mortgage Servicing: Marking the NPI Blast Radius
Mortgage servicers hold a concentrated book of borrower NPI. An unmanaged AI agent is an unmarked position against it — here's how to price and contain the exposure.
Why Every EDR Vendor Will Offer Agent Governance by 2027 — And Why Theirs Will Be Worse
By 2027 every major EDR vendor will ship an agent governance module. Most will be architecturally a generation behind. Here's the kernel-scope reason why.
Agent Firewall vs Prompt Guardrails: Where the Control Plane Belongs
Prompt guardrails inspect text before the model sees it. Agent firewalls enforce after the model resolves an action. They are complementary—here is where each belongs.
Stranger Agents in the Wild: Notes from the Signature Pipeline
Three new agent binaries crossed our triage threshold this month with no procurement attribution. The pattern is vendor-renaming, and AV signature distribution is the architectural fit.
The First-Week Shock: What CISOs See on Their First Real Agent Inventory
Every first agent inventory comes back high. A 1,000-endpoint engineering org will surface 8–15 distinct AI agents, most unsanctioned — and the budget conversation finally gets concrete numbers.
Microsoft 365 Copilot Inherits Your User's Full OAuth Scope. Your TPRM Register Hasn't Caught Up.
Copilot is a per-user data processor riding on the user's full M365 OAuth scope — but it does not appear on most TPRM registers. The control gap looks like a SaaS problem and is solved at the kernel.
API-Based Agent Governance: The Known Knowns Trap
API-layer agent governance delivers rich telemetry — but only on systems you already instrumented. The unhedged exposure sits below it, on the local filesystem and inside the process tree.
Claude 5 + Computer Use 2.0: What Changes for Endpoint Policy
Claude 5 ships Computer Use 2.0 with per-tool permission scope and sub-second action latency. The control plane just migrated from the prompt to the kernel.
Why Block-by-Default Kills Agentic Productivity in Two Quarters
The historical pattern from DLP and EDR rollouts is clear: block-on-deny tools that fight engineering productivity get ripped out in two quarters. Copy-on-write survives the political review.
Soft Policy vs. Hard Control: What Claude's 3,000-Character Org Preference Actually Enforces
Claude's Organization Preferences inject tenant-wide guidance into every prompt — but instructional guidance is a policy artifact, not a deterministic control. Here is where to layer DLP.
Shadow agents: the uncorrelated tail risk in your endpoint portfolio
Shadow agents are unpriced tail risk on every endpoint. The existing control stack — API gateways, EDR, DLP, prompt guardrails — does not see the layer where agent intent becomes OS-level action. A scoring framework for the exposure, and where the enforcement point actually has to live.
The agent firewall thesis: why this category compounds before it consolidates
EDR was built for malware. First-generation AI security was built for chatbots. Neither prices what an agent is actually doing on the endpoint. The thesis behind the agent firewall as a category — and the 12-to-18 month window before it consolidates.
The Two Types of Shadow Agents — and Why Observability Won't Catch Them
Shadow agents come in two flavors — SaaS-embedded and standalone — and each one requires kernel-level segmentation, not API observability, to contain.