Long-form essays on agentic AI in security operations. The threat models, the information-theoretic limits, the design principles. Written for SOC engineers and security architects who have to make this work in production.
The threat model nobody wrote down, a five-pattern attack taxonomy, the defenses that don't work, and the structural defenses that do. The full field guide for any team shipping LLM-assisted triage in front of a SIEM.
Theory · SOC ArchitectureIt's not a tooling problem. It's an information-theory problem. A first-principles argument for why throwing more analysts at the queue can never close the gap — and what the bound implies for how SOC architecture has to change.
Architecture · ComplianceSix design principles for AI triage that scales without becoming a compliance bomb. Built from incident reviews, audit findings, and what we've learned shipping an agent that has to survive its own mistakes in production.