Writing

Thinking out loud.

Perspectives on AI, engineering, and what it takes to build things that last.

Cybersecurity·Apr 14, 2026·11 min read

What the LiteLLM Supply Chain Attack Teaches Us About Securing AI Infrastructure

On March 24, 2026, attackers published backdoored versions of LiteLLM to PyPI using credentials stolen through a compromised security scanner in LiteLLM's own CI/CD pipeline. The incident exposed a pattern we see across nearly every AI deployment: the packages that aggregate the most credentials receive the least scrutiny. Organizations that treated their AI supply chain like critical infrastructure were unaffected. Here is what they did differently.

Automation·Apr 10, 2026

5 AI Automations That Pay for Themselves in 30 Days

Your team is losing 30 to 50 hours per week to tasks that AI can handle today. Here are five automations - from email triage to automated reporting - with specific cost breakdowns, payback timelines, and real results from teams that made the switch.

14 min read
AI Strategy·Apr 9, 2026

The Agentic Risk Standard Does Not Exist Yet - Here Is What Executives Are Evaluating Instead

Buyers are approving agent deployments without a shared risk standard. Here are the ten dimensions a mature one would have to cover, and how to ask today.

12 min read
Engineering Leadership·Apr 9, 2026

When Your Startup Needs a CTO But Cannot Afford One - The Fractional Leadership Model That Works

Most Series A and B startups hit a point where they are making critical technology decisions without senior technical leadership. A fractional CTO - a seasoned executive embedded in your team 2-3 days per week - can close that gap at a fraction of the cost. Here is how to know when you need one, what they actually do, and why the model works.

14 min read
AI Strategy·Apr 7, 2026

Microsoft Just Launched Its Own AI Models - Why Your Vendor Lock-In Strategy Needs an Update

On April 2, Microsoft released MAI-Transcribe-1, MAI-Voice-1, and MAI-Image-2 through Microsoft Foundry - competing directly with OpenAI and Google. With the Microsoft-OpenAI partnership visibly fracturing, enterprise leaders need a vendor strategy that builds optionality rather than dependency. Here is the decision framework.

13 min read
Security·Apr 5, 2026

The Agent IAM Playbook: How Enterprises Are Securing Their Non-Human Workforce

With Okta launching its AI Agents platform on April 30 and Microsoft confirming that agents are now both workforce and attack surface, enterprise identity management has reached an inflection point. Here is a practical maturity model for securing AI agent identities - and the three steps experienced teams implement first.

11 min read
AI Strategy·Apr 4, 2026

How Companies Are Cutting AI Costs 60% Without Cutting AI Investment

Per-token AI costs dropped 280x in two years, yet enterprise AI bills jumped 320%. The companies winning on AI economics are not spending less - they are routing smarter. This is the practical playbook for model routing, SLM substitution, and building a FinOps-for-AI function that turns inference economics into a competitive advantage.

13 min read
Cybersecurity·Apr 3, 2026

What the Claude Code Source Leak Teaches Every Team Shipping AI Tools About Build Pipeline Security

Anthropic accidentally published Claude Code's entire source code via an overlooked source map in an npm package - the second time in 13 months. This article breaks down exactly what went wrong, why AI tooling is uniquely vulnerable to build pipeline oversights, and the five-point release engineering checklist that prevents it.

12 min read
AI Strategy·Apr 2, 2026

AI Is Entering Its Multi-Architecture Era. Here Is How Leaders Should Prepare.

A Turing Award winner just raised $1 billion to build AI that understands physical reality, not just text. The emergence of world models alongside LLMs signals a multi-architecture future. Leaders who understand both paradigms - and know where each excels - will have a decisive strategic advantage.

14 min read
AI & Infrastructure·Apr 1, 2026

Google's TurboQuant Makes AI 6x Cheaper to Run. Here's How Smart Companies Will Use That Advantage.

Google Research published a paper showing how to shrink AI memory usage by 6x with no loss in quality. While memory chip stocks dropped on the news, the real implication is far more interesting: TurboQuant is about to expand who can build, deploy, and compete with AI. The historical pattern - from coal to cloud computing - tells us exactly what happens next.

12 min read
Security·Mar 31, 2026

The Six-Generation Pattern Behind Every Email Attack - and How to Stay Ahead of Generation Seven

From executable attachments to business email compromise to AI-powered phishing, email security has followed a remarkably consistent pattern across six generations. Organizations that recognized each shift early built defenses before the damage hit. Generation Six - prompt injection against AI email agents - is underway, and the playbook for getting ahead of it already exists.

13 min read
AI Strategy·Mar 30, 2026

The Economics of On-Premises AI: A Decision Framework for Leaders Spending $10K+ Monthly on Cloud Inference

When DeepSeek proved that frontier-class AI could run on a fraction of the expected hardware, it changed the infrastructure calculus for every business running AI in production. Fourteen months later, 93% of enterprises are reevaluating where their AI workloads run. This is the decision framework - grounded in real TCO data - that separates strategic infrastructure choices from expensive defaults.

11 min read
Security·Mar 29, 2026

Deploying MCP-Connected Agents Securely: Lessons From the First Year in Production

MCP has become the standard protocol for connecting AI agents to business tools - databases, APIs, file systems, and more. As adoption accelerated through 2025, a handful of real-world incidents revealed the security patterns that matter most. Here is the practical playbook for deploying MCP-connected agents with confidence, informed by what actually went wrong and how leading teams prevent it.

10 min read
AI Strategy·Mar 28, 2026

The 5 Controls That Separate Reliable AI Agents From Costly Mistakes

Air Canada, Chevrolet, Meta, Nippon Life, and DPD all made headlines for AI agent incidents. In every case, the underlying model worked exactly as designed - the gap was in the accountability infrastructure around it. This article breaks down five documented cases, extracts the pattern behind each failure, and maps the five engineering controls that experienced teams implement before deployment. The regulatory landscape has caught up: California AB 316, the EU AI Act, and FTC Operation AI Comply all now enforce what smart implementers already practice.

14 min read
AI Strategy·Mar 27, 2026

How the Top 12% of Companies Are Getting Real ROI From AI Agents

PwC surveyed 4,454 CEOs and found a sharp divide: 12% reported AI that both grew revenue and cut costs, while most saw little return. Meta reports 30% higher output per engineer. Teams using AI agents save 10-12 hours per week. The difference is not which model you picked. It is whether anyone built the system around your actual business.

9 min read
AI & Marketing·Mar 26, 2026

ChatGPT Visitors Convert at 5x the Rate of Google Traffic. Here Is How to Capture That Advantage.

Visitors arriving from ChatGPT convert at 14% - roughly five times the rate of traditional Google organic traffic. Brands cited in AI Overviews earn 35% more clicks and 91% more paid engagement. The businesses capturing this advantage share a clear pattern: they have made their expertise visible and extractable across the platforms AI systems actually pull from. Here is the data-backed playbook.

12 min read