Talks & News

Risky Business #837 — Evaluating agentic AI amid AI fatigue

May 2026 Risky Business podcast (with Patrick Gray)

Guest segment on evaluating agentic AI in security, and how organizations are cutting through 'AI fatigue' to make real decisions about deployment.

View

Trust, Then Autonomy: A New Framework for Evaluating Security AI

May 2026 AKJ AI Security Summit 2026

#Talk #AI Governance

Talk introducing the five-level autonomy framework, evidence ladder, and three architectural foundations for evaluating earned autonomy in deployed AI systems.

View

How Sublime's AI Agents Are Secure by Design

April 2026 Sublime Security blog

#Writing #Agentic Systems

Architectural deep-dive on tool scoping, platform-enforced authorization, prompt injection mitigation, and graduated oversight for production LLM agents.

View

CAMLIS 2025: Evaluating LLM-Generated Detection Rules

September 2025 Conference on Applied Machine Learning in Information Security (CAMLIS) 2025

#Paper #Evaluation

Paper accepted at CAMLIS 2025 — an open-source benchmark and three metrics (detection accuracy, economic cost of syntactic correctness, robustness of query) for measuring LLM-generated security rules.

View

Risky Biz News — The spam/email bombing problem

May 2025 Risky Business News (with Catalin Cimpanu)

#Podcast #Email Security

Sponsor interview on the rising use of spam bombing and email bombing as initial-access techniques in modern intrusion campaigns.

View