Loops Moved the Work Up a Level. The Risk Moved Down One.
The field moved from prompting agents to designing the loops that run them. The developer conversation has the right cautions. Inside a regulated enterprise, the loop's connectors reach actions that do not reverse, and what the agent sends to the model is a disclosure on its own.
Two Postures on the Agent Call Path
Two postures. etect above the path. A control watches behavior and flags what looks wrong. Enforce on the path. A control sits inline, in the request itself. One tells you what happened. The other decides whether it happens.
Mythos, Daybreak, and the System Around the Model
A restricted frontier model leaked into a proxy this week before its evaluation finished. It raises the question two cyber systems already posed: is the capability the model, or the system around it? On offense, mostly the system. On defense, that answer is where the moat sits.
The Strategy Behind Open-Sourcing Shield
Free developer tools as a wedge into enterprise security is a known pattern. Here is why APERION ran it on purpose, and what we expect it to do.
The CISO's Guide to Runtime Governance for AI Agents
If you run security at a regulated enterprise, you already have AI agents in production. You may not
Agent of an Agent
When an agent spawns another agent, the authority chain gets longer and the audit trail gets thinner. The runtime layer is the only place that can prove what actually happened at the end of the chain.
The Trust Fabric: A four-layer architecture for governing AI agents
The Trust Fabric, a four-layer architecture for governing AI agents
The 51-Point Gap: Why Enterprise AI Security Doesn't Match Adoption
Fifty-five percent of enterprises run agentic AI. Four percent are confident in their security posture. The 51-point gap is the runtime governance market, and the reasons it exists explain why workflow and identity governance alone do not close it.
Six Intelligence Agencies Just Published the Runtime Governance Spec
NSA, CISA, ASD's ACSC, Canadian Cyber Centre, NCSC-NZ, NCSC-UK. Thirty pages. The recommended controls map directly to the runtime plane that workflow platforms do not address.
Why We Open-Sourced Shield
Agents in Cursor and Claude Code run tool calls you never see in a PR. DROP DATABASE in a generated migration. rm -rf in a cleanup script. Shield blocks the destructive operations before they execute, and we open-sourced it under Apache 2.0.
Runtime Plane vs Workflow Plane: The New AI Governance Split
Microsoft and ServiceNow both claimed the workflow plane in five days. The runtime plane is still open. Here is why that matters for enterprise AI procurement.
Two Weeks, Three Deals: The Agent Control Plane Is Being Assembled
ServiceNow Armis. Palo Alto Portkey. Cisco Astrix. In thirteen days the enterprise security incumbents stacked three deals onto the agent-era control plane. Each one occupies a different layer.