I spend my working days securing how a company uses AI: an LLM gateway in front of every model call, guardrails inspecting what goes in and out, and governance for the tools people actually use (and the ones they’re not supposed to).
Most of what’s written about AI security is either vendor marketing or academic threat taxonomies. What’s missing is the middle: what it actually looks like to run this inside a real company — what the OWASP LLM Top 10 means when it’s your developers’ traffic, what shadow AI looks like in the logs, which guardrails fire constantly and which never fire at all.
That’s what this column is for. Field notes, not pitches.
More soon — lights out, and away we go.