Skip to main content

> Stack

The Security and Governance Stack

Incidents where compliance checkboxes replace actual security, until a breach proves the difference.

"The audit passed. The attacker didn't read the audit."

What this stack means

This stack explores the dangerous illusion of safety created by bureaucratic security processes.

Why this stack exists

Because it is easier to measure compliance with a framework than it is to measure actual resilience to an attack.

Common Failure Patterns

  • compliance without security
  • secret sprawl
  • third-party supply chain vulnerability
  • over-privileged access
  • security as a roadblock

Prevention Checklist

  • Integrate security testing into the CI/CD pipeline, not just annual audits.
  • Implement least privilege access by default.
  • Regularly rotate secrets and audit third-party integrations.

Detection Signals

  • Security teams discovering architecture changes months after deployment.
  • Developers hoarding admin credentials to bypass slow approval processes.
  • Alert fatigue causing critical security warnings to be ignored.

Incidents in The Security and Governance Stack

Reference
The Agentic Operations StackAgentic AI Incidents

Agent Followed Prompt Literally

"The chaos was predictable."

Pattern: autonomous approval drift
Read Incident →
Reference
The Security and Governance StackSecurity, Compliance and Audit

Retry Policy Tried Too Hard

"The chaos was predictable."

Pattern: compliance theater
Read Incident →
Reference
The Security and Governance StackSecurity, Compliance and Audit

Architecture Review Became Therapy

"The chaos was predictable."

Pattern: compliance theater
Read Incident →
Reference
The Security and Governance StackSecurity, Compliance and Audit

Release Train Had No Brakes

"The chaos was predictable."

Pattern: compliance theater
Read Incident →
Reference
The Agentic Operations StackAgentic AI Incidents

The Agent Opened a Pull Request

"The chaos was predictable."

Pattern: autonomous approval drift
Read Incident →
Reference
The Agentic Operations StackAgentic AI Incidents

The Pull Request Opened a Question

"The chaos was predictable."

Pattern: autonomous approval drift
Read Incident →
Reference
The Agentic Operations StackAgentic AI Incidents

The Prompt Was Approved by Procurement

"The chaos was predictable."

Pattern: autonomous approval drift
Read Incident →
Reference
The Agentic Operations StackAgentic AI Incidents

The Governance Board Approved the Risk

"The chaos was predictable."

Pattern: autonomous approval drift
Read Incident →
Reference
EP16The Agentic Operations StackAgentic AI Incidents

The Agent Followed the Prompt Literally

"The core technical takeaway from 'The Agent Followed the Prompt Literally' is that isolated decisions scale poorly."

Pattern: autonomous approval drift
Read Incident →
Reference
EP41The Agentic Operations StackAgentic AI Incidents

The Agent Opened a Pull Request

"The core technical takeaway from 'The Agent Opened a Pull Request' is that isolated decisions scale poorly."

Pattern: autonomous approval drift
Read Incident →
Reference
EP42The Agentic Operations StackAgentic AI Incidents

The Pull Request Opened a Question

"The core technical takeaway from 'The Pull Request Opened a Question' is that isolated decisions scale poorly."

Pattern: autonomous approval drift
Read Incident →
Reference
EP52The Agentic Operations StackAgentic AI Incidents

The Prompt Was Approved by Procurement

"The core technical takeaway from 'The Prompt Was Approved by Procurement' is that isolated decisions scale poorly."

Pattern: autonomous approval drift
Read Incident →

The Security and Governance Stack - Frequently Asked Questions

What is this stack?

Controls that look good on paper but fail in practice.

AI Summary

Incidents where compliance checkboxes replace actual security, until a breach proves the difference.