Security conversations lean on a small set of recurring concepts — lineage, blast radius, containment, chain of custody — that are usually explained assuming the listener already half-knows them. This series does the opposite: it starts from the plain, everyday meaning of the words themselves, builds up one small idea at a time, and ends with a concrete test or example you can use immediately. Every abbreviation is spelled out the first time it appears.
More field guides
-
Field guide
Anti-Patterns Catalogue
Twenty-five named security failure modes in agentic AI (across twenty-six articles), each with a definition, a hypothetical scenario, and a layered remediation grounded in current industry frameworks.
-
Playbook
Self-Test Playbook
A paste-ready prompt pack you run against your own agent’s code, with twenty-five targeted security checks and a red-team prompt.
-
Field guide
Release Engineering
Eight chapters on shipping an agent to a customer environment: delivery models, signing, the pin file, the bootstrap repo, ephemeral runners, hygiene, cadence and rollback.
-
Field guide
Supply-Chain Trust
Judging third-party code, packages, actions, images and models before you trust them — provenance signals, independent verification, danger-surface review, and safe handling, grounded in OpenSSF, SLSA, NIST, OWASP and MITRE.
-
Field guide
Getting Quantum-Safe
A vendor-neutral post-quantum readiness field guide: what quantum computers break (RSA, ECC, TLS, PKI), the finalised NIST standards (ML-KEM, ML-DSA, SLH-DSA), a five-phase readiness assessment with a CBOM and maturity model, migration on real platforms, and what it all means for AI.