Suny Choudhary

Building AI Security for LLMs | CEO @ LangProtect

Good framing. Security assessments only work when they look beyond tooling. A company can have strong products in place and still fail because access reviews are weak, processes are unclear, or people don’t know what “secure behavior” looks like in daily work. The people, process, technology split is still one of the most practical ways to find real gaps.

Manuela Schrittwieser

Full-Stack AI Dev 👩🏻‍💻 & Tech Writer

1d ago

Precisely. The PPT (People, Process, Technology) framework remains the industry standard because it addresses the systemic dependencies that technical controls alone cannot solve. A secure-by-design infrastructure is often undermined by insecure-by-habit workflows.

That’s exactly where most programs break. Even when infra is secure by design, the actual risk shows up in everyday workflows. People bypass steps, share data differently, or use tools in ways policies never accounted for.

Feels like the gap now is less about defining controls and more about seeing how they behave in real usage.

Popular posts

Popular posts

Search Hashnode