3d ago · 3 min read · Part 5 of the series "EU Web Security: 10 Steps to a Better Rating" Why security.txt A security researcher finds a vulnerability on your website. Who do they contact? Without security.txt: They search your site, find info@, send an email. It lands w...
Join discussion3d ago · 3 min read · Logs can explain what a service thought happened. They do not prove what happened. Klevar Docs needed an audit trail for rendered documents, invoice events, credit note applications, signatures, voids, and attachments. The usual answer is an events t...
Join discussion3d ago · 4 min read · The first FZE letterhead looked fine. That was the problem. The rendered PDF had the right legal name, the right registration label, the right address, the right contact line, and the right visual structure. It passed the visual check because every v...
Join discussion3d ago · 4 min read · Deploying AI agents without governance is like giving every employee admin access to every system. It might work for a demo, but it's a liability in production. Enterprise AI agent governance is the set of policies, controls, and audit mechanisms tha...
Join discussion4d ago · 2 min read · The IETF Internet-Draft for AI agent Compliance Receipts grew up. What started as a binding to EU AI Act Article 12 is now a bindings table across nine regulatory regimes: EU AI Act, DORA, NYDFS Part 500, Colorado AI Act, Texas TRAIGA, NIST AI RMF, C...
Join discussion5d ago · 10 min read · If your team is running Claude Code in production, you can probably tell me what it can do. The harder question is what it actually did last Tuesday at 3pm — which Bash calls ran, against which repo, with what exit code. The PostToolUse hook is the l...
Join discussion5d ago · 6 min read · When we started building a multi-agent compliance system, we thought the hard part would be making agents accurate. We were wrong. The hard part is making them auditable. This post covers the architectural patterns we discovered while running 347 pro...
Join discussion
