Skip to main content

Blog

Thoughts on AI security, agentic governance, and building compliance infrastructure that actually works.

The Container Security Gap Nobody Talks About

Everyone scans images and patches CVEs. But the real container security risks are architectural — and most teams miss them entirely. Five gaps that scanners can't find.

Alvin Chang 8 Jun 2026 10 min read
Why LLM Threat Models Fail (And How to Fix Them)

STRIDE, DREAD, and attack trees break down against LLM-powered systems. The threat isn't in the data flow — it's in the reasoning flow. Here's what to do about it.

Alvin Chang 8 Jun 2026 10 min read
DevSecOps is Dead; Long Live DevOps

Why the DevSecOps vs DevOps debate is over — and what the rise of autonomous AI agents means for the next chapter of secure software delivery. From shift-left to constrain-everywhere.

Alvin Chang 8 Jun 2026 8 min read
What We Learned Building Agentic Security Workflows

Five lessons from building AWARE — from constraints before capabilities to why human approval alone can't scale. The agentic security problem is not a variation of the old one.

Alvin Chang 7 Jun 2026 7 min read