Posts
All the articles I've posted.
-
Designing an Evidence-Grounded AI Reporting Agent for Enterprise PAM Governance
A system design walkthrough for building an evidence-grounded, auditable AI reporting agent for enterprise PAM governance.
-
Controlling permissions and access in AI agents: a system design guide.
A system design guide to governing AI agents across identity, orchestration, and runtime behaviour using IAM, token scopes, audit logs, and explicit residual-risk documentation.
-
Is IAM the right tool to control AI agents? It depends on how you build them.
A practical look at where IAM fits in AI agent governance, where it only partially helps, and where runtime controls are still needed.
-
The silent credential: how to secure the OAuth token your app is already carrying.
Updated:A practical guide to securing OAuth tokens with safe browser storage, PKCE, Backend for Frontend, refresh rotation, and revocation strategies.