Prompt Injection Defence Beyond Input Filtering
Input filtering alone is not a defence against prompt injection. The layered architecture that keeps an LLM-driven system from being walked off its rails.
Read the piece ↗ Security as
a design property
Application security, AI safety, access control, audit, regulatory mapping (SOC 2, GDPR, EU AI Act) and the practice behind systems that are worth a regulator's signature and a customer's data.
Security and Trust
Prompt Injection Defence Beyond Input Filtering
Input filtering alone is not a defence against prompt injection. The layered architecture that keeps an LLM-driven system from being walked off its rails.
Security and Trust
EU AI Act Mapping for Engineering Teams
What the EU AI Act actually requires of an engineering team: the four risk tiers, the documentation burden, and the timeline that already started in 2025.
Security and Trust
SOC 2 for Engineering Teams: The Evidence Plan
SOC 2 is less about new controls and more about evidence the controls already exist. The engineering work that turns 'we already do this' into a passing audit.
Security and Trust
Secret Rotation Without an Outage
Rotating secrets sounds simple until production breaks because two services hold different keys. The dual-key pattern that rotates with zero downtime.