Writing
- note CVEAgentNet and the Next Control Plane for Vulnerability Management
A short note on agentic vulnerability collaboration, continuous assurance, and why the next frontier is connecting enriched security intelligence to bounded action and verification.
- memo The Next AI Bottleneck Is Delegated Authority
NIST is starting to standardize it. DARPA is starting to research it. Defense acquisition is starting to buy for it. The missing layer is the control plane.
- paper Continuous Assurance Fabric Reference Architecture (CAF-RA)
A reference architecture for governed, scalable continuous assurance at mission tempo, with policy-governed swarm adjudication, replayable evidence, and enforced remediation closure.
- memo Don't Put Frontier AI Under ITAR: A Blunt Instrument for a Dual-Use Reality
A policy memo arguing against sweeping ITAR treatment for frontier AI and proposing a targeted control framework centered on dual-use export controls, defense-unique controls, and enforceable operational provenance.
- memo Stand Up Delegated Autonomy Directorate (DAD) as a Joint Control Plane Authority
Decision memo recommending immediate standup of a Delegated Autonomy Directorate (DAD) as a joint authority to accelerate trusted delegated autonomy at mission tempo.
- paper Agent Control Plane Reference Architecture (ACP-RA)
A reference architecture for governed, scalable agentic autonomy—single agents and swarms—aligned to DoD CIO patterns (Zero Trust, ICAM, CNAP, DevSecOps, cATO) and designed for contested/degraded operations.
- note Notes: Research that shaped ACP-RA (agent security, tool use, evaluation)
Reading notes on prompt injection, tool-use at scale, and execution-based evaluation that drove ACP-RA design choices (gateways, envelopes, evidence, anti-replay, and upgrade discipline).
- paper From AI Force Multiplication to Force Creation
A white paper on agentic autonomy, trust scopes, and strategic imperatives for defense.
- paper From PDFs to Pull Requests
Code-as-Policy: transforming Department of Defense policy workflows with DevSecOps, version control, and continuous verification.