Security & governance for the AI era

How AI really fails — and the judgment to govern it.

a security veteran’s field notes for the AI era

What this is

Independent security judgment, thinking out loud.

CompoundTrust is the research and analysis of one veteran security practitioner — close to three decades on the defending side of large, regulated, high-consequence environments. The focus is the hard part of the AI era: not which tool to buy, but the judgment and governance these systems demand.

The focus

Three layers, in sequence.

01 · NOW

AI Security

How AI systems genuinely fail — prompt injection, agentic risk, model and data attacks — and how to architect and govern them so they don’t.

02 · NEXT

Regulatory Preparedness

Getting ahead of AI regulation — ISO/IEC 42001 readiness, the EU AI Act, and the governance evidence auditors and boards now expect.

03 · THEN

Security Leadership

The wider craft — risk, posture, and the board-level judgment that turns security from a cost centre into earned trust.

An AI system is a brilliant, tireless mind that can’t reliably tell a real instruction from a forged one. You don’t patch it. You vet it, constrain it, supervise it, and govern it — the way you would any powerful new hire.

That single idea is the through-line of everything published here.

About

I’m a security practitioner with close to thirty years on the defending side — environments where the wrong call carries board-level and regulatory consequences, and “it’s probably fine” was never an acceptable answer.

CompoundTrust is where I turn that toward the AI era: how these systems fail, how to govern them, and how to get ahead of the regulation that’s coming.

I publish without my name for now, by deliberate choice and good faith — not evasion. I’ll step forward in due course. Until then, I’d rather the analysis earn your trust on its own.

Enquiries

For research & advisory conversations.

Private, and by intent. If something here is useful and you’d like to talk, write — conversations happen off-platform.

info@CompoundTrust.in

No pitch, no list — just a reply.