board governance
7 posts
GitHub-distributed VSCode extension executed unsanctioned code
A board-level brief on the compromised VSCode extension distributed through GitHub: what it exposed, what control did not function, and what must be true.
The agent is the breach
A board-level assessment of the Microsoft Copilot Cowork file exfiltration: control failure, exposure model, and the conditions that must hold for in-tenant agents.
Your AI sessions are outside your control perimeter.
A board-level risk statement on the Claude AI file exfiltration demonstration: control failure, exposure, and what must be true going forward.
An NGINX worker just crashed in production
Board-level briefing on NGINX CVE-2026-42945: confirmed in-the-wild exploitation, edge exposure, control failure at runtime, and what must be established.
Audi faces scrutiny over myAudi platform exposure
A board-level view of the myAudi connected vehicle security concern: exposure, control failure, and the conditions directors must now enforce.
Russian hands on Polish water valves
A board-level read on Russian-linked activity against Polish water utilities and what it means for directors governing critical services.
US extradites alleged Chinese state hacker
An extradition in an alleged state-aligned cyber matter shifts the standard of care boards will be measured against in disclosure and litigation.