The AI-driven SaaS boom, powered by code generation, agentic workflows and rapid orchestration layers, is producing 5-person teams with £10M+ in ARR. This breakneck scale and productivity is impressive, but it’s also hiding a dangerous truth: many of these startups are operating without a secure software supply chain. In most cases, these teams either lack …
While Part 1 explored how the amendment reinforced a sanctions-led approach and repositioned AI policy within the broader cybersecurity doctrine, this second instalment shifts focus to its most understated move — the cryptographic recalibration. Executive Order 14144’s treatment of Post-Quantum Cryptography (PQC) may appear procedural at first glance, but in its omissions and realignments lies …
Trump’s latest Executive Order 14144 marks a strategic pivot in U.S. cybersecurity policy—narrowing sanctions, revoking digital ID initiatives, and mandating standards for AI and software security. In this first part of a two-part analysis, I unpack the deeper shifts beneath the headlines and highlight what practitioners, policymakers, and tech leaders need to watch.
IntroductionEurope’s compliance landscape is undergoing a seismic shift. With the proliferation of AI-driven products, tightening regulations such as ISO 27001, SOC 2, and PCI DSS, and the growing complexity of digital operations, businesses are under unprecedented pressure to stay compliant. Compliance automation and RegTech startups are rising to meet this challenge, infusing artificial intelligence and …
We built and launched a PCI-DSS aligned, co-branded credit card platform in under 100 days. Product velocity wasn’t our problem — compliance was. What slowed us wasn’t the tech stack. It was the context switch. Engineers losing hours stitching Jira tickets to Confluence tables to AWS configs. Screenshots instead of code. Slack threads instead of …
Introduction The AI industry’s safety narrative has been shattered. HiddenLayer’s recent discovery of Policy Puppetry — a universal prompt injection technique — compromises every major Large Language Model (LLM) today, including ChatGPT-4o, Gemini 2.5, Claude 3.7, and Llama 4. Unlike traditional jailbreaks that demand model-specific engineering, Policy Puppetry exploits a deeper flaw: the way LLMs …
The Myth of a Single Cyber Superpower: Why Global Infosec Can’t Rely on One Nation’s Database What the collapse of MITRE’s CVE funding reveals about fragility, sovereignty, and the silent geopolitics of vulnerability management I. The Day the Coordination Engine Stalled On April 16, 2025, MITRE’s CVE program—arguably the most critical coordination layer in global …
“Innovation doesn’t always begin in a boardroom. Sometimes, it starts in someone’s resignation email.” In April 2025, Palantir dropped a lawsuit-shaped bombshell on the tech world. It accused Guardian AI—a Y-Combinator-backed startup founded by two former Palantir employees—of stealing trade secrets. Within weeks of leaving, the founders had already launched a new platform and claimed …
Inside the Palantir Mafia: Recent Moves, New Players, and Unwritten Rules (Part 2: 2023–2025 Update) I. Introduction: The Palantir Mafia Evolves The “Palantir Mafia” has quietly become one of the most influential networks in the tech world, rivalling even the legendary PayPal Mafia. Since our last deep dive, this group of alumni from the data …
A strange sense of déjà vu is sweeping through the cybersecurity community. A threat actor claims to have breached Oracle Cloud’s federated SSO infrastructure, making off with over 6 million records. Oracle, in response, says in no uncertain terms: nothing happened. No breach. No lost data. No story. But is that the end of it? …
