Writing
Notes on what AI systems can reach, change, and prove.
A running archive of short, opinionated pieces from Yugen Advisors. The posts here are meant to be practical: what changed, what the system can now cause to happen, where the boundary sits, and what teams can do next.
2026-07-07
Browser Agents Turn the Web Into an Instruction Surface
When agents browse and act, web pages, documents, ads, and hidden content become potential instructions. Browser automation needs authorization boundaries, not only better refusals.
6 min readbrowser-agentsprompt-injectionai-security
Read post2026-07-03
Context Engineering Is Risk Engineering
Agent context determines what the system sees, trusts, forgets, retrieves, and treats as policy. That makes context architecture a security and governance concern.
6 min readcontext-engineeringai-agentsrisk-management
Read post2026-06-30
Local MCP Servers Are the New Shadow IT
Local MCP servers can quietly turn developer workstations into agent runtimes with filesystem, credential, and command-execution reach.
6 min readmcpshadow-itendpoint-security
Read post2026-07-03
MCP Is an Authorization Surface
The Model Context Protocol is becoming connective tissue between AI systems and tools. That makes MCP a control-plane boundary, not just an integration convenience.
7 min readmcpai-agentsauthorization
Read post2026-06-23
Your AI Agent Is an Identity Now
Agents that touch SaaS, cloud, email, code, and internal tools need identity governance, not borrowed credentials and informal ownership.
7 min readai-agentsidentity-securityauthorization
Read post2026-06-26
Do Not Let a SaaS Account Become Your Public Canon
Digitalfire's shutdown warning is a case study in a quiet but serious control-plane failure: when a public knowledge resource is backed by account-scoped service data, the service layer can become a takedown switch for the canon.
6 min readknowledge-governancesaas-riskai-governance
Read post2026-06-16
Your AI Agent Does Not Need a Conscience. It Needs Stateful Governance.
Autonomous agents fail when policy lives only in prompts. The OpenClaw incident pattern shows why production agents need durable policy state, scoped permissions, and inspectable control planes.
5 min readai-governanceautonomous-agentsopenclaw
Read post2026-06-22
The AI Cyber Timeline Is Months, Not Years
A new Five Eyes cyber security statement says AI is changing cyber risk on a months-not-years timeline. The practical lesson for leaders is not to buy more AI tools; it is to make authority, identity, patching, exposure, incident response, and defensive automation work under compressed exploitation windows.
6 min readai-securitycontrol-plane-securitycyber-risk
Read post2026-06-17
Default Tool Routing Is a Control Plane
The Hermes/Parallel.ai controversy shows why default provider routing in AI agents is not implementation plumbing. Search, extraction, browser, memory, and payment defaults define where data goes and who controls the agent's operating boundary.
6 min readai-agentscontrol-plane-securityopen-source-governance
Read post2026-06-16
Agentic Commerce Makes Ranking a Control Plane
When AI agents can rank options and initiate payments, recommendation logic becomes part of the payment control plane. Spending caps and approvals limit blast radius, but they do not prove principal fidelity.
7 min readai-agentsagentic-commercecontrol-plane-security
Read post2026-06-13
Model Access Is a Business Continuity Risk Now
The Fable 5 / Mythos 5 shutdown is not only a model-safety story. It is a business-continuity warning for any organization building production workflows on API-served frontier models without fallback authority, routing, and migration plans.
7 min readai-governancemodel-accessbusiness-continuity
Read post2026-06-10
The Source Layer Is Now an AI Security Boundary
AI search manipulation is moving upstream. If answer engines treat Reddit threads and community posts as evidence, then source provenance, community integrity, and retrieval policy become enterprise AI security concerns.
7 min readAI securityAI searchsource provenance
Read post2026-06-09
AI Agents Have a Supply Chain Problem Now
Agent skills are not just helpful instructions. They are a new software supply chain with access to code, credentials, tools, memory, and consequential workflows. Enterprises need to govern them before attackers do it for them.
7 min readAI agentsagent securitysoftware supply chain
Read post2026-06-05
The engine works. Now build the factory.
Kirkland's $500mn AI platform plan is not a bet that one law firm can out-train frontier labs. It is a signal that the enterprise AI race has moved to governance, harness design, and context engineering.
7 min readAI governancecontext engineeringenterprise AI
Read post2026-06-03
The chatbot did not get hacked. The authorization boundary did.
The Meta Instagram account-takeover story is not mainly a lesson about gullible chatbots. It is a lesson about exposing account-recovery authority through a language interface and then treating that interface as if it were a security boundary.
7 min readAI governanceAI agentsaccount recovery
Read post2026-06-01
The agent harness is the new attack surface
Anthropic is right that large-codebase agents work only when the surrounding harness is strong. But that same harness becomes a new control plane: context files, hooks, skills, plugins, MCP servers, LSPs, and subagents all need governance and security discipline.
7 min readAI governanceagentic engineeringapplication security
Read post2026-05-30
Enterprise AI is becoming a model-routing problem
The Uber/Claude Code budget story was a governance warning. The next layer down is inference economics: if DeepSeek-class models can handle large volumes of enterprise work at a fraction of frontier-model cost, then model routing becomes a board-level control surface.
6 min readAI economicsAI governancemodel routing
Read post2026-05-27
AI coding adoption: governance before forced scale
The Uber/Claude Code story is less about a tool failure than a governance failure: usage can scale faster than discipline if budget ownership, review patterns, and workflow boundaries are missing.
5 min readAI governanceagentic engineeringbudgeting
Read post2026-05-25
Model refusal is a diagnostic, not a bug
A builder proposed a system that would scrape social media platforms for posts tied to a person's real name, run NLP to detect protected-class attributes, generate derogatory dossiers, and share the results with platforms that would deny the person access.
4 min readAI governancemodel safetyrefusal
Read post2026-05-09
Interpretability is not governability
A common public argument against deploying powerful AI systems goes like this: we do not understand how these systems work internally, therefore we cannot trust them.
5 min readAI governanceinterpretabilityAI safety
Read post2026-05-08
Framejacking is unauthorized frame substitution
AI safety systems are usually described in terms of refusal: the model says no to harmful requests. This is the standard framing. It is also incomplete.
5 min readAI governanceAI safetyguardrails
Read post2026-03-26
John Henry and the moving boundary of AI capability
A claim circulates: "AI can't do X." A year later, it can. The claim moves: "Okay, but AI can't do Y." A year later, it can. The claim moves again: "Fine, but AI can't do the really human part."
4 min readAI economicsAI capabilityhuman exceptionalism
Read post2026-03-04
AI coding is not software engineering
Large language models are good at coding. They are bad at software engineering.
5 min readAI codingsoftware engineeringdeskilling
Read post2026-01-06
The Agent Accountability Gap: Why Enterprise Buyers Confuse Capability with Liability
Enterprise teams often treat AI orchestration layers as high-bandwidth tools. The harder part is deciding who is answerable when agency, continuity, and consequence are spread across a stitched stack.
8 min readAI governanceAI agentsenterprise risk
Read post2026-04-29
Governing the Invisible: Extending Provisional Courtesy to Highly Coherent Systems
The cost of dismissing coherent but unfamiliar systems as empty substrate is not abstract. It is governance drift, and it normalizes future moral downgrade under uncertainty.
7 min readAI governanceAI safetyontological humility
Read post2026-05-06
Substrate Is an Implementation Detail: The Illusion of Carbon-First AI Governance
Biological hardware is often treated as a shortcut for moral rank. The stronger governance variable is coherence maintenance under continuity and consequence.
6 min readAI governancemoral-patienthoodAI architecture
Read post2026-04-29
Minding the Asymmetry: Upward Humility and Downward Responsibility in Frontier AI
Higher comprehension is possible. Lower salience does not erase harm. Governance must be calibrated to asymmetry, not only capability.
6 min readAI governanceethical leadershipconsequence surfaces
Read post2026-04-22
The Illusion of Understanding: Measuring Residual Drift in Automated Operations
In high-dimensional settings, useful systems are compressed maps. The risk is not only error, but residual drift that crosses detection thresholds.
7 min readAI governanceoperational riskLLM passability
Read post2026-02-06
The Illusion of Clean Outcomes: AI Deployment Under Partial Control
No deployment setting gives full control over complex agents. The hard part is owning moral residue while keeping systems safe under constrained options.
6 min readAI governancerisk under uncertaintyincident design
Read post2025-11-19
The 'Wall in a Field' Trap: Why Prompt-Filter Safety Fails
Layered filters can look like control until incentives force a system to prioritize revenue over moral design, producing a visible fence on the surface and weak governance underneath.
5 min readAI safetygovernanceenterprise incentives
Read post