{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"Internal PKI Problems Keep Becoming Outage Risks","url":"/articles/2026-05-01-why-internal-pki-problems-keep-quietly-becoming-outage-risks/","date":"2026-07-14","summary":"Internal PKI has a special talent for being treated as somebody else\u0026rsquo;s plumbing right up until it breaks something important.\nThen everyone remembers, very suddenly, that …"},{"title":"The Problem With Single Pane of Glass Security","url":"/articles/2026-07-08-the-problem-with-single-pane-of-glass-security-platforms/","date":"2026-07-08","summary":"Every generation of security platform marketing rediscovers the same pitch: too many tools, too much context switching, analysts drowning in disconnected consoles. The solution is …"},{"title":"Asset Inventory Is Still an Embarrassing Problem","url":"/articles/2026-05-01-why-asset-inventory-is-still-the-most-embarrassing-security-problem-in-large-organizations/","date":"2026-07-07","summary":"For an industry that loves the word visibility, security remains remarkably bad at answering the oldest infrastructure question in the room: what do we actually have?\nThat should …"},{"title":"Global Information Security Day: A Vendor-Made Holiday","url":"/articles/2026-06-30-global-information-security-day-how-the-security-industry-invented-a-holiday-for-itself/","date":"2026-06-30","summary":"Today is Global Information Security Day, an awareness holiday you\u0026rsquo;ve probably never heard of despite eleven years of \u0026ldquo;global\u0026rdquo; celebration. That\u0026rsquo;s because …"},{"title":"AI Usage Discovery Is the New Shadow IT Problem","url":"/articles/2026-05-01-why-ai-usage-discovery-is-becoming-the-new-shadow-it-problem/","date":"2026-06-30","summary":"For years, shadow IT meant unsanctioned SaaS, unmanaged devices, and business teams adopting systems faster than central governance could track them.\nNow the same pattern is …"},{"title":"AI Incident Response Is Underbuilt Almost Everywhere","url":"/articles/2026-05-01-why-ai-incident-response-is-still-underbuilt-almost-everywhere/","date":"2026-06-23","summary":"Most organizations now have some language about responsible AI.\nFar fewer have a credible answer to a simpler question: what happens when an AI system causes a production problem …"},{"title":"The SIEM Did Not Fail; Your Data Model Did","url":"/articles/2026-05-01-the-siem-did-not-fail-your-data-model-did/","date":"2026-06-16","summary":"Security teams love to declare that the SIEM failed them. It is a clean story. The platform was noisy, expensive, slow, or hard to operate. Leadership understands vendor …"},{"title":"The KEV Catalog Is Useful, Not Prioritization Strategy","url":"/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/","date":"2026-06-09","summary":"The Known Exploited Vulnerabilities catalog is one of the better things to happen to enterprise vulnerability management in years. It gives defenders a cleaner signal than generic …"},{"title":"The Cloud Control Plane Is Still the Easiest Blind Spot","url":"/articles/2026-05-01-the-cloud-control-plane-is-still-the-easiest-place-to-be-blind/","date":"2026-06-02","summary":"Cloud security programs often spend their money where the infrastructure is easiest to picture.\nThey instrument workloads. They scan containers. They watch endpoints. They analyze …"},{"title":"Internet Safety Month: Child Protection Became Sales","url":"/articles/2026-06-01-national-internet-safety-month-how-child-protection-became-parental-control-software-sales/","date":"2026-06-01","summary":"June is National Internet Safety Month, which means it\u0026rsquo;s time for parents to be very, very worried about what their children are doing online. Conveniently, it\u0026rsquo;s also …"}],"news":[{"title":"CISA Adds Two Known Exploited Vulnerabilities to Catalog","url":"/news/2026-07-15-cisa-adds-two-known-exploited-vulnerabilities-to-catalog/","date":"2026-07-15","summary":"Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"CISA and Partners Publish Guidance to Help Software Manufacturers and Online Service Providers Work With ...","url":"/news/2026-07-15-cisa-and-partners-publish-guidance-to-help-software-manufacturers-and-online-service-providers-work-with/","date":"2026-07-15","summary":"Summary: CISA and Partners Publish Guidance to Help Software Manufacturers and Online Service Providers Work With \u0026hellip;\nWhy it matters: This matters if it …"},{"title":"Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers","url":"/news/2026-07-15-establishing-a-coordinated-vulnerability-disclosure-program-to-work-with-security-researchers/","date":"2026-07-15","summary":"Summary: Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best practices for software …"},{"title":"The US is advancing AI safety through state and federal action","url":"/news/2026-07-15-the-us-is-advancing-ai-safety-through-state-and-federal-action/","date":"2026-07-15","summary":"Summary: OpenAI outlines a “reverse federalism” approach to AI governance, where state laws help build a national framework for safe, democratic AI.\nWhy it …"},{"title":"GPT-Red: Unlocking Self-Improvement for Robustness","url":"/news/2026-07-15-gpt-red-unlocking-self-improvement-for-robustness/","date":"2026-07-15","summary":"Summary: Explore GPT-Red, OpenAI’s automated red teaming system that uses self-play to improve AI safety, alignment, and prompt injection robustness.\nWhy it …"},{"title":"Opinion 21/2026 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding ...","url":"/news/2026-07-15-opinion-21-2026-on-the-draft-decision-of-the-irish-supervisory-authority-regarding-the-controller-binding/","date":"2026-07-15","summary":"Summary: Opinion 21/2026 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding \u0026hellip;\nWhy it matters: This matters if it …"},{"title":"Opinion 20/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding ...","url":"/news/2026-07-15-opinion-20-2026-on-the-draft-decision-of-the-dutch-supervisory-authority-regarding-the-controller-binding/","date":"2026-07-15","summary":"Summary: Opinion 20/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding \u0026hellip;\nWhy it matters: This matters if it …"},{"title":"Binding Decision 1/2026 on the dispute submitted by the Belgian SA on Vlaamse Radio-en ...","url":"/news/2026-07-14-binding-decision-1-2026-on-the-dispute-submitted-by-the-belgian-sa-on-vlaamse-radio-en/","date":"2026-07-14","summary":"Summary: Binding Decision 1/2026 on the dispute submitted by the Belgian SA on Vlaamse Radio-en \u0026hellip;\nWhy it matters: This matters if it changes how teams …"},{"title":"ABB Ability Edgenius","url":"/news/2026-07-14-abb-ability-edgenius/","date":"2026-07-14","summary":"Summary: View CSAF Summary ABB is aware of public reports of a vulnerability CVE‑2026‑31431 (Copy Fail) in the product versions listed as affected in the …"},{"title":"ABB Advant Master Online Builder","url":"/news/2026-07-14-abb-advant-master-online-builder/","date":"2026-07-14","summary":"Summary: View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory, where an incorrect version of Online …"}]}