Thoughts on AI risk, governance, and adoption strategy for teams where mistakes are expensive.
Interview series with operators inside the AI deployment chain. Builders, researchers, founders. The people who see the audit-evidence gap before anyone else does.
See the seriesMontgomery Kuykendall on why most governance tooling is cloud observability in a compliance costume, and what an honest record of a decision actually has to contain.
Read moreMohammad Moradi, MD, on why clinical AI governance keeps missing the actual clinical decision. Convergent evidence from inside the clinic: the audit-trail break happens nowhere near the model.
Read morePolicy documents are aspirational. Hooks are structural. One describes what should happen. The other makes it happen. Here's the 4-layer hook architecture that enforces AI governance without depending on the AI remembering the rules.
Read moreAI systems that improve themselves sound great until you realize nobody's watching what they improve. Self-modification without guardrails is how you get systems that optimize for the wrong thing.
Read moreUsing one AI model for everything is like using one tool for every job. Here's how I route tasks to the right model based on what each one actually does well.
Read moreOne-shot AI generation is like first-draft writing. Sometimes brilliant. Usually not. The fix isn't hoping for a better first try -- it's building a loop that won't stop until quality passes.
Read moreYour AI has no process. You give it a task, it does something, you hope it's right. Here's the 5-phase workflow that turns AI from a slot machine into an engineering system.
Read moreWe're not building an AI governance tool. We're building work provenance infrastructure for the AI office. The difference matters.
Read moreThe trust layer is Apache 2.0. Forever. The convenience layer is how we make money. Here's exactly where the line is, and why we drew it there.
Read moreYour team shipped 3x more code this quarter thanks to AI. Can they still evaluate whether the code is correct? If you're not measuring that, you're not governing.
Read moreHow connascence analysis delivers 1,343% first-year returns. ROI claims in dev tooling are usually hand-wavy. Here's mine with the math shown.
Read moreChris Hood spent years writing the philosophy. I spent years building the infrastructure. In April 2026, the book launches. Here's how the theory becomes code.
Read moreFive minutes. One YAML file. Every PR gets risk-tiered, evidence-sealed, and audit-ready. No infrastructure to deploy. No vendor to onboard.
Read moreEvery trading algorithm change needs a paper trail. Every compliance report needs an audit log. Most firms do this manually. That doesn't scale.
Read moreBlocking bad code without blocking developer productivity. Configurable thresholds that adapt to context, not rigid rules that get bypassed.
Read moreA single spreadsheet change in a clinical trial submission can delay an FDA approval by months. When AI assists that change, you need more than a checkbox.
Read moreYou already automate deployments and tests. Why aren't you automating governance? Eleven n8n nodes turn every workflow into a governed pipeline.
Read moreYour CISO says no code can leave the network. Your VP Engineering wants AI code review. These aren't contradictory -- they just require a different architecture.
Read moreYour HIPAA compliance program generates evidence from manual processes. When 60% of changes are AI-assisted, rubric packs generate the evidence automatically.
Read moreOutput formats that integrate with GitHub, Azure, and beyond. Your analyzer is useless if nobody sees the results.
Read moreThe connector SDK lets you turn any data source into a governed evidence stream with two method implementations. Here is how to build one.
Read moreDisconnect from the internet, hand the output to a third-party auditor who has never heard of your vendor, and ask them to verify the evidence is intact. If they cannot, you do not have governance.
Read more9 types of dependency every developer should know. The word 'coupling' tells you nothing useful. Connascence tells you exactly what's wrong and how to fix it.
Read moreMost AI code review tools use AI to judge risk. That is backwards. GuardSpine uses deterministic classification: metadata and content patterns, not model judgment.
Read moreAn evidence bundle is a cryptographically sealed package that proves what changed, what rules fired, who approved, and why. Here is how it works, byte by byte.
Read moreThree commands. Ten minutes. Audit-grade evidence for every AI-assisted change in your codebase. No vendor dependency. No telemetry. Apache 2.0.
Read moreGitHub covers code. DocuSign covers signatures. Nobody covers what AI actually changed inside a document. GuardSpine fills that gap with an open-source trust layer and four Guard Lanes.
Read moreThe full picture: from vibe coding crisis to work provenance infrastructure.
Read moreHow image diffing turned a code review tool into a governance platform. Four guard lanes, deterministic diffs, and the architecture that emerged.
Read moreFrom risk tiers and AI councils to a working GitHub Action that produces audit-grade evidence as a side effect of code review.
Read moreI published a code quality analyzer with 54 MCP tools, 14 agent access profiles, and zero configuration. It runs inside your AI session and finds coupling patterns your linter never will.
Read moreMy AI reads my calendar, drafts email replies, and pulls context from previous conversations -- all through MCP servers that took about an hour to set up.
Read moreI run 12 MCP servers. Loading them all at once burns 60K tokens before my AI reads a single line of code. Here's how I split them into always-on and on-demand tiers.
Read moreMy connascence analyzer runs on code that my AI agents generate. The agents use the analyzer's feedback to improve their next generation. The tool tests the maker.
Read moreYour AI is exactly as good as it was when you deployed it. Without feedback loops, it stays frozen while the world moves.
Read moreFrom git push to production in under 5 minutes. GitHub Actions builds the container, Trivy scans it, Docker Hub stores it, Railway deploys it. No manual steps.
Read moreMost teams have a development loop. Fewer have a planning loop. Almost none close the quality loop back into planning. That's why the same bugs keep showing up.
Read moreMost distributed compute projects solve a scaling problem. This one solves a trust problem -- verifying work was done correctly when the workers are anonymous.
Read morePareto-optimal AI configurations discovered through multi-objective optimization. Real numbers, real trade-offs, automatic switching.
Read moreThe attack surface of AI-assisted development: prompt injection, model poisoning, rubber-stamp approvals, evidence forgery, and how to defend against each.
Read moreTraditional diffs show what characters changed. Semantic diffs show what the code means differently. Why AST-level analysis and AI understanding matter for governance.
Read moreThe operational nightmare of maintaining governance policies across hundreds of repositories, and how centralized policy with inheritance solves it.
Read moreDevOps has observability. Governance does not. Here are the metrics you should be tracking: review coverage, evidence completeness, model disagreement, escalation frequency, and policy drift.
Read moreYour auditor asks for proof. Your team scrambles. Here is the math on what that scramble costs and what governance saves.
Read moreWhat changes when you go from governing one repository to governing an entire organization. Centralized policy, per-team overrides, and role-based escalation.
Read moreGovernance does not have to be a bottleneck. Run it in parallel with your tests, generate evidence asynchronously, and gate deployment without adding latency.
Read moreHow GlobalMOO and PyMOO discover optimal AI configurations through multi-objective search. Real numbers, real trade-offs.
Read moreYour CI/CD pipeline has no governance layer and ripping it out is not an option. GuardSpine's API takes a diff, returns an evidence bundle. Webhooks, REST, and drop-in integration.
Read moreThe problem with trusting AI-generated code blindly. How GuardSpine creates an audit trail for every AI-assisted change with model attribution and prompt provenance.
Read moreWhy annual compliance audits fail in an AI-first world. How GuardSpine generates continuous compliance evidence that maps to SOC 2 Type II, HIPAA, and PCI DSS.
Read moreVERIX -- a grammar for AI honesty. How explicit claim properties make AI outputs auditable and trustworthy.
Read moreThe metrics that matter for AI governance: review velocity, evidence bundle rates, risk distribution, model agreement scores, and escalation frequency.
Read moreWhen to escalate from AI review to human review. GuardSpine's escalation triggers, L3-L4 risk routing, and the anti-hollowing case for keeping humans sharp.
Read moreA pipeline that turns 20+ hours of weekly AI content consumption into synthesized blog posts using a 3-model Byzantine debate and quality gates.
Read moreManaging 207 AI agents without a dashboard meant no visibility into stuck processes, duplicated work, or wasted tokens. So I built one.
Read moreYour governance policy is a 47-page PDF that nobody has read since the last audit. Turn it into executable YAML that runs on every pull request with real HIPAA and SOC 2 examples.
Read moreEvery post on this blog passes a 4-dimension quality gate before it goes live. The build fails if the slop score exceeds 30%. This post included.
Read moreA trading system that scales from $200 to $10M through 13 progressive gates. Each gate unlocks more capital only after the previous one proves it won't lose money.
Read moreYour server-side secret scanner found the API key after it already hit the remote repo, CI logs, and three caches. PII-Shield runs WASM at the edge to catch secrets before they cross any trust boundary.
Read moreGuardSpine's open-core model puts every trust component in open source and every convenience component behind a license. Here is why that split matters and how it compares to Snyk and HashiCorp.
Read moreBinary pass/fail code review tells you nothing about how risky a change actually is. GuardSpine's multi-dimensional risk scoring gives you a number you can act on, trend over time, and defend to auditors.
Read moreNot every code change deserves the same scrutiny. GuardSpine's four guard lanes route changes by risk -- from express-lane documentation fixes to full-council critical reviews. Here is how the routing works.
Read moreExecution vs Planning vs Brainstorming -- different tasks need different memory retrieval parameters.
Read moreChromaDB, HippoRAG, and Bayesian inference in one retrieval system.
Read moreA single AI model reviewing code has the same problem as a single human reviewer: blind spots. GuardSpine's multi-model council uses Claude, GPT, and Gemini to catch what no single model can.
Read moreA GuardSpine evidence bundle is a JSON file that proves what changed, who reviewed it, what rules applied, and why the merge was authorized. Here is every field, explained with real examples.
Read moreMost recursive self-improvement either converges to mediocrity or oscillates forever. Here's the pattern that stabilizes in 3-4 iterations.
Read moreMetadata that makes AI memory searchable and accountable. Four required fields that turn write-only vector stores into auditable knowledge systems.
Read moreYour AI forgets everything between sessions -- here's the triple-layer architecture that fixes it with decay scoring, content categorization, and memory budget management.
Read moreGuardSpine is an open-source governance layer for AI-assisted development. It captures what changed, classifies risk, routes review, and seals proof into tamper-evident evidence bundles. Here is how it works.
Read moreAI can review code faster than any human. But speed without proof is just rubber-stamping with extra steps. The gap between AI reviewing code and proving it reviewed correctly is where governance lives.
Read moreLinus's Law applied to AI review -- multiple models catch what one human misses. But only if you do it right.
Read moreWhy risk tiers, not tools -- and how biological safety levels led me to L0-L4.
Read morePDFs, spreadsheets, contracts, images -- AI is rewriting every artifact in your office. Nobody's diffing any of it.
Read moreA markdown file wiped $285 billion off the stock market. Every analyst who dug into it landed on the same conclusion: the next premium in enterprise software is proof of process. They described our evidence bundles without knowing we exist.
Read moreWhen AI writes 80% of the PR, what exactly is the reviewer approving? The structural mismatch between AI velocity and human review capacity is the quiet crisis nobody's talking about.
Read moreGitHub shows that someone clicked approve. It doesn't show what they reviewed, what risks were present, or why approval was reasonable. That distinction just became expensive.
Read moreThe attention economy applies to AI the same way it applies to humans. Context windows are finite. Progressive disclosure isn't a nice-to-have - it's the fundamental constraint.
Read moreEnterprise AI adoption is approaching an inflection point. Organizations upgrading to newer models without infrastructure readiness will see marginal gains.
Read moreThe future isn't evenly distributed. 2026 is the year of the AI flywheel - and that changes everything if you act now.
Read moreWhat the last week of 2025 reveals about where AI is actually heading - and what biotech teams should watch in 2026.
Read moreMost AI tools forget everything between sessions. I built a 3-part system to fix that. Here's what actually works for production AI at scale.
Read moreAutomated auditing feels like losing control. It's actually how you scale judgment. Here's why the teams that embrace constraints ship faster.
Read moreRussian speakers see blues differently. Turkish speakers track information sources better. What if AI models encode these cognitive patterns too—and we can activate them strategically?
Read moreEveryone's building AI workflows with code metaphors. The better model is motion capture—recording expert thinking as auditable, replicable processes that AI can execute.
Read moreFor two decades, STEM was the safe bet. AI is reversing that—models respond to precise vocabulary, and liberal arts majors have it.
Read moreThe real constraint isn't model quality—it's that most enterprise knowledge work has no ground truth to validate against. Organizations that define falsifiable success conditions will win.
Read moreMost AI advice focuses on speed. The more interesting capability is access to compressed expertise from communities you'll never be part of.
Read moreSoftware development used to be pyramid construction. With AI tools, building is cheap. Rebuilding is cheap. So what replaces the old model?
Read moreMost biotech VPs are rushing to adopt AI tools. The smart ones are building governance frameworks first. Here's why that distinction matters for reducing risk.
Read morePublished on other platforms
Exploring how shared human archetypes shape AI behavior - a comprehensive analysis of archetypes and communication
Nanostructure research examining nanopillar structures and their effects on E. coli growth
Retrospective on workshop design, delivery, and community building
These pieces show my scientific and probabilistic background, which informs how I teach AI risk and reliability.