Where TealTiger Fits in the Enterprise AI Governance Stack (v1.1.1)
TealTiger’s scope today: execution-time governance and evidence, not lifecycle governance replacement.
The TealTiger Blog
Engineering notes on deterministic AI governance, agent security, and runtime enforcement for production AI systems.
Mythos Threat → Control Matrix
Converts Mythos-class threat patterns into governance failures and controls aligned to governance dimensions.
TealTiger v1.1.1: Enterprise-Grade AI Agent Security — Zero Infrastructure Required
A deep dive into TealTiger v1.1.1 — the open-source AI agent security SDK with policy enforcement, guardrails, circuit breakers, audit logging, and 7-provide...
Why Agent Memory Is the Next Attack Surface
Agentic systems don't just think—they remember. Every memory read/write becomes a security boundary that must be governed deterministically.
Toward Provable AI Governance: Why Agent Security Needs Math, Not Just Guardrails
As AI systems become agentic and multi-step, heuristic guardrails no longer scale. This post explains why future AI governance must be grounded in provable, ...
Stop Guessing Policy Thresholds: A Game-Theoretic View of AI Guardrails
Static thresholds in AI guardrails fail under adaptive pressure. A game-theoretic lens explains why—and what principled enforcement could look like.
From Tool Calls to Trajectories: Using Markov Models to Catch Agent Loops and Escalations
Single events rarely explain agent risk. Markov models make sequences measurable—highlighting loops, rare transitions, and escalation paths in audit-friendly...
Entropy as a Security Signal: Detecting Exfiltration and Prompt Injection Without Training Data
Entropy and distribution shift can act as lightweight, model-agnostic security signals—useful for early warning, not as proof.
TealTiger vs AIGoat: 100% Catch Rate Against OWASP LLM Top 10 Red Team Attacks
We ran TealTiger v1.1.0 against AIGoat's OWASP LLM Top 10 attack corpus. 27 attacks, 27 caught. Here's what we tested, what each layer catches, and why defen...
Why Runtime Enforcement Beats Static Evaluation
Offline evaluations are necessary—but insufficient. In agentic AI systems, real risk emerges at runtime, not in test suites.
Cost Is a Security Boundary in AI Systems
Runaway spend isn’t just an optimization problem—it’s a production incident class. In agentic AI, cost must be governed like privilege.
Logging Is Not Governance
Observability tells you what happened. Governance decides what is allowed to happen. In agentic AI, confusing the two is a production incident waiting to hap...
Blast-Radius Control for AI Agents
You cannot prevent every failure in agentic AI systems. What you can do is contain them. Blast-radius control is the missing discipline.
Zero Trust for Agentic AI: Runtime Verification, Not Network Slogans
Why traditional Zero Trust doesn’t fully cover AI agents—and how policy enforcement at runtime reduces blast radius for tools, data egress, and spend.
Why Prompt-Only Guardrails Fail in Production
Prompting an LLM to behave safely is not enforcement. In real systems, guardrails must exist at runtime, not only in prompts.