I ran a scanner on my own network and found AI quietly sending data out of the country.
What an afternoon with my own traffic turned up — and the question it left me with.
Read on LinkedInI write the deep dives here first — canonical, unhurried, ungated. Then I share them, and the best of what I'm reading, on LinkedIn, dev.to and X.
You can't audit a model that retrains — you audit the trail. What to capture, how to seal it tamper-evident, and how to replay one decision when the auditor asks.
What to find, what to fence off, and what to formalize — before unsanctioned AI shows up as an audit finding.
The exact frameworks, guardrails and shadow-AI assessment I run on real engagements — for the people who'll be in the room when the auditor asks "who approved this?"
Not articles — just the threads, posts and notes worth your time, hand-picked from where I work in the open. Links go out to the original.
What an afternoon with my own traffic turned up — and the question it left me with.
Read on LinkedInThe method, the eTLD+1 matching trick, and the blind spot vendor blogs skip.
Read on dev.toAutomation, legacy modernization & safe AI adoption. Free: the AI-Adoption-Without-Audit-Failure checklist.