Kris Moore

The Guardrail

AI governance, security architecture, and compliance intelligence for CISOs, security architects, and GRC professionals. Frameworks, incidents, deadlines, and best practices — analyzed with evidence, delivered with practitioner focus. AI-Assisted Production: Research and editorial direction by Kristopher Moore. Scripts developed with Claude (Anthropic). Narration by AI voice synthesis (Microsoft Edge TTS). All content is human-directed and editorially reviewed.

Author

Kris Moore

Category

Technology

Podcast website

podcasters.spotify.com

Latest episode

Jun 24, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Three Customers, One Landlord 24.06.2026

The CTO episode that shipped this morning surfaces the strategic and financial frame of the compute-trade picture — three frontier customers paying into a single landlord's compute book, with a $80B aggregate commitment through 2029, an application layer folded under the same corporate parent, and the substrate-layer shift reshaping the rent-vs-build calculus underneath all of it. This is the...

Fix or Pull............. 24.06.2026

What happens when the regulator pulls your frontier vendor? The 2026-06-12 Commerce Department directive that disabled Claude Fable 5 + Mythos 5 globally for any foreign national set a precedent every CISO needs to underwrite. This episode walks the three governance gaps the recall exposes, the xAI safety-incident stack, the open-weight-as-risk-hedge calculus with its Chinese-vendor counter-exposu...

The stack came into focus 16.06.2026

Four layers. Model, Harness, Control Plane, Connective Tissue. Most enterprise AI governance programs in 2026 govern the Model layer (vendor due diligence, model approval, EU AI Act high-risk classification, third-party-eval intake) and leave the other three layers ungoverned. The cycle's incidents tell the story — the Claude Code GitHub Action CVE on June 1 landed at the Harness layer; the Op...

Architecture, Not Checklists 15.05.2026

On May 1, six allied cyber agencies (the Five Eyes plus the Canadian Centre for Cyber Security and the Australian Signals Directorate) published thirty pages of joint guidance on agentic-AI security — twenty-three named risks, over one hundred best practices, organized into five stacked-dependency risk categories. The board-deck misread is to map it onto a control matrix. The document is an archit...

Trust at the Seam, Continued 04.05.2026

Two questions worth answering this week. What is your engineering team running right now — the canonical AI coding tool you authorized, or a fork routed through a backend you do not control, configured by files an attacker can write into your repository? And if the foundation lab anchoring your AI roadmap stumbles on revenue, sits in active corporate-form litigation, and warns its own CFO about a...

Move at Your Pace, Own the Outcome 25.04.2026

Two incidents this month. Same structural lesson. The perimeter where trust actually breaks in 2026 is not inside the model — it is at the seam around the model. This episode walks the Mythos vendor-access incident and the Sullivan and Cromwell AI-verification incident as paired calibrations of where AI-era failure modes actually sit, then layers in four adjacent threads: a new research consensus...

Force Multiplier — Cyber + Kinetic 21.04.2026

Explicit UPDATE to Ep 4 "When AI Hacks AI." Three arcs: (1) Claude Code antimalware filter backfiring (Tim Becker + 5-incident casebook, Adversa CC-643 deny-rule bypass, fake-Claude supply-chain campaigns, Cyber Verification Program 2-day SLA); (2) Cyber war 2026 update — Iran-US Feb 28 escalation, APT42 AI-persona tradecraft, CISA AA26-097A Iranian PLC targeting, Salt Typhoon LOTL attri...

Do Your Own Work 08.04.2026

Yesterday, April7, 2026, Anthropic released Claude Mythos Preview through Project Glasswing. During pre-release testing, Mythos found a 27-year-old bug in OpenBSD that theworld's most security-focused operating system project had missed for nearlythree decades. It also found a 17-year-old remote code execution in FreeBSD,plus additional issues across FFmpeg, the Linux kernel, and major browser...

When Courts Draw the Red Lines 03.04.2026

Description: First judicial precedent protecting AI safety, Mythos frontier threat leak, ten-state legislation surge, EU AI Act timeline split, and the Pentagon's compliance paradox. A federal judge issued the first judicial precedent protecting AI safety principles, ruling the Pentagon's retaliatory "supply chain risk" designation of Anthropic was "classic illegal First Ame...

The Federal-State Collision 25.03.2026

The most consequential week for AI governance practitioners in 2026: the White House released a seven-pillar National AI Policy Framework urging federal preemption of state AI laws, the New York RAISE Act took effect with 72-hour safety incident reporting, and the OpenClaw agent platform suffered the first major AI agent security crisis of the year with 1,184 confirmed malicious skills and four cr...

When AI Hacks AI — The McKinsey Lilli Breach and What It Means for Enterprise AI Security 14.03.2026

A special topic episode covering the most consequential AI platform security incident disclosed to date — now updated with state-sponsored threat context and NDAA policy deadlines. On March 9th, 2026, an autonomous offensive security agent compromised McKinsey's internal AI platform Lilli in approximately two hours. The entry vector was SQL injection — a vulnerability class from the 1990s — th...

The Quality Crisis: When Moving Fast Breaks More Than It Ships 12.03.2026

The AI industry spent 2025 moving fast. This episode is about what broke — and why the real danger isn't the technology itself. AI-generated code now creates 1.7x more issues than human-written code in production. Security flaws appear in 45% of AI-generated output. AI-generated code is now the cause of 1 in 5 breaches. Pull requests per author increased 20% — but incidents per pull request gr...

Over Their Skis: How the Race to AI Powered Engineering Is Outrunning Governance at Machine Pace 07.03.2026

A comprehensive landscape assessment of AI coding agent governance. 85% of developers use AI coding tools. 41% of all code is AI-generated. Only 6% of organizations have an advanced AI security strategy. This episode maps the full attack surface: AI coding agents (GitHub Copilot, Claude Code, Cursor at $9B valuation), MCP protocol security (30 CVEs in 60 days, 38% of servers lack authentication, 4...

When Safety Becomes the Threat 04.03.2026

The U.S. government just designated an American AI safety company as a supply-chain risk to national security — for refusing to remove its guardrails. In this inaugural episode: MCP's 97 million SDK downloads with zero security standards, AI-enabled attacks hitting 29-minute breakout times, three compliance deadlines converging by August, Google API keys quietly gaining AI access, and the larg...

Listen to the The Guardrail podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.