Compliance

On March 18, Meta's internal AI agent exposed sensitive user and company data to engineers who shouldn't have seen it. The exposure lasted two hours. Meta classified it as Sev-1. Here's the part that should concern every security architect: the agent was fully authenticated. It had valid credentials. It passed every identity check. And it still caused a data breach. This is the post-authentication gap.

Last year, researchers disclosed EchoLeak (CVE-2025-32711), a zero-click Indirect Prompt Injection in Microsoft 365 Copilot. A poisoned email forced the AI assistant to silently exfiltrate sensitive business data to an external URL. The user never saw it, never clicked a link, and never authorized the transfer, but the data left anyway. Most leaders I talk to think they are "covered" because their LLM provider is SOC2 compliant or has a signed DPA. However, in the eyes of the law, the liability remains with the deployer

Storage costs can quickly add up as data volumes grow. Automatic tiering is a powerful technique that can help optimize storage expenses by moving data between different storage tiers based on its access patterns and business requirements. With multi-cloud environments tiering is even more important as it can help you leverage the best storage options across different cloud providers. In this article, I will discuss building a solution around automatic tiering using MinIO as the storage backend.

Creating microservices within the constraints of multi-tenancy, privacy and compliance can present challenges that need to be thought through. In this blog we will discuss some of these challenges especially around resource contention, data isolation, data governance and compliance, focussing on potential thought frameworks to consider.