AI security, written by people who ship the controls.
Architecture patterns, framework comparisons, and incident retrospectives from the STACK Vault engineering team. No abstractions, no vendor fluff.
Latest from engineering
Architecture, evaluation, incident response, and the boring middle of running AI in production.
Why We Stopped Sandboxing Agents and What We Do Instead
Sandboxes don't survive contact with multi-step plans. The capability-graph approach that replaced ours, and what it cost.
Read articleA Pattern Language for LLM Output Validation
We catalogued 31 output-validation patterns across our customers. The 8 that worked, the 14 that mostly worked, and the 9 to avoid.
Read articleReference-Free RAG Evaluation: A Year of Calibration Data
Twelve months of reference-free RAG scoring against ground truth. Where it works, where it falls apart, and how we calibrate.
Read articleHow AI Threats Drive Compliance Requirements
AI-specific security risks map directly to compliance control requirements. Understanding the threat landscape helps you implement the controls you need for SOC 2, HIPAA, ISO 27001, and regulatory frameworks.
Prompt Injection Risk → Access Controls
Prompt injection attacks bypass intended access boundaries. Maps to SOC 2 CC6 (Access Control), ISO 27001 A.7.1 (Physical Access), and incident response requirements.
Data Leakage Risk → Data Protection Controls
AI models can exfiltrate sensitive data from training sets or prompts. Maps to HIPAA Safeguards (data protection), PCI-DSS encryption requirements, and GDPR data minimization.
Model Poisoning → Change Management
Adversarial model updates bypass intended behavior. Maps to SOC 2 CC7 (Change Management), ISO 27001 A.14 (System Acquisition, Development), and NIST CSF Detection function.