Security

I wrote this article for Ippon on February 10, 2026. The enthusiasm around projects like OpenClaw—an open-source framework enabling autonomous task execution across messaging platforms, file systems, and enterprise APIs—reveals a critical blind spot in enterprise technology governance. For an entire week, I heard nothing but discussions of moltbots, OpenClaw, Clawd, and various implementations being created with these tools. But when I realized the permissions being exposed and how enterprises were approaching agent governance, I felt compelled to document this moment in AI history. ...

The Real Problem: Production, Not Prototypes Everyone can demo generative AI. Almost no one can run it safely in production. Enterprises in finance, healthcare, and the public sector aren’t blocked by technology capabilities—they’re blocked by governance requirements that today’s AI implementations rarely satisfy. These organizations face three critical blockers: Data leakage risk: Sensitive information, from PII to trade secrets, flowing through public model APIs Lack of auditability: No reliable record of prompts, responses, or who accessed what information Unclear ownership: Ambiguous rights over prompt engineering IP, training data, and generated outputs AWS customers don’t want AI that behaves like a chatbot toy. They need AI that behaves like enterprise infrastructure: secured, monitored, audited, governed, and compliant with their existing security posture. ...

Here’s what should make every security leader uncomfortable: organizations routinely deploy vulnerable code to production to meet delivery deadlines. Not because they don’t care about security. Because security can’t keep up. Over 60% of organizations update their web applications weekly or more frequently. Nearly 75% test those applications for security monthly or less. The math doesn’t work. The gap between development velocity and security validation grows wider every sprint. At re:Invent 2024, AWS CEO Matt Garman announced AWS Security Agent—not as another security scanning tool to add to the pile, but as a fundamentally different approach to the problem. ...

Enhancing Security: Adding AWS Cognito Authentication to Your Serverless App Our serverless survey application is a great example of a modern cloud native application. It’s fast, scalable, and cost-effective. But it’s missing one critical feature: user authentication. In this post, we’ll walk through how to add robust, secure authentication using AWS Cognito. Why Add Authentication? Right now, anyone can vote, and anyone can reset the entire survey. In a real-world application, we need to control access. Authentication allows us to: ...