Context Engineering on Your Terms
•Brian Fending
Runtime proxies promise to compress your AI context window automatically. A file-based approach trades that convenience for something more valuable: visibility into exactly what your AI sees.
Articles
Thoughts and insights on technology, leadership, and software engineering.
"Stability Bias" Is The New "Fight Club" in ChatGPT
•Brian Fending
When I asked ChatGPT to review a post critical of OpenAI, it applied disproportionate editorial standards that shifted based on which company was being critiqued. It eventually admitted the asymmetry.
AI Enablement Is Not AI Governance
•Brian Fending
Organizations conflate AI Governance and AI Enablement, treating fundamentally different capabilities as the same job. Governance manages risk through guardrails and approval processes. Enablement builds capability through training, coaching, and change management. You need both, but they require different skills, and conflating them means one will fail.
The Monkeys, the Librarian, and the Magician: Why LLMs aren't an absolute path to AGI
•Brian Fending
The hockey stick curves toward AGI that populate pitch decks assume scaling LLMs will yield qualitatively different results. Three metaphors illuminate the structural limits: the verification wall, the interpolation ceiling, and the perception gap between demos and production.
From Shadow IT to Shadow AI: A Practitioner's Guide to Discovery and Containment
•Brian Fending
Shadow AI represents a fundamental shift in how unauthorized technology enters the enterprise. Where shadow IT required deliberate procurement decisions, shadow AI often arrives embedded in existing approved platforms, creating governance challenges that demand new approaches to discovery and containment.
The MCP Security Problem
•Brian Fending
Recent research exposed over 3,000 MCP servers through a single path traversal vulnerability in centralized infrastructure. Every AI integration creates security debt we have few ways to track, and most organizations are flying blind on what's actually running.
A Blueprint for Rebuilding Your Consulting Practice Around Assessments
•Brian Fending
Rebuilding MADE, Inc. for the Age of AI: A blueprint for transforming a dormant consulting practice into an AI-powered assessment platform that demonstrates methodology through action, showing how modern development enables sophisticated consulting platforms.
Implementing NIST AI RMF: Managing (Part 4 of 4)
•Brian Fending
Operationalizing governance at scale: moving from pilot purgatory to production deployment while maintaining control. Part 4 transforms NIST frameworks into sustainable operations that deliver consistent business value without collapsing under operational complexity.
Implementing NIST AI RMF: Measuring (Part 3 of 4)
•Brian Fending
Beyond trust theater: implementing metrics that actually matter for AI trustworthiness. Part 3 transforms measurement from technical performance dashboards to systematic evaluation of the seven NIST characteristics that determine whether AI systems are safe to deploy.
Implementing NIST AI RMF: Mapping (Part 2 of 4)
•Brian Fending
The real AI governance crisis isn't the models you've formally approved, it's the ones you don't know exist. Part 2 tackles the visibility gap that's creating compliance exposure and security risks.
Implementing NIST AI RMF: Governing (Part 1 of 4)
•Brian Fending
Transforming the NIST AI Risk Management Framework from compliance theater to strategic enablement. Part 1 focuses on governance structures that accelerate AI adoption while managing real risks.
Rethinking Team Topologies for AI-Augmented Development
•Brian Fending
Exploring how AI integration is reshaping software development team structures and the evolution from traditional PRD workflows to AI-augmented collaboration patterns.
The Governance Gap: Why Top-Down Risk Management is Critical
•Brian Fending
McKinsey's latest research reveals a striking gap between GRC aspiration and implementation reality, further making the case for top-down approaches to risk management.
The Matrix Approach to Incremental DRP and BCP Review
•Brian Fending
A multi-dimensional framework for maintaining disaster recovery and business continuity plans through incremental reviews, addressing the gap between documentation and actual recovery capabilities.
A Risk Management Analysis of Google's A2A and Anthropic's MCP
•Brian Fending
Examining how traditional risk frameworks apply to emerging AI technologies, with a focus on agent-to-agent communication systems and multi-context planning.