Documentation, Guides,
and Research.
Documentation
Full integration guides, CLI reference, and API documentation will be published when KYDE reaches public availability.
The Shadow AI Trilogy. Three interconnected guides that form the complete playbook for discovering, classifying, and governing unscoped AI systems.
View Trilogy Overview →How to Detect Shadow AI
Step-by-step technical methods to identify unscoped AI systems in enterprise networks using DNS rules, SIEM queries, and behavioral patterns.
How to Classify AI Systems Under EU AI Act
Framework for determining if your AI systems are High-Risk, General-Purpose, or Low-Risk. Includes all 37 Annex III categories and obligations.
Shadow AI Governance Checklist
8-phase checklist for implementing AI governance from discovery to compliance readiness. Includes 70+ checkboxes, RACI matrix, and incident response planning.
Regulatory analysis, technical deep-dives, and operational guidance for enterprises deploying AI agents at scale.
Trust Is a Number. It Always Has Been.
Introducing the KYDE Trust Score, a behavioral rating for AI agents computed on four inputs: identity, mandate, baseline, and benchmark. Why behavior at the boundary is the only thing that ever qualifies for a score, what coverage means, and where the Trust Score goes next.
AI Agent Insurance: Liability, Coverage, and the Evidence Infrastructure
How liability is assigned under EU law (AI Act, PLD 2024, DORA), what AI agent coverage exists today (AIUC-1, Munich Re aiSure, HSB), why certification alone isn't enough, and what behavioral monitoring infrastructure makes AI agents insurable, including the four evidence requirements every enterprise must meet.
Trust Is Not a Property of Technology. It Is a Property of Infrastructure.
Every transformative technology earns trust the same way: through the confidence infrastructure that grows around it. Hartford Steam Boiler, Lloyd's aviation pools, usage-based auto insurance, and what this means for autonomous AI agents.
The Law Has Assigned Liability. Nobody Can Yet Prove What Happened.
Three EU frameworks, EU AI Act, PLD 2024, DORA, have assigned liability for AI agent failures. The DRCF 'Many Hands' problem, AIUC-1's temporal limits, and the four evidence requirements (complete, continuous, independent, tamper-evident) that liability adjudication actually requires.
The Telematics for Autonomous Systems
Usage-based auto insurance replaced proxies with real behavioral data. AI agent insurance will follow. This essay examines the technical architecture of continuous behavioral monitoring: Ed25519 signing, hash chaining, WORM storage, behavioral baselines, and why independence from the monitored system is non-negotiable.
AI Agent Governance: The Complete Enterprise Guide
What AI agent governance is, why existing approaches (provider controls, application guardrails, framework observability) fall short, the four structural requirements (identity, scope, enforcement, ledger), and what compliant governance infrastructure actually looks like.
Shadow AI: What It Is, Why It's a Risk, and How to Stop It
78% of employees using AI tools at work are using tools IT did not provision. Shadow AI is already in your production systems, here is what it looks like, why it creates regulatory exposure under GDPR and the EU AI Act, and how to govern it without killing adoption.
EU AI Act Compliance for AI Agents: The Complete Guide
Everything enterprises need to know about EU AI Act compliance for AI agents, Annex III classification, Articles 12, 14, 26 obligations, the December 2, 2027 deadline, the three structural gaps most organizations have, and a six-step action plan for building compliant infrastructure.
The US and EU Are Converging on the Same Requirements for AI Agents in Critical Infrastructure
NIST, the EU AI Act, and NIS-2 were developed independently, in different jurisdictions, over different timelines. They are converging on the same answer: traceable identity, causal context capture, tamper-evident records, in a governance layer independent of the agents it governs.
When Four Regulators Speak in Unison, the Message Is Not Optional
The UK's Digital Regulation Cooperation Forum, CMA, FCA, ICO, and Ofcom, co-signed a foresight paper on agentic AI. The core message: 'my agent did it' is not a defense. Organizational accountability is unchanged regardless of agent autonomy. Here are the seven risks, the 'Many Hands' problem, and what to do before enforcement begins.
Agent Hijacking: The Security Risk Most Enterprises Can't Even Detect
OWASP ranks Agent Goal Hijacking ASI01, the #1 risk facing autonomous AI agents. 48% of security professionals name agentic AI as the top attack vector for 2026. Classical security tools are blind to it. Here is how it works, why it evades detection, and what forensic infrastructure is actually required.
The EU AI Act Is Coming. Regardless of What Brussels Decides in May.
The Digital Omnibus trilogue collapsed on 28 April 2026. No delay has been adopted. The August 2, 2026 enforcement deadline for Annex III high-risk AI systems remains in law. Here is what the collapse means, what four scenarios exist between now and August, and what enterprises deploying AI agents must do now.
AI Agent Security, AI Governance, and Agent Enforcement: Three Categories Enterprises Are Confusing
CISOs and compliance teams are evaluating products that all describe themselves as 'AI governance', but solve fundamentally different problems. This article defines the three distinct categories, maps them to regulatory requirements, and identifies where each falls short.
Every Vendor Governs Their Stack. Nobody Governs the Chain.
Microsoft has a governance story. Google has a governance story. Every major platform vendor is building agent governance, for the agents that run inside their own stack. Nobody is building governance for what happens between stacks. That gap is not an oversight. It is where most of the risk lives.
Your Employees Are Already Using AI. You Just Don't Know How.
78% of AI users bring their own tools to work. Your employees are not waiting for your AI strategy. They already have one, and the data they're processing with it isn't yours to govern yet.
The End of the App Layer: Why MCP Changes Everything About AI Governance
MCP lets AI agents connect directly to enterprise systems, bypassing the application layer that was always the implicit governance control point. The app layer doesn't get rebuilt. It gets bypassed. Something needs to replace the control point it represented.
What Happens When an AI Agent Gets Compromised, And Nobody Has the Logs
ForcedLeak demonstrated prompt injection against production enterprise agents in 2025. The most important question it raises isn't technical, it's operational. If this happened in your environment, would you know?
Shadow AI Is Already in Your Production Systems, You Just Can't See It
Shadow AI is the same problem as Shadow IT, at a different order of magnitude. Every LLM call that touches enterprise data without logging, attribution, or scope is a liability accumulating in silence.
The Missing Layer in Every Agent Architecture
The distinction between agent core and agent harness cuts to the heart of what most enterprise deployments get wrong. Single-user architecture breaks at scale in four predictable ways. The harness isn't an add-on, for enterprise, it's the product.
HBR Just Described the Problem. Here's the Infrastructure That Solves It.
Harvard Business Review identified four frictions that derail enterprise AI agent deployments: identity, context, control, and accountability. The article stops short of specifying what the infrastructure layer looks like. That's what we build.
DORA and AI Agents: Why Your LLM Provider's Log Doesn't Satisfy Article 30
DORA is already in force. Financial entities using AI agents for operational functions have a specific problem: vendor-provided logs don't constitute an independent audit trail. Here's why, and what does.
What the EU AI Act Actually Requires for Audit Trails, And What Most Enterprises Are Missing
The enforcement deadline is August 2, 2027. Most enterprises assume their LLM provider's logs will be sufficient. They won't be. Here's what the regulation actually demands, and where the gaps are.
The frameworks KYDE is designed to address.
EU AI Act
Risk-based framework for AI systems. High-Risk AI System logging requirements.
Enforcement: Dec 2, 2027
NIS-2 Directive
Network and Information Security for essential and important entities.
In force: December 2025
DORA
Digital Operational Resilience Act for financial sector entities.
In force: January 2025
GDPR
Art. 22 covers automated decision-making. Art. 35 requires DPIA for high-risk processing.
In force