Documentation, Guides,
and Research.
Documentation
Full integration guides, CLI reference, and API documentation will be published when KYDE reaches public availability.
The Shadow AI Trilogy. Three interconnected guides that form the complete playbook for discovering, classifying, and governing unscoped AI systems.
View Trilogy Overview →How to Detect Shadow AI
Step-by-step technical methods to identify unscoped AI systems in enterprise networks using DNS rules, SIEM queries, and behavioral patterns.
How to Classify AI Systems Under EU AI Act
Framework for determining if your AI systems are High-Risk, General-Purpose, or Low-Risk. Includes all 37 Annex III categories and obligations.
Shadow AI Governance Checklist
8-phase checklist for implementing AI governance from discovery to compliance readiness. Includes 70+ checkboxes, RACI matrix, and incident response planning.
Regulatory analysis, technical deep-dives, and operational guidance for enterprises deploying AI agents at scale.
The US and EU Are Converging on the Same Requirements for AI Agents in Critical Infrastructure
NIST, the EU AI Act, and NIS-2 were developed independently, in different jurisdictions, over different timelines. They are converging on the same answer: traceable identity, causal context capture, tamper-evident records — in a governance layer independent of the agents it governs.
When Four Regulators Speak in Unison, the Message Is Not Optional
The UK's Digital Regulation Cooperation Forum — CMA, FCA, ICO, and Ofcom — co-signed a foresight paper on agentic AI. The core message: 'my agent did it' is not a defense. Organizational accountability is unchanged regardless of agent autonomy. Here are the seven risks, the 'Many Hands' problem, and what to do before enforcement begins.
Agent Hijacking: The Security Risk Most Enterprises Can't Even Detect
OWASP ranks Agent Goal Hijacking ASI01 — the #1 risk facing autonomous AI agents. 48% of security professionals name agentic AI as the top attack vector for 2026. Classical security tools are blind to it. Here is how it works, why it evades detection, and what forensic infrastructure is actually required.
The EU AI Act Is Coming. Regardless of What Brussels Decides in May.
The Digital Omnibus trilogue collapsed on 28 April 2026. No delay has been adopted. The August 2, 2026 enforcement deadline for Annex III high-risk AI systems remains in law. Here is what the collapse means, what four scenarios exist between now and August, and what enterprises deploying AI agents must do now.
AI Agent Security, AI Governance, and Agent Enforcement: Three Categories Enterprises Are Confusing
CISOs and compliance teams are evaluating products that all describe themselves as 'AI governance' — but solve fundamentally different problems. This article defines the three distinct categories, maps them to regulatory requirements, and identifies where each falls short.
Every Vendor Governs Their Stack. Nobody Governs the Chain.
Microsoft has a governance story. Google has a governance story. Every major platform vendor is building agent governance — for the agents that run inside their own stack. Nobody is building governance for what happens between stacks. That gap is not an oversight. It is where most of the risk lives.
Your Employees Are Already Using AI. You Just Don't Know How.
78% of AI users bring their own tools to work. Your employees are not waiting for your AI strategy. They already have one — and the data they're processing with it isn't yours to govern yet.
The End of the App Layer: Why MCP Changes Everything About AI Governance
MCP lets AI agents connect directly to enterprise systems — bypassing the application layer that was always the implicit governance control point. The app layer doesn't get rebuilt. It gets bypassed. Something needs to replace the control point it represented.
What Happens When an AI Agent Gets Compromised — And Nobody Has the Logs
ForcedLeak demonstrated prompt injection against production enterprise agents in 2025. The most important question it raises isn't technical — it's operational. If this happened in your environment, would you know?
Shadow AI Is Already in Your Production Systems — You Just Can't See It
Shadow AI is the same problem as Shadow IT — at a different order of magnitude. Every LLM call that touches enterprise data without logging, attribution, or scope is a liability accumulating in silence.
The Missing Layer in Every Agent Architecture
The distinction between agent core and agent harness cuts to the heart of what most enterprise deployments get wrong. Single-user architecture breaks at scale in four predictable ways. The harness isn't an add-on — for enterprise, it's the product.
HBR Just Described the Problem. Here's the Infrastructure That Solves It.
Harvard Business Review identified four frictions that derail enterprise AI agent deployments: identity, context, control, and accountability. The article stops short of specifying what the infrastructure layer looks like. That's what we build.
DORA and AI Agents: Why Your LLM Provider's Log Doesn't Satisfy Article 30
DORA is already in force. Financial entities using AI agents for operational functions have a specific problem: vendor-provided logs don't constitute an independent audit trail. Here's why — and what does.
What the EU AI Act Actually Requires for Audit Trails — And What Most Enterprises Are Missing
The enforcement deadline is August 2, 2027. Most enterprises assume their LLM provider's logs will be sufficient. They won't be. Here's what the regulation actually demands — and where the gaps are.
The frameworks KYDE is designed to address.
EU AI Act
Risk-based framework for AI systems. High-Risk AI System logging requirements.
Enforcement: August 2, 2027
NIS-2 Directive
Network and Information Security for essential and important entities.
In force: December 2025
DORA
Digital Operational Resilience Act for financial sector entities.
In force: January 2025
GDPR
Art. 22 covers automated decision-making. Art. 35 requires DPIA for high-risk processing.
In force