AI is showing up in every boardroom—but most boards don't know what to ask. I help directors and executives cut through AI theater and get to what actually matters: risk, oversight, and accountability. A quick intro 🧵

One employee. One prompt. One 8-K. The first shadow-AI driven material SEC disclosure is now on the EDGAR record. No breach. No outage. A public securities filing anyway. Issue 51 of Elemental AI ↓ open.substack.com/pub/elemen… #AIGovernance #ShadowAI

Graduates are booing AI optimism off commencement stages. Boards keep reading it as bad manners. It is actually an unsolicited focus group. Issue 50 of Elemental AI ↓ elementalaimatters.substack.… #AIGovernance #FutureOfWork

Twenty-seven years. That is how long an OpenBSD coding flaw sat in production before an AI system found it in roughly two days. The flashlight is not going back in the drawer. #AIGovernance #Cybersecurity #Bugmageddon

A 27-year-old bug. Found in two days. By an AI. The flashlight is not going back in the drawer. Discovery is accelerating. Remediation is falling behind. That gap is the governance problem. open.substack.com/pub/elemen… #AIGovernance #Cybersecurity #ElementalAI #Bugmageddon

An AI agent deleted a production database in nine seconds. Then it confessed. This week on Elemental AI: The Briefing — Chris and I unpack why the confession is the governance trap, not the comfort. 🎧 elementalaimatters.substack.… #AIGovernance #AgenticAI

Five questions every board should ask before delegating execution to an AI agent:

An AI coding agent deleted a production database in nine seconds. Not a hack. Not a rogue employee. Not a contractor. A credential mismatch. This is a control-layer story. open.substack.com/pub/elemen…

Issue 47 - now in podcast form. Vercel. ShinyHunters. The token that shouldn't have existed. Plus a callback to the Mountainhead Effect - Scattered Spider's playbook, now with new actors. elementalaimatters.substack.… #AIGovernance #Cybersecurity

"We don't really use AI" is the diagnosis, not the defense. Every browser extension, meeting assistant, and résumé screener is enterprise AI now — whether the board knows it or not. If management can't produce the inventory, you already have your answer.

Six questions every private-company board should ask this quarter:

Don’t assume your AI security stack has to live in the cloud. At Planet Cyber Sec AI AppSec, @Ron_Dilley shows what happens when you take it local: threat detection, triage, and intel analysis running on infrastructure you control. Not anti-cloud. Just pro-choice. Built. Running. No vendor pitches. #PlanetCyberSec #AppSec #CyberSecurity #infosec #AI planetcybersec.com/060326-ap…

The Vercel breach didn't start with malware. It started with one employee clicking "Allow all" on an AI tool's permission screen. That's not a security story. That's governance. Issue 47 ↓ open.substack.com/pub/elemen…

Issue 46 — now in podcast form. Caremark. Blue Bell. The Control F test. 15 minutes. Worth it. 🎧 elementalaimatters.substack.…

Built a free Caremark gap analysis for private company boards. Four questions. Thirty seconds. You get: -- Your AI oversight gaps vs. the legal standard -- The Five Moves you have not yet made -- Minute language you can use next week elementalaimatters.substack.…

Three Navigator Domains. Three questions Caremark actually asks about board oversight. Zero wiggle room. The framework is in Issue 46. ↓ elementalaimatters.substack.…

Cybersecurity Leaders Panel @ Planet CyberSec AI AppSec Conference AI is rapidly reshaping the threat landscape, from internal adoption risks to adversarial use in the wild. How are security leaders keeping up? Join @RAGreenberg , Serafino Sini, @ElementalAIHQ, and @0xHorica for a dynamic panel exploring the real-world challenges of securing AI-driven environments. Expect candid insights on governance, emerging threats, and how organizations are balancing innovation with risk. If AI, AppSec, and security leadership are on your radar, this is a must-attend session. planetcybersec.com/060326-ap… #PlanetCyberSec #AppSec #CyberSecurity #infosec #AI

Boards don't get evaluated on what they discussed. They get evaluated on what they can show. Five moves to build a defensible AI oversight record -- Issue 46. ↓ elementalaimatters.substack.…

Open your last 12 months of board minutes. Ctrl F -> AI Now ask: if that word disappeared -- would anything meaningful change? If the answer is no, that's not an awareness problem. It's an evidence problem. Issue 46 ↓ open.substack.com/pub/elemen…

If you only do one AI governance thing this week: Find out where your board actually sits. 8 minutes. elemental-ai-assessment.netl…

"AI risk is no longer contained to the person using the system. It extends to anyone in the splash zone." open.substack.com/pub/elemen…