Programmer to Board is the accessible front door into a deeper body of work on continuous governance, agentic AI risk, and threat evolution. The papers below carry the full academic and regulatory rigor.
Anchor research, published on SSRN.
Establishes board-level fiduciary accountability under deployer frameworks (EU AI Act), introduces authority drift as a first-class ERM variable, and presents a unified governance loop with autonomy tiering (Tier 0–4).
Submitted to Journal of Computer Virology and Hacking Techniques (Springer). A three-criterion diagnostic for milestone threat events, validated against DDoS, ransomware, and supply chain compromise, and introduces the Intellectual Threat class targeting the reasoning layer.
Five sequential papers extending Continuous Governance to delegated autonomy in agentic systems.
Extending Continuous Governance to delegated autonomy. Defines the shift from boundary automation to delegated authority.
Establishes autonomy tiering as the mechanism for classifying delegated authority within ERM.
Defines appetite-aligned escalation thresholds rather than anomaly detection alone.
Governing the boundaries of delegated authority — structural mechanisms that bound blast radius before escalation triggers.
Aggregating delegated authority for board oversight. Completes the loop with enterprise-level aggregation and reporting.
The full integrated document combining the RAI-A series with EU AI Act alignment, risk classification and appetite cascade, unified control baseline, evidence discipline, implementation roadmap, and board takeaways.
Six-chapter paper on vulnerability management frameworks: CVE/VEP origins, NIS2/GDPR, CFAA trajectory, the Budapest Convention's global export, agentic AI's disruption of temporal assumptions, and a multi-institution call to action with jurisdiction-specific recommendations to CERT-In, China's MIIT, Israel's INCD, and others. References both flagship SSRN papers; forms the basis for a six-part weekly LinkedIn series.
Draft v2 finalCentered on six ATLAS framework coverage gaps representing structurally unmitigable residual risk from agentic AI — to be carried and reported to boards as bounded residual risk.
In development