Positions
Phronia's public positions on the technology market: essays and frameworks for the leaders making the decisions that matter.
When AI makes every answer nearly free, the scarce skill becomes knowing which question to ask first.
Your backup strategy almost certainly doesn't cover what your AI coding tools are doing in your repos.
When a partner shows up with a maturity assessment, every answer maps to what they sell.
If AI makes attackers faster and more adaptive, your ability to recover matters more than your ability to prevent.
We built an entire industry around the wrong word.
Immutability is a property of the data. It says nothing about the system that holds it.
When a vendor says data trust, ask them to define it in writing or treat the term as marketing.
If ransomware hit you, your identity system was serving the attacker long before the ransom note.
AI captures the polite nod with perfect fidelity, and a polite nod is not signal.
Whether the dangerous model is real or a hoax, the work in front of you is identical, so do it before you become a headline.
AI doesn't change which drivers are bad. It hands them faster cars and takes the governor off.
The world let one US federal agency hold infrastructure critical to the entire internet and never planned for the day the politics moved.
Gartner isn't measuring agentic AI, it's measuring what most CIOs are doing wrong.
An AI agent is a new category of principal, and naming it wrong is how you govern it wrong.
The survey said the workers were sabotaging AI. It also said the executives knew the program was theater. Read the numbers together.
Exposure management only works when you respect the people who actually fix things.
Your pilot didn't fail. You don't know how to operate it, so it never shipped.
In a market where models change weekly and prices change monthly, the cheapest insurance you can buy is the ability to swap any component out.
Saving a thousand people five minutes a day saves nothing you can measure or defend.
Your AI gives the same wrong answer every time because you engineered the reasoning out of it.
Your chatbot is ordering Big Macs and writing Python, and nobody owns the part of the program that was supposed to stop it.
NIST finally treats DNS as a control surface and the marketing machine instantly turned a measured reframe into a seven-figure religion.
AI interprets everything as potential instruction, and that is exactly what an attacker needs.
CISOs don't fall because of the breach. They fall because of what they said about it, and what they never wrote down.
The SEC dropping the SolarWinds case against its CISO wasn't a victory for security leaders. It was a warning.
Competence protects the company. Contracts protect you. Build the survival contract before the breach, not after.
Anything with "Ops" in the name needs an operating model to be real, and DataOps doesn't have one.
Your access model was built for static, human identity, and that assumption is now dangerously wrong.
Fix the data your next AI use case needs, learn what it teaches you, and let the business decide where to invest from there.
Security is not about doing everything, it is about doing the right things well.
Calling yourself AI infrastructure because you store the data AI uses is like calling yourself a chef because you own a refrigerator.
Most companies selling post-quantum encryption are selling fear of a future problem to fund their present valuations.
2026 is the year the market finally learns to tell the experts from the snake oil.
The only employee metric that matters in an AI world is the one your competency frameworks don't measure.
Why fungibility beats convergence in 2026.
AI is not the reason companies are cutting headcount, it is the cover story they were waiting for.
SOC 2 certifies that a vendor can run code securely. It says nothing about whether the code is secure.
Identity ownership is the defining battle of 2026 and almost nobody is talking about who actually owns the thing being faked.
Rolling back telco cybersecurity rules after the largest telecom breach in history is regulatory capture in its purest form.
Continuous Threat Exposure Management offers real value, but only if you cut through the marketing and demand proof.
The bad actors made AI feel invasive, and now everyone operates under stricter rules.
Privacy as a fundamental human right is not a constraint on AI innovation, it's a competitive moat.