{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"AI Governance Gets Real Only After Deployment","url":"/articles/2026-04-24-ai-governance-gets-real-only-after-deployment/","date":"2026-04-24","summary":"The industry still talks about AI governance like the hardest part is agreeing on principles before launch. Recent work from NIST and OpenAI points to a different reality: the …"},{"title":"Compliance Gets Better When Regulators Ship Tools Instead of Slogans","url":"/articles/2026-04-24-compliance-gets-better-when-regulators-ship-tools-instead-of-slogans/","date":"2026-04-24","summary":"A lot of compliance guidance dies as slideware because it explains principles without changing the operator\u0026rsquo;s daily work. The more interesting recent GRC signal is that …"},{"title":"Why Visibility Is Becoming a Hardware Security Problem","url":"/articles/2026-04-24-why-visibility-is-becoming-a-hardware-security-problem/","date":"2026-04-24","summary":"Security teams still talk about hardware trust like it is a procurement checkbox, but recent NIST guidance points to a more embarrassing reality: many organizations are defending …"},{"title":"Why AI Governance Frameworks Are Security Theater","url":"/articles/2026-04-20-ai-governance-security-theater/","date":"2026-04-20","summary":"Why AI Governance Frameworks Are Security Theater Most enterprise AI governance frameworks are elaborate exercises in checkbox compliance that miss the actual risks. They\u0026rsquo;re …"},{"title":"The SOC 2 Compliance Cargo Cult","url":"/articles/2026-04-18-soc2-compliance-cargo-cult/","date":"2026-04-18","summary":"The SOC 2 Compliance Cargo Cult SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed …"},{"title":"When Zero Trust Meets Reality","url":"/articles/2026-04-15-zero-trust-meets-reality/","date":"2026-04-15","summary":"When Zero Trust Meets Reality Zero Trust promises to solve network security by eliminating trust assumptions. The marketing pitch is compelling: assume breach, verify everything, …"}],"news":[{"title":"EDPB Sharpens Research Guidance and Speeds Up Anonymisation Work","url":"/news/2026-04-16-edpb-brings-clarity-to-data-processing-for-scientific-research-speeds-up-the-finalisation-of-the-anonymisation-guidelines-and-approves-first-european-data-protection-seal-as-a-tool-for-transfers/","date":"2026-04-16","summary":"Summary: EDPB used its April plenary to tighten guidance on scientific-research processing, accelerate anonymisation work, and approve a new certification …"},{"title":"NIST Publishes Hardware Security White Paper on Firmware-Based Monitoring","url":"/news/2026-04-15-nist-publishes-hardware-security-white-paper-on-firmware-based-monitoring/","date":"2026-04-15","summary":"Summary: NIST published Cybersecurity White Paper 52, \u0026ldquo;Firmware-Based Monitoring for Bus-Based Computer Systems,\u0026rdquo; on April 15, 2026. The paper …"},{"title":"FTC Targets Noncompete Agreements in Pest Control Enforcement Action","url":"/news/2026-04-15-ftc-takes-action-against-noncompete-agreements-securing-protections-for-workers/","date":"2026-04-15","summary":"Summary: The FTC ordered Rollins to stop enforcing noncompete agreements against thousands of workers and paired the action with warning letters to other …"},{"title":"NIST Updates NVD Operations to Address Record CVE Growth","url":"/news/2026-04-15-nist-updates-nvd-operations-to-address-record-cve-growth/","date":"2026-04-15","summary":"Summary: NIST is changing NVD operations to keep up with record CVE volume, signaling that vulnerability teams should expect continued prioritization pressure …"},{"title":"FTC Bars Forever Living From Deceptive Earnings Claims","url":"/news/2026-04-14-ftc-order-to-prohibit-forever-living-and-its-operators-from-deceiving-consumers-about-potential-earnings/","date":"2026-04-14","summary":"Summary: The FTC settled with Forever Living and its operators, permanently barring deceptive earnings claims and reinforcing that consumer-protection …"},{"title":"EDPB Annual Report 2025 Highlights the Board's Enforcement Priorities","url":"/news/2026-04-09-edpb-annual-report-2025-supporting-stakeholders-through-guidance-and-dialogue/","date":"2026-04-09","summary":"Summary: EDPB\u0026rsquo;s 2025 annual report summarizes the board\u0026rsquo;s guidance, coordination, and enforcement priorities, giving privacy teams a better read on …"},{"title":"OpenAI Opens Applications for a Safety Fellowship Focused on Alignment Research","url":"/news/2026-04-06-openai-opens-applications-for-a-safety-fellowship-focused-on-alignment-research/","date":"2026-04-06","summary":"Summary: OpenAI announced the OpenAI Safety Fellowship on April 6, 2026, describing it as a pilot program for external researchers, engineers, and practitioners …"},{"title":"EDPB Publishes One-Stop-Shop Digest on Legitimate Interest","url":"/news/2026-03-26-one-stop-shop-case-digest-on-the-legal-basis-of-legitimate-interest/","date":"2026-03-26","summary":"Summary: EDPB published a digest of one-stop-shop decisions on legitimate interest, giving privacy teams a clearer signal on how regulators are testing …"},{"title":"EDPB conference on cross-regulatory cooperation: what we learned","url":"/news/2026-03-24-edpb-conference-on-cross-regulatory-cooperation-what-we-learned/","date":"2026-03-24","summary":"Summary: EDPB used its March conference to press for deeper coordination between privacy regulators and adjacent EU authorities, signaling that cross-regulatory …"},{"title":"NIST Releases CSF 2.0 Quick-Start Guides for ERM and Informative References","url":"/news/2026-03-23-nist-releases-csf-2-0-quick-start-guides-for-erm-and-informative-references/","date":"2026-03-23","summary":"Summary: NIST announced two Cybersecurity Framework 2.0 quick-start guide updates on March 23, 2026. The agency released the final SP 1308 guide on connecting …"}]}