Engineering, architecture,
and the AI governance stack.
Writeups from the team building Themisto Labs. Architecture decisions, category thinking, and the failure modes we design around.
Vercel Got Breached Because an AI Startup Employee Downloaded a Roblox Cheat
The April 20 Vercel hack has a one-sentence summary: an infostealer on one laptop at a tiny AI vendor became an OAuth skeleton key into a platform that ships half of DeFi's frontends. Here is how Context.ai, Lumma Stealer, ShinyHunters, and a Google Workspace OAuth grant chained together, and why shadow AI is now a board-level word.
What is AI Traffic Governance? A Technical Primer
AI traffic governance is the emerging category for controlling the unmanaged flood of LLM requests leaving enterprise endpoints. Here is what it means, why existing tools miss it, and how we are thinking about the architecture.
Shadow AI: The Problem Security Teams Are Quietly Dealing With
Shadow AI is the gap between what employees are doing with LLMs and what security teams can see. The controls that closed shadow SaaS do not close this one, and the structural reasons why are worth understanding before buying anything.
mTLS for AI Proxies: Building Zero-Trust at the Process Layer
When an AI governance proxy sits in the path of every outbound model request, it becomes the most valuable target on the machine. This is the cryptographic design we chose and why bearer tokens were never going to be enough.
5 Ways Enterprise Data Leaks Through AI Tools (And How to Stop It)
Enterprise AI data leaks tend to take a small number of recognizable shapes. Each has a documented cause and each has a specific control that catches it. Here are the five patterns we designed Themisto Labs around.