// COMPANY BLOG

Engineering, architecture,
and the AI governance stack.

Writeups from the team building Themisto Labs. Architecture decisions, category thinking, and the failure modes we design around.

AI AgentsAI GovernanceEnterprise Risk

The Rise of AI Agents Creates a New Governance Problem

AI agents combine data access, decision-making, and execution. That autonomy breaks governance models built around discrete actions performed by identifiable human users.

Akshat Pathak·June 12, 2026·3 MIN READ
Audit TrailsAI GovernanceCompliance

The Audit Trail Problem: Why Most Companies Cannot Prove What Data Their AI Touched

Most organizations cannot reconstruct which employees shared what data with which AI models. Closing that audit gap is becoming a prerequisite for credible AI governance.

Akshat Pathak·June 12, 2026·3 MIN READ
Endpoint SecurityAI GovernanceArchitecture

Why AI Governance Is Following the Same Path as Endpoint Security

Existing controls each see only part of enterprise AI activity. Like endpoint security before it, AI governance is moving toward the device where identity, process, and data context converge.

Akshat Pathak·June 12, 2026·3 MIN READ
Shadow AIBoard RiskAI Governance

Shadow AI Is Becoming a Board-Level Risk

AI adoption has moved beyond productivity experiments. Boards now need evidence that enterprise AI usage is visible, auditable, and aligned with the organization's risk appetite.

Akshat Pathak·June 12, 2026·3 MIN READ
Data Loss PreventionAI SecurityArchitecture

Why Traditional DLP Struggles With AI

Traditional DLP was built to inspect files and attachments. AI moves sensitive information through prompts, conversations, APIs, and workflows that no longer resemble document transfers.

Akshat Pathak·June 12, 2026·3 MIN READ
IncidentShadow AIOAuthSupply Chain

Vercel Got Breached Because an AI Startup Employee Downloaded a Roblox Cheat

The April 20 Vercel hack has a one-sentence summary: an infostealer on one laptop at a tiny AI vendor became an OAuth skeleton key into a platform that ships half of DeFi's frontends. Here is how Context.ai, Lumma Stealer, ShinyHunters, and a Google Workspace OAuth grant chained together, and why shadow AI is now a board-level word.

Aryan Kudtarkar·April 20, 2026·8 MIN READ
AI SecurityArchitectureFundamentals

What is AI Traffic Governance? A Technical Primer

AI traffic governance is the emerging category for controlling the unmanaged flood of LLM requests leaving enterprise endpoints. Here is what it means, why existing tools miss it, and how we are thinking about the architecture.

Aryan Kudtarkar·April 15, 2026·8 MIN READ
Shadow AIEnterprise RiskCISO

Shadow AI: The Problem Security Teams Are Quietly Dealing With

Shadow AI is the gap between what employees are doing with LLMs and what security teams can see. The controls that closed shadow SaaS do not close this one, and the structural reasons why are worth understanding before buying anything.

Aryan Kudtarkar·April 2, 2026·6 MIN READ
ArchitectureCryptographyZero Trust

mTLS for AI Proxies: Building Zero-Trust at the Process Layer

When an AI governance proxy sits in the path of every outbound model request, it becomes the most valuable target on the machine. This is the cryptographic design we chose and why bearer tokens were never going to be enough.

Akshat Pathak·March 20, 2026·10 MIN READ
IncidentsData Loss PreventionEnterprise AI

5 Ways Enterprise Data Leaks Through AI Tools (And How to Stop It)

Enterprise AI data leaks tend to take a small number of recognizable shapes. Each has a documented cause and each has a specific control that catches it. Here are the five patterns we designed Themisto Labs around.

Aryan Kudtarkar·March 5, 2026·7 MIN READ