Writing and advisory on AI security, AI governance, agentic identity, Zero Trust, and cloud security for financial services and the enterprise.https://www.rajpenchala.com/en-UShttps://www.rajpenchala.com/articles/ai-security-governance-enterprise/https://www.rajpenchala.com/articles/ai-security-governance-enterprise/Most enterprise AI governance stalls because it is written as policy and never wired into engineering. Here is a model that treats governance as a control plane — owned, measurable, and enforced where AI actually runs.Wed, 22 Apr 2026 00:00:00 GMTAI SecurityGovernanceEnterprise ArchitectureRiskRaj Penchalahttps://www.rajpenchala.com/articles/securing-ai-agents-agentic-workflows/https://www.rajpenchala.com/articles/securing-ai-agents-agentic-workflows/Agents turn a model from something that answers into something that acts. That single shift breaks most of the assumptions behind traditional application security. Here is a concrete threat model and a control set for agentic systems.Wed, 18 Mar 2026 00:00:00 GMTAI SecurityAI AgentsZero TrustThreat ModelingRaj Penchalahttps://www.rajpenchala.com/articles/identity-zero-trust-enterprise-ai/https://www.rajpenchala.com/articles/identity-zero-trust-enterprise-ai/AI did not introduce a new security model — it introduced a flood of new identities that the old perimeter was never designed to hold. Zero Trust is the model that scales to it. Here is how identity-first thinking applies to enterprise AI.Tue, 10 Feb 2026 00:00:00 GMTIdentityZero TrustAI SecurityEnterprise ArchitectureRaj Penchala