Structural Analysis

What Carlini's Zero-Day Research Reveals About the AI Security Governance Gap

Rob Kline · April 1, 2026

Your organization already maintains compliance with SP 800-53, ISO 27001, NIST CSF. These standards mandate the governance controls AI agents need. What they don't specify is how those controls operate at runtime when the actor is an autonomous agent. This analysis maps seven gaps from Carlini's research to the security mandates you already have and the structural implementation they need.

For Executive Leaders

The Execution Governance Gap in AI Agent Deployment

Every AI agent framework solves mechanism. None solves execution governance. The Intent Stack and BPM/Agent Stack …

Read brief
For BPM Practitioners

BPM's Missing Application: Why BPMN 2.0 and DMN 1.0 Are the Answer to AI Agent Governance

Every major AI agent framework shares a common structural deficiency: the absence of an execution governance layer. The …

Read brief
AI Agent Governance

When AI Models Get More Capable, Governance Gets More Important — Not Less

The 'bitter lesson' of AI says simplify everything as models improve. That's right for mechanism scaffolding. It's wrong …

Read brief