LoginGet a Demo
Author

Chris Hughes

Chris Hughes is the VP of Security Strategy at Zenity, where he drives the company's mission to establish agentic AI security as the defining challenge of the modern enterprise. With over 20 years of cybersecurity experience spanning the Department of Defense, Federal Government, and commercial organizations, Chris has held roles including CISO, Security Engineer, and Security Architect, giving him a practitioner's perspective on the real-world challenges security teams face as AI transforms the threat landscape.

Chris is the author of multiple books, including Software Transparency, Effective Vulnerability Management, and Securing Agentic AI, and is a frequent speaker at industry conferences on topics ranging from AI security to application security and supply chain risk. He is the founder of Resilient Cyber, a leading cybersecurity newsletter and podcast reaching tens of thousands weekly. Chris is also an OWASP Distinguished Review Board member and has contributed to industry frameworks shaping how organizations approach AI and software supply chain security.

Chris Hughes

Posts by Chris Hughes

Beyond Authorization: Why Intent-Aware Detection Is the New Control Plane for Agentic AI
Chris Hughes

Beyond Authorization: Why Intent-Aware Detection Is the New Control Plane for Agentic AI

Identity tells us an agent is allowed to act, intent tells us why it is acting. In an agentic world, only one of...

Security
Least Privilege Isn't Enough for AI Agents. You Need Least Agency.
Chris Hughes

Least Privilege Isn't Enough for AI Agents. You Need Least Agency.

Least privilege is foundational. It's been a core security principle for decades, and it's no less relevant in...

Security
System Prompts Are Not Security Controls: A Deleted Production Database Proves It
Chris Hughes

System Prompts Are Not Security Controls: A Deleted Production Database Proves It

On April 25th, a Cursor AI coding agent running Anthropic's Claude Opus 4.6, one of the most capable models in...

Current Events
After RSA, Here Is What Comprehensive Agentic AI Security Actually Looks Like
Chris Hughes

After RSA, Here Is What Comprehensive Agentic AI Security Actually Looks Like

The hype is deafening, the booths were packed, but most of what the industry is calling "agentic AI security" is...

Events
Why Soft Guardrails Get Us Hacked: The Case for Hard Boundaries in Agentic AI
Chris Hughes

Why Soft Guardrails Get Us Hacked: The Case for Hard Boundaries in Agentic AI

One recurring theme in my research and writing on agentic AI security has been the distinction between soft guardrails...

Security
Securing AI Where It Acts: Why Agents Now Define AI Risks
Chris Hughes

Securing AI Where It Acts: Why Agents Now Define AI Risks

AI agent security risks are emerging as a critical challenge in enterprise AI adoption. As agents move beyond generating...

Current Events
Governing Agentic AI: A Practical Framework for the Enterprise
Chris Hughes

Governing Agentic AI: A Practical Framework for the Enterprise

In my previous piece, "The Agentic AI Governance Blind Spot," I laid out what I believe is one of the most critical...

Security
The Agentic AI Governance Blind Spot: Why the Leading Frameworks Are Already Outdated
Chris Hughes

The Agentic AI Governance Blind Spot: Why the Leading Frameworks Are Already Outdated

Approach any security, technology and business leader and they will stress the importance of governance to you....

Security

Secure Your Agents

We’d love to chat with you about how your team can secure and govern AI Agents everywhere.

Get a Demo