We only publish what we can defend in a vendor meeting. Every claim carries an ID, a review date, and a verdict you can check.
- Our ledger177
- Holding165
- Partial06
- Not holding06
- Industry claims tracked26
- Last reviewtoday
Quiet — no verdict transitions in the last 30 days. See the ledger →
Agent Mode AI — claim-tracked agentic AI analysis
Prompt injection just crossed the RCE threshold: what the May 2026 Semantic Kernel and MCP CVEs mean for enterprise AI agent frameworks
Microsoft Security Response Center disclosed two Semantic Kernel CVEs on 7 May 2026 in which a single attacker-controlled prompt resolves to host-level code execution. The same week, OX Security published a configuration-to-command path in Anthropic's MCP STDIO interface that traverses every published MCP server implementation. Windsurf 1.9544.26 carries a separate prompt-injection-to-MCP-registration path that automatically installs a malicious server with no user interaction. Three independently-disclosed CVE classes in a single fortnight, all at the framework layer rather than the deployment layer, are not a coincidence. They map a structural property of how 2026 agent frameworks treat tool-configuration data, and the operational implication for enterprise architecture is larger than any single patch.
27 years enterprise IT operations. Global organisation. Major incidents. Editorially independent.
- 106pieces
- 177tracked claims
- 14public retractions
The Enterprise Agentic Governance Benchmark. Six dimensions, scored 0–100. Free 5-minute web diagnostic; 30–45 minute Excel for governance groups.
Recently reviewed
Three claims most recently re-tested against their primary sources. Status changes log to the corrections page; nothing quietly vanishes.
- AM-133HoldingQ3 2026 Claim Review Bulletin: which claims moved, which held, and what the EU AI Act enforcement window did to the corpusReviewed 30 Jul 2026Read article →
- OPS-069HoldingWhy small-firm AI pilots fail differently than enterprise pilots: reading the MIT 95% number from a 10-person agencyReviewed 17 May 2026Read article →
- OPS-068HoldingThe solopreneur AI stack in mid-2026: 12 categories consolidation is collapsing into your Claude or ChatGPT subscriptionReviewed 17 May 2026Read article →
Why this publication has a ledger
Most AI commentary gets paid for being loud about what's new. Almost none gets measured on whether what it said last quarter still holds this one. That is the gap this publication exists to close. Every published argument carries an ID, a review date, and one of three verdicts — Holding, Partial, or Not holding — that updates over time as evidence accumulates. The verdict log is the product.
When a claim stops holding, the page says so. The original sentence stays visible. The correction is dated and appended. Nothing is quietly removed. You do not need to trust the author to trust the verdicts — the receipts are public, on a 30–90 day review rhythm, and the corrections record is permanent.
Two registers
Same Holding-up disciplineMid-market and large enterprise. Procurement, governance, EU AI Act, multi-vendor agentic stacks. 30–90 day claim review cadence.
No IT department. Practitioner-advisory voice; faster 30–45 day cadence. Tools, vendor red flags, hours-per-week evaluation budgets.
Topic pillars
Five clusters- 2 articlesNon-human identity
How enterprise IT manages AI agents as first-class identities — lifecycle, credentials, procurement clauses, audit.
- 29 articlesAgent procurement
The contracts, SLAs, and evaluation criteria that distinguish agentic-AI procurement from SaaS procurement.
- 2 articlesShadow AI discovery
Detecting unauthorised agentic-AI deployments inside the enterprise — telemetry patterns, inventory methods, policy response.
- 48 articlesAgentic AI governance
Governance frameworks, oversight patterns, and compliance postures for enterprise agentic-AI deployment.
- 18 articlesEnterprise AI cost
Verifying, tracking, and challenging the ROI claims vendors and analysts make about enterprise agentic AI.
Editor's picks
One per topic cluster- Governance90 days to EU AI Act enforcement: what the corpus says enterprises still haven't done
- Cost economicsThe hidden costs of agentic AI: a CFO's guide to true TCO and ROI modeling
- SecurityClaude Mythos: what 'too dangerous to release' means for your risk appetite and cyber posture
- ArchitectureNon-human identity for AI agents: the 2026 IAM playbook
- StrategyWhy 88% of agentic AI deployments fail
Latest pieces
Full archive →Storm-0558 and the structural risk in AI agent credentials
The Cyber Safety Review Board's April 2024 report on the Storm-0558 intrusion catalogued the credential-management practices that produced the breach: a four-year-old signing key past its rotation policy, an environment boundary that did not enforce its own separation, a crash-dump leak that the existing detection tooling could not see, and a corporate account compromise that completed the chain. Read it forward, not backward: those same four practices describe how most enterprises are storing AI agent credentials in 2026. Storm-0558 was a forward indicator for the structural risk in non-human identity, not a one-off Microsoft incident.
The Energy Bill Nobody Budgeted For
Nvidia says agentic AI may need up to a thousand times the compute of a chatbot. The credible enterprise range is 10x to 100x by 2030. Even the floor of that range absorbs the renewable headroom the energy transition depends on, and almost no enterprise AI roadmap is pricing it.
Single-agent or multi-agent: what the 2026 deployment record actually says
The 2025–2026 deployment record shows single-agent architectures win on accuracy, cost, and MTTD below roughly 12 tool-domains. Multi-agent only pays back above that threshold, and only when inter-agent state is bounded by a shared structured artifact.
Public-sector agentic AI procurement: what the GSA and EU records show
Federal and EU member-state agentic AI contract records show renewals running materially below the enterprise SaaS benchmark. The driver is not technical performance but audit-evidence completeness under OMB M-24-10 §5 and EU AI Act Article 12. The procurement implication is structural.
Enterprise agentic AI in Q2 2026: what shipped, what slipped, what held
Of 8 major enterprise agentic AI vendor claims from Q1 2026, a minority are Holding at 90-day review. The pattern that predicts durability is not vendor size. It is whether the ROI evidence came from a customer or from the vendor itself.
Agentic AI in legal services: what survives the billable-hour decomposition
Three of the six billable-hour sub-tasks capture durable value with agentic AI. Two increase malpractice risk vs a junior-associate equivalent at the same time-to-delivery. One is bounded by conduct rules, not technology. The evidence from AmLaw 100 deployments now allows a clear-eyed breakdown.
The agent fan-out problem: when one prompt becomes 400 LLM calls
Production agentic systems amplify a single user request into dozens or hundreds of internal LLM calls. Most enterprise unit-economics, latency budgets, and observability setups are still priced for 1:1.
The split verdict: GPT-5.5 vs Claude Opus 4.7 and why CIOs need two models, not one
Anthropic shipped Claude Opus 4.7 on 16 Apr 2026; OpenAI shipped GPT-5.5 seven days later. Both vendors claim leadership. Neither model wins everything. The procurement question for 2026 is not which one to standardise on, because the evaluation evidence does not support a single-model answer for any enterprise running both agentic-coding workloads and knowledge-work workloads. The two-year procurement decision is whether to plan the routing or accept the tax of pretending it does not exist.
Browse by topic pillar
Five strategic pillarsComing next
Peter's editorial calendar — honest dates, bumped-with-notes if missed.- Week 1726 Apr 2026Non-human identity — the first procurement question CIOs aren't asking yet
Every enterprise agent deployment passes through a credential. Most teams still hand the agent a human's credential. Naming the NHI gap is the next Q2 procurement conversation.
- Week 1803 May 2026Shadow agent sprawl — what telemetry catches and what it misses
The browser-as-agent-runtime pattern creates a detection gap that MDM/CASB don't see. What the first wave of shadow-AI discovery tools actually find, and the three categories they miss.
- Week 1910 May 2026The AI agent MSA — four clauses every enterprise contract needs by August
EU AI Act enforcement activates 2 Aug 2026. The clauses that survive legal review in the next quarter will be the ones that don't pretend the agent is conventional SaaS.