AppSec
Control failure, proof, and review surfaces
Start where runtime behavior, approval, and evidence quality can be measured.
CAISI
Independent research, field notes, and frameworks on AI-assisted software delivery.
CAISI / AI-assisted software delivery
Your team is rolling out coding agents. Security is asking what they can touch.
CAISI studies how AI-assisted engineering workflows gain authority across code, CI/CD, tools, credentials, approvals, and evidence. The work is written for AppSec, security leadership, engineering, and platform teams that need practical answers without overstating what the evidence proves.
Role routes
Choose the path that matches the question on the table
CISO / Security leadership
Approval posture, risk ownership, and auditability
Start where leadership needs a defensible story for risk, audit, and board review.
Engineering / Platform
Reliable delivery before scale
Start where repo standards, CI/CD control, workflow ownership, and developer adoption become reusable engineering work.
GRC / Audit
Evidence that survives outside the tool UI
Start where proof packets, approval records, validation, and re-review triggers need to hold up after the rollout.
Practical rollout questions
The category starts with ordinary rollout pressure
Most teams do not begin by asking for AI Software Delivery Control. They begin with a rollout, audit, platform, or credential question that needs a concrete answer.
We are rolling out coding agents and security is nervous.
Map the first Agent Action BOM for the workflows that can write, call tools, trigger CI/CD, or touch secrets.
We need audit evidence for AI-assisted SDLC.
Define the proof packet before rollout: actor, owner, credential, action, target, approval, validation, and outcome.
We need approvals for risky actions, not every prompt.
Classify actions as allowed, approval-required, or blocked so review sits where authority changes state.
We do not know what MCP tools can reach.
Treat MCP declarations, tool calls, and invocation context as part of the delivery boundary.
We do not want long-lived credentials in agent workflows.
Map tokens, service accounts, OAuth grants, CI secrets, and inherited identities to the action paths they enable.
AI tools now hold authority, not just context.
Review OAuth grants, tokens, and connected-tool permissions by the actions they can perform.
Agent social engineering can become action hijacking.
Map skills, MCP servers, agent configs, exposed endpoints, and tool declarations as action paths.
Output rose, but review capacity did not.
Define evidence that lets security, platform, audit, or leadership defend the action later.
Frameworks
Start with the artifact, then follow the control path
CAISI uses AI Software Delivery Control as the working language after the practical problem is clear: AI-assisted workflows are becoming actors in software delivery. The old review model cannot carry the whole control burden unless teams add visibility, validation, governance, and proof.
Guide
Rolling out coding agents? Start with security review
A practical first-review path for mapping action authority, credentials, tool reach, approvals, and proof.
Reference
Audit evidence for AI-assisted SDLC
A proof-packet model for actor, owner, credential, action, target, approval, validation, and outcome.
Reference
Approve actions, not prompts
A practical approval model for allowing, holding, or blocking actions at the execution boundary.
Reference
What is an Agent Action BOM?
The practical artifact for mapping actor, owner, repo, workflow, credential, reachable actions, targets, approval, and proof.
Guide
How to secure AI coding agents in CI/CD
A concrete control guide for GitHub Actions, CI/CD workflows, credentials, approval, and proof trails.
Reference
MCP tool risk in AI engineering workflows
A practical guide for mapping tool reach, invocation context, approval triggers, and proof fields.
Reference
Long-lived credentials in AI agent workflows
A practical guide for reducing standing-token risk across agents, CI/CD, tools, and release paths.
Field note
Suggestions are becoming actions
Why the missing artifact is an Agent Action BOM, not another generic AI inventory.
Field note
Action hijacking
Why skills, MCP servers, agent configs, and exposed endpoints belong in the software delivery action graph.
Research
Published reports and archives
The research hub is the canonical entry point for report pages, methodology, and artifact-backed findings.
Published report
OpenClaw 2026: governed vs ungoverned agent behavior in a controlled run
A controlled comparison showing what changes when the system moves from prompt-only constraints to enforceable tool-boundary control with evidence capture.
Published report
AI Tool and Agent Sprawl 2026
A locked 250-target publication cohort showing that public AI and agent adoption is easy to detect, but approved, bound, and well-evidenced use is much harder to prove.
Field notes
Current interpretation and operating notes
Use field notes when you need the interpretation layer behind the research: rollout pressure, approval packets, repo contracts, boundaries, pilots, and proof.
Executive adoption series
From AI Pilots to Governed Adoption
Five posts on platform standards, sanctioned pathways, approval discipline, and how leaders move from AI pilots to governed use.
Framework series
AI Engineering Operating Notes
A 10-part framework on repo contracts, orchestration, isolation, evaluation, proof, and maturity.
Benchmark series
How to Evaluate Agentic Control
Five posts on risk scenarios, control efficacy, proof completeness, and pilot evaluation language for evaluators.
About
Research that can be checked
CAISI stands for the Centre for AI Security and Integrity. It publishes open research and operator field notes on governing AI-assisted software delivery.
Every headline claim maps to published artifacts, deterministic queries, and explicit scope limits. The point is to make AI agent control measurable enough for security, engineering, and platform teams to act on.
Team
CAISI contributors
Contact
Get in touch
For research questions, publication inquiries, or collaboration around reproducible AI governance work: david@caisi.dev