Blog
Notes on giving AI agents an email address your security and compliance teams can sign off on.
Subscribe via Herald → · RSS feed
14 July 2026
A step-by-step walkthrough of a governed mailbox blocking a misdirected send: the policy, the refusal, the audit row, and the owner's view. Every step is a passing CI test.
9 July 2026
TIC firms run on process control — accreditation to ISO/IEC 17020, 17025 and 17065 is the licence to operate. When email automation reaches the operations inbox, an assessor will want to see the controlled process behind it. Here's what a defensible answer looks like.
9 July 2026
In inspection, the inbox is the business — and one certificate to the wrong counterparty is not a productivity problem, it's a process-control failure in a firm that sells process control. Here's what an actual control looks like.
30 June 2026
OpenClaw put autonomous agents on millions of machines — then became 2026's first agent security crisis. Here's what it means for anyone about to give an AI agent an email address.
22 May 2026
Email lets anyone put input in front of your software. Before an AI agent gets an inbox, here are the questions a security or compliance reviewer should ask.
22 May 2026
Putting an AI agent on email creates a new flow of personal data. Here's where it goes under GDPR — international transfers, processors, and the questions your DPO will ask.
22 May 2026
Prompt injection isn't only a model problem — for an AI agent on email it's an ingestion problem, and ingestion problems have known controls.