David Wolf · Portfolio Use Case
A practical AI product-security framework for agentic systems, governance evidence, excessive agency, RAG authorization, and continuous threat modeling.
Created a flagship AI product-security framework explaining how agentic AI changes the product-security operating model: inventory becomes the first control, threat modeling becomes continuous, prompt injection becomes a product-security bug, excessive agency becomes the new overprivileged service account, RAG becomes an authorization system, and governance must produce evidence without killing delivery velocity.
Client
AI Security LLC / Independent Research
Engagement Type
Research Product
Period
2026
Role
Author / AI Product Security Architect
Focus Areas
AI Product Security, Agentic AI Threat Modeling, Prompt Injection as Product Security
The Context
AI product security is becoming a product requirement, not an optional research topic. Agentic systems retrieve context, call tools, make decisions, and create runtime behavior that traditional AppSec programs were not designed to govern. Mythos was written to explain that shift in language product and security leaders can act on.
The Challenge
The hardest part was avoiding another generic AI security checklist. The framework needed to explain why AI changes the product-security operating model and then translate that into concrete controls: inventory, threat modeling, permissions, tool reach, context authorization, supply chain, evidence, and execution.
What I Did
The Outcome
The result is a reusable flagship asset for AI product-security advisory work. It supports portfolio storytelling, consulting offers, executive education, control-plane design, assessment work, and job-market positioning around AI security leadership.
5
Major framework arcs: Mythos Moment, AI Product Security Control Plane, Evidence and Governance, Execution Kit, and supporting templates
Control
Domains include inventory, continuous threat modeling, prompt injection, excessive agency, RAG authorization, AI supply chain, evidence metrics, and governance velocity
As
A flagship research asset, consulting artifact, portfolio case study, and executive briefing foundation
Key Deliverables
Collaboration
The project was developed as an independent research and portfolio asset, synthesizing product security, AI governance, agentic workflow security, executive advisory, and practical secure SDLC experience into a coherent framework that can support client conversations, job interviews, advisory work, and public thought leadership.
Client
AI Security LLC / Independent Research
Engagement Type
Research Product
Period
2026
Role
Author / AI Product Security Architect
Focus Areas
AI Product Security, Agentic AI Threat Modeling, Prompt Injection as Product Security
The Context
AI product security is becoming a product requirement, not an optional research topic. Agentic systems retrieve context, call tools, make decisions, and create runtime behavior that traditional AppSec programs were not designed to govern. Mythos was written to explain that shift in language product and security leaders can act on.
The Challenge
The hardest part was avoiding another generic AI security checklist. The framework needed to explain why AI changes the product-security operating model and then translate that into concrete controls: inventory, threat modeling, permissions, tool reach, context authorization, supply chain, evidence, and execution.
What I Did
The Outcome
The result is a reusable flagship asset for AI product-security advisory work. It supports portfolio storytelling, consulting offers, executive education, control-plane design, assessment work, and job-market positioning around AI security leadership.
5
Major framework arcs: Mythos Moment, AI Product Security Control Plane, Evidence and Governance, Execution Kit, and supporting templates
Control
Domains include inventory, continuous threat modeling, prompt injection, excessive agency, RAG authorization, AI supply chain, evidence metrics, and governance velocity
As
A flagship research asset, consulting artifact, portfolio case study, and executive briefing foundation
Key Deliverables
Collaboration
The project was developed as an independent research and portfolio asset, synthesizing product security, AI governance, agentic workflow security, executive advisory, and practical secure SDLC experience into a coherent framework that can support client conversations, job interviews, advisory work, and public thought leadership.
At a Glance
Focus Areas
Tools & Technologies
Evidence & Artifacts
Public-Safe Caveat
This case study describes an independent research and thought-leadership asset created for public use. It does not disclose confidential client data. Any examples should remain generalized unless separately approved for public attribution.
David Wolf
AI Security · Product Security · Security Leadership
Based on analyzed public signals, not proof of any individual's or company's internal state.
