CPA · CISSP · CISA | Federal technology compliance: FISMA/NIST RMF, FedRAMP, CMMC, Federal AI Governance, Zero Trust. Former KPMG, BDO, Stryker. Practitioner-depth guides at josefkamara.com. Newsletter: The Authority Brief.https://bsky.app/profile/josefkamara.comhttps://bsky.app/profile/josefkamara.com/post/3mldq5o2tc32nTraditional risk matrices miss five dimensions that define agentic AI failure modes. Most security teams are still using 2019 templates to assess 2026 systems.08 May 2026 12:28 +0000at://did:plc:nhza4xaehdryso7ck3eghrni/app.bsky.feed.post/3mldq5o2tc32nhttps://bsky.app/profile/josefkamara.com/post/3ml6pkk6twz2nNYC, Colorado, and Brussels are converging on the same bias audit requirement. Most companies are building three programs when one will satisfy all three jurisdictions.06 May 2026 12:34 +0000at://did:plc:nhza4xaehdryso7ck3eghrni/app.bsky.feed.post/3ml6pkk6twz2nhttps://bsky.app/profile/josefkamara.com/post/3mkzogewh5i2jColorado's AI Act takes effect in 57 days. Most companies deploying agentic AI still treat governance like a 2024 problem.04 May 2026 12:30 +0000at://did:plc:nhza4xaehdryso7ck3eghrni/app.bsky.feed.post/3mkzogewh5i2jhttps://bsky.app/profile/josefkamara.com/post/3mks4wydsk32vMore than 80% of workers use AI tools their employers haven't approved. (UpGuard, 2024) Gartner puts 69% of organizations with documented evidence of prohibited GenAI already in use. That's shadow AI. #AIGovernance #ShadowAI01 May 2026 12:29 +0000at://did:plc:nhza4xaehdryso7ck3eghrni/app.bsky.feed.post/3mks4wydsk32vhttps://bsky.app/profile/josefkamara.com/post/3mkn3vku2mr2xYour controls didn't fail on the day of the breach. They failed months before it. IBM's 2024 report puts the mean time to identify a breach at 194 days. That's compliance drift. #GRCEngineering #CyberSecurity29 Apr 2026 12:27 +0000at://did:plc:nhza4xaehdryso7ck3eghrni/app.bsky.feed.post/3mkn3vku2mr2xhttps://bsky.app/profile/josefkamara.com/post/3mki4zxi7o42uColorado's AI Act goes into effect June 30, 2026. Most compliance teams don't know it includes a legal shield. It's called the affirmative defense. NIST AI RMF is one of the two conditions that activate it.27 Apr 2026 13:04 +0000at://did:plc:nhza4xaehdryso7ck3eghrni/app.bsky.feed.post/3mki4zxi7o42u