This repo is used to store thoughts and learnings from casework encountered at work.

What you may see: data security, AI security (including AI red teaming and AI/ML-driven security), and some cloud security topics.

What will not be covered: CVE proof-of-concepts and code vulnerability issues.

Contents


01. Case Note: Shadow AI / Shadow MCP Control Review

01-1. Case Note: External AI Usage with Supplier Data: Why Redaction Gateway Matters

02. Case Note: When API Scanning Changes Production Orders

03. Case Note: SaaS vs. Localized Deployment – Security Assessment Considerations

04. Case Note: AI Repository Access — Govern the Authority, Not the Connector


By @Celeste Huang 2026