Security

Signal over ceremony for security, GRC, and AI.
Nerdy Stuff. Tech Talk. Zero Freshness.
Analysis and commentary on GRC, security, and AI. Essays for operators and leaders who are tired of decorative governance, vendor theater, and fresh takes that were already stale on arrival.
Start with the arguments that define the site.
These are not the newest pieces. They are the ones that explain the publication fastest: one argument about security theater, one about compliance theater, and one about AI governance theater.
GRC
The SOC 2 Compliance Cargo Cult
AI
Why AI Governance Frameworks Are Security Theater
Three beats. Three clean entry points.
If you are new to the site, start with one strong essay per beat and follow the argument from there.
GRC
The SOC 2 Compliance Cargo Cult
Start with the pieces that explain how governance theater forms, then move into the essays that show where evidence, ownership, and control design actually break.
The cleanest entry point into the site’s anti-ceremony stance on compliance and control programs.
Open GRC guideSecurity
When Zero Trust Meets Reality
Read these if you want the site’s core security argument: most programs do not fail at tooling first. They fail at ownership, inventory, identity context, and operational clarity.
A foundational Spoiledlunch essay on what happens when architectural slogans meet real estates.
Open Security guideAI
Why AI Governance Frameworks Are Security Theater
Start here if you want the site’s consistent AI position: governance becomes real only once the system is deployed, observed, and capable of being challenged under live conditions.
The clearest statement of what Spoiledlunch rejects in enterprise AI governance.
Open AI guideFast briefings with context.
- Brief
SEC to Host Virtual Roundtable on Modernizing IPOs and Expanding Access to Public Markets
Summary: The Securities and Exchange Commission’s Office of the Advocate for Small Business Capital Formation and the Division of …
- Brief
Our approach to government and national security partnerships
Summary: Learn how OpenAI approaches government and national security partnerships, with principles for responsible AI use, …
- Brief
SEC Small Business Advisory Committee to Explore Modernizing Market Access
Summary: The Securities and Exchange Commission’s Small Business Capital Formation Advisory Committee announced that it will hold …
- Brief
EDPB sheds light on anonymisation and web scraping for generative AI and adopts final version of guidelines ...
Summary: Brussels, 8 July– During its latest plenary, the EDPB has adopted guidelines on anonymisation and guidelines on web …
- Brief
FTC, States Secure Settlement with Deere & Company, Advancing Farmers' Right to Repair
Summary: The Federal Trade Commission, along with five states, secured an important settlement in an antitrust lawsuit against …
No newsletters. No tracking. Just RSS.
Spoiledlunch publishes on purpose, not on a drip campaign. If you want every essay and briefing without surrendering your inbox, use the feed.
New to RSS? Learn how to get started with feed readers.
Three beats, one editorial voice.
Different domains, same standard: name the failure mode, cut through the slogans, and stay close to operational reality.
Topic 01
GRC
Governance and compliance coverage for readers who are tired of decorative control programs and evidence that proves nothing.
Explore GRCTopic 02
Security
Security analysis that starts with ownership, exposure, and operational clarity instead of buying another dashboard.
Explore SecurityTopic 03
AI
AI coverage for people who care more about deployed behavior, telemetry, and intervention than framework theater.
Explore AI