NukonAINukonAI™

AI Security Reading Room

Field notes.

Articles, vulnerability disclosures, compliance reading, and open-source notes from the Veto Protocol team.

AllArticlesVulnerability DisclosuresCompliance Reading RoomOpen Source
Why we built
Founder Notes

Why we built NukonAI™

Founder note on what made the gap obvious and why a runtime-governance company was the right thing to build.

Akhil10 May 20264 min
The action gap:
Runtime Governance

The action gap: why observability is not enough

Observability tells you what already broke. Runtime governance is the layer that decides whether the action fires at all.

Akhil08 May 20265 min
What the DPDP
ComplianceDPDP

What the DPDP Act means for enterprise AI agents in India

The DPDP Act is now binding. Here is the short list of clauses that change how you deploy AI agents in India.

Akhil06 May 20266 min
The AI vulnerability
AI SecurityField Notes

The AI vulnerability storm is already here

EchoLeak, ForcedLeak, Slack AI, Cursor AI - the failure pattern is no longer model quality. It is action authorization. A field note.

Akhil22 Apr 20267 min

More from the reading room

EchoLeak: indirect prompt
VulnerabilityIndirect Injection

EchoLeak: indirect prompt injection through email metadata

The EchoLeak class of indirect injection turns email metadata into an attack surface. Runtime gating on tool calls is the only mitigation that holds.

Akhil15 Apr 20265 min
EU AI Act
EU AI ActCompliance

EU AI Act for builders: the four obligations that touch your runtime

Most EU AI Act content is about classification. This is about the four obligations that show up in your inference path.

Akhil04 Apr 20268 min