The 2024-2025 incident wave has a pattern most discussions are missing.
Every disclosed AI security incident in the last eighteen months has the same shape: an agent had legitimate access to a system, was prompted in an unexpected way, and acted on that prompt. EchoLeak. ForcedLeak. Slack AI. Cursor AI. Microsoft Copilot. The agent did exactly what it was told. The problem was that the instructions did not come from the user the agent thought they came from.
This is no longer a model-quality problem. The model performed correctly. The gap is between "the model decided" and "the action fired." That gap is where the next decade of enterprise risk lives.
Detection tells you what already happened. Observability tells you what is happening. The control plane that decides whether the action fires - before it does - is what is missing from the typical enterprise AI stack.
That is the layer NukonAI™ is building.
We will publish a chronological vulnerability log on the Reading Room with our take on each disclosure - what failed, what enforcement would have stopped it, and what the framework clauses say about it.