ChanlChanl
Blog/Security & Compliance

Security & Compliance

Browse 17 articles in security & compliance.

Security & Compliance Articles

17 articles · Page 1 of 2

Developer Building Scoped Credentials for an AI Agent on a Laptop
Security & Compliance·13 min read

How to Build Production-Safe Credentials for AI Agents

After PocketOS lost its production database to a nine-second AI agent error, here's the credential model that would have stopped it: vaults, scoping, RBAC, and boundary tests.

Read More
EU Flag and an AI Compliance Checklist for the August 2026 EU AI Act High-Risk Deadline
Security & Compliance·12 min read

The EU AI Act Deadline Is 11 Weeks Away. Your CX Agent Is Probably High-Risk

The EU AI Act's high-risk compliance deadline is August 2, 2026, just 11 weeks away. Here's what CX teams building AI agents for European markets need to have in place before then.

Read More
A clean late-evening desk, a phone resting after a call, a single line crossed out on a notepad. Calm, no triumph.
Security & Compliance·13 min read read

Build a Save-Desk Voice Agent That Won't Get You Sued

FTC click-to-cancel was vacated. State laws still bite. The cancel-first architecture, one-shot offers, and audit trail for a save-desk voice agent.

Read More
Warm clinic waiting room at golden hour. An elderly patient holds a phone gently, eyes calm. A nurse passes softly in the background. Teal and copper palette.
Security & Compliance·12 min read read

How to Build a Healthcare Appointment Voice Agent (FHIR, 270/271, HIPAA)

Most voice AI tutorials stop after hello. The real build: identity verification, FHIR slots, 270/271 eligibility, A2P SMS, escalation, with HIPAA gates intact.

Read More
A parent on the phone with a hand on a sleeping child's forehead at dawn. Quiet, attentive, calm.
Security & Compliance·12 min read

Building an AI Nurse Line Without Practicing Medicine

Health systems pay $20-30 per nurse-line call. AI is the obvious cost play, but every triage agent raises a malpractice question. Here's the safe architecture.

Read More
An ID Card Propped Against a Notebook on a Quiet Desk at Evening, Two Hands Tilting a Phone Down to Photograph It
Security & Compliance·12 min read

Build a KYC Voice Agent: 4-Minute Account Open, 5-Year Audit Log

Voice collects name, DOB, SSN. SMS hands the camera the rest. OFAC screens before the next word. Architecture of a KYC voice agent that survives a BSA exam.

Read More
Soul-style watercolor of a small-town pharmacy at dusk, a patient stepping out with a paper bag, golden-amber palette
Security & Compliance·13 min read

Build a Pharmacy Refill Voice Agent (NCPDP, DEA, 60-Second Refill)

Build a voice AI for prescription refills that respects DEA Schedule II, handles NCPDP refill-too-soon rejections, and routes the right calls to humans.

Read More
An archivist standing in a long corridor between shelves of documents, deciding whether to file or shred
Security & Compliance·14 min read read

GDPR says delete. EU AI Act says keep. Now what?

GDPR requires deletion on request. The EU AI Act requires 10-year audit trails. Here's how to architect agent memory that satisfies both simultaneously.

Read More
Layered shield diagram representing defense-in-depth security architecture for AI agents
Security & Compliance·18 min read

Your AI Agent Has No Guardrails

Air Canada honored a refund its chatbot hallucinated. DPD's bot cursed at customers on camera. One e-commerce agent approved $2.3M in unauthorized refunds at 2:47 AM. Here is the five-layer guardrail architecture that prevents all three.

Read More
Watercolor illustration of a shield intercepting data flowing between AI agent tool connections
Security & Compliance·13 min read

Every Tool Is an Injection Surface

Prompt injection moved from chat to tool calls. Anthropic, OpenAI, and Arcjet shipped defenses in the same month. Here's what changed, what works, and what your agent architecture needs now.

Read More
Watercolor illustration of a security shield protecting interconnected AI agent tool connections against a dark backdrop
Security & Compliance·16 min read read

71% of organizations aren't prepared to secure their AI agents' tools

MCP gives AI agents autonomous access to real systems — and introduces attack vectors that traditional security can't see. A technical breakdown of tool poisoning, rug pulls, cross-server shadowing, and the defense framework production teams need now.

Read More
Silhouettes of people and chairs visible through frosted glass in a modern office
Security & Compliance·16 min read

Your AI agent remembers everything — should your customers be worried?

Privacy-first memory design for AI agents: what to store, what to forget, how to give customers control, and how to stay compliant across GDPR, HIPAA, and multi-channel deployments.

Read More

Learn Agentic AI

Weekly. Patterns for shipping agents that work — MCP, scorecards, regression tests, prompts, model comparisons.

500+ builders subscribed