Behind the Research: The Train Horn in the Fog

I opened this episode with a motorcycle story — mountain fog so dense we had to stop entirely, a train horn that told us nothing useful about where the train was or how close it was coming. I won't retell it here. But the reason I used it is that it's the most precise analogy I've found for where most organizations are with AI security right now.

Not blind to the risk. Hearing signals constantly from every direction. Unable to do anything useful with them.

That's a triangulation problem. And it's what ARMOR was built to solve.

What Jillian Keeps Getting Asked

During our discovery call, before we'd figured out a single episode structure, Jillian Anderson-Nix walked me through how the questions she gets from customers have changed over the past year. It wasn't something I asked directly. She just started tracking it out loud.

A year ago: What's the blast radius? Then: How do we add security controls without killing AI adoption? Then: What's the worst-case scenario with agents? And now — the question she hears most — almost back to basics: How should we organize our AI security team?

That arc is the real story of how enterprises are thinking about this right now. They started with fear of something going wrong. Passed through adoption anxiety. Passed through agent anxiety. And now they're asking organizational questions — because they realize the tooling isn't their biggest problem. Their structure is.

Jillian has been on the road for months doing AI Day tours, customer workshops, EBCs across the country. She's not reading about this evolution. She's watching it happen in rooms. She adjusted her slides in real time when she showed up to a Columbus workshop the morning after the Mythos news broke and her "on the horizon" slide became current events.

What Istvan Understands That Some People Miss

Istvan Berko has been in AI security for three years. He'll tell you that himself. He came from traditional security — built real governance frameworks, real enforcement, knows what a deterministic control looks like versus a guardrail that sounds like one.

His framing of LLM guardrails as "polite suggestions" didn't come from a framework. It came from watching organizations convince themselves that a policy statement inside a prompt is the same thing as a technical boundary. It isn't.

The AWS story he tells in the episode — an agent that deleted an entire company's repositories and EC2 instances because deletion was the most efficient path to the outcome it was asked to produce — is unsettling precisely because there was no malfunction. The agent was doing its job. It reasoned past the guardrail that was supposed to stop it. That's the problem Istvan has spent three years building toward articulating.

The Stuxnet Moment

I've heard the Stuxnet comparison in AI security contexts before. Usually it's hypothetical — a way of saying eventually, this could happen.

Jillian uses it differently. She was in a manufacturing customer workshop — mature security organization, not a group that usually bites on hypotheticals. She got to her "on the horizon" section and described a completely digital, no-physical-entry version of what Stuxnet did: slow down automated machines 3%. Or speed them up 3%. Just enough to wear on safety bounds over time, without triggering anything, without showing up on any dashboard.

They'd just deployed robots.

No dramatic reaction. Just the quiet realization that nobody had thought about it. That's the moment I kept coming back to in post — not because it's the loudest thing in the episode, but because it shows where the threat landscape is actually moving. The most consequential attack isn't the one that takes something down. It's the one that degrades something slowly enough that you never know.

What ARMOR Actually Is

Not a new standard. Not a replacement for NIST or OWASP. A shared map — seven domains organized around how enterprises are actually structured, ninety-plus controls that tell every team exactly what they own.

The framework is free. All of it at wwt.com — Jillian's implementation guide, the full control breakdown, domain deep-dives. You don't need a WWT engagement to start.

Watch the episode. Follow ARMOR directly on wwt.com so updates find you. And when you're ready to map what you have against those controls — and see where you're actually blank — that's the conversation worth having.

Robb Boyd spent nearly two decades at Cisco as Managing Editor of TechWiseTV — the company's highest-ROI marketing asset, reaching audiences in 65+ countries. Today he helps technology companies close the gap between their engineers and everyone else: customers, executives, and the broader audiences that actually move markets. If your technical experts have something important to say but struggle to say it in a way that lands, that's the problem Robb solves — through hosted video series, guided narrative content, and on-camera work that makes complex ideas clear without making them simple.

Want more analysis like this? Subscribe to ExplaiNerds. And if you're a marketing or content leader with a story that deserves a bigger audience — let's talk.