Spoiledlunch editorial

Signal over ceremony for security, GRC, and AI.

Nerdy Stuff. Tech Talk. Zero Freshness.

Analysis and commentary on GRC, security, and AI. Essays for operators and leaders who are tired of decorative governance, vendor theater, and fresh takes that were already stale on arrival.

Read the latest analysis Browse briefings

Featured analysis

Start with the arguments that define the site.

These are not the newest pieces. They are the ones that explain the publication fastest: one argument about security theater, one about compliance theater, and one about AI governance theater.

Security

When Zero Trust Meets Reality

April 15, 2026 Security 7 min read

Zero Trust promises to solve network security by eliminating trust assumptions. The marketing pitch is compelling: assume breach, verify everything, trust nothing. In practice, most Zero Trust implementations create new …

Read the opening argument

GRC

The SOC 2 Compliance Cargo Cult

April 18, 2026 GRC Security

SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the …

Read the control critique

Why AI Governance Frameworks Are Security Theater

April 20, 2026 AI GRC

Most enterprise AI governance frameworks are elaborate exercises in checkbox compliance that miss the actual risks. They’re designed …

Read the governance critique

Start here

Three beats. Three clean entry points.

If you are new to the site, start with one strong essay per beat and follow the argument from there.

GRC

The SOC 2 Compliance Cargo Cult

Start with the pieces that explain how governance theater forms, then move into the essays that show where evidence, ownership, and control design actually break.

The cleanest entry point into the site’s anti-ceremony stance on compliance and control programs.

Open GRC guide

Security

When Zero Trust Meets Reality

Read these if you want the site’s core security argument: most programs do not fail at tooling first. They fail at ownership, inventory, identity context, and operational clarity.

A foundational Spoiledlunch essay on what happens when architectural slogans meet real estates.

Open Security guide

Why AI Governance Frameworks Are Security Theater

Start here if you want the site’s consistent AI position: governance becomes real only once the system is deployed, observed, and capable of being challenged under live conditions.

The clearest statement of what Spoiledlunch rejects in enterprise AI governance.

Open AI guide

Fast briefings with context.

View all news

Brief
SEC Proposes Rescission of Climate-Related Disclosure Rules
May 29, 2026 AI
Summary: The Securities and Exchange Commission today proposed the rescission of overly burdensome and costly rules that require …
Brief
Boston Children's uses AI to unlock new diagnoses
May 29, 2026 AI
Summary: Boston Children’s Hospital uses OpenAI technology to improve patient care, reduce operational burden, and help diagnose …
Brief
CISA Adds One Known Exploited Vulnerability to Catalog
May 29, 2026 AI
Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active …
Brief
How Braintrust turns customer requests into code with Codex
May 29, 2026 AI
Summary: How Braintrust engineers use Codex with GPT-5.5 to run experiments and code faster. Why it matters: This matters if it …
Brief
A shared playbook for trustworthy third party evaluations
May 29, 2026 AI
Summary: OpenAI shares guidance on third-party AI evaluations, covering how to assess model capabilities, safeguards, and validity …

Stay current

No newsletters. No tracking. Just RSS.

Spoiledlunch publishes on purpose, not on a drip campaign. If you want every essay and briefing without surrendering your inbox, use the feed.

Everything

All articles, news briefs, and updates

Subscribe to Main Feed

Articles only

Long-form RSS

News only

Briefings RSS

New to RSS? Learn how to get started with feed readers.

Coverage areas

Three beats, one editorial voice.

Different domains, same standard: name the failure mode, cut through the slogans, and stay close to operational reality.

Topic 01

GRC

Governance and compliance coverage for readers who are tired of decorative control programs and evidence that proves nothing.

Explore GRC

Topic 02

Security

Security analysis that starts with ownership, exposure, and operational clarity instead of buying another dashboard.

Explore Security

Topic 03

AI

AI coverage for people who care more about deployed behavior, telemetry, and intervention than framework theater.

Explore AI