Spoiledlunch editorial

Sharp writing on security, GRC, and AI.

Nerdy Stuff. Tech Talk. Zero Freshness.

Analysis and commentary on GRC, security, and AI. Essays for operators and leaders who need signal, not recycled talking points.

Read the latest analysis Browse briefings

Featured analysis

Start with the strongest argument on the site.

The front page should immediately show serious editorial judgment. This section highlights one full-length piece and two recent essays without flooding the reader.

Why AI Governance Frameworks Are Security Theater

April 20, 2026 AI GRC 4 min read

Why AI Governance Frameworks Are Security Theater Most enterprise AI governance frameworks are elaborate exercises in checkbox compliance that miss the actual risks. They’re designed to satisfy auditors and …

Read full analysis

The SOC 2 Compliance Cargo Cult

April 18, 2026 GRC Security

The SOC 2 Compliance Cargo Cult SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the …

Read essay

When Zero Trust Meets Reality

April 15, 2026 Security

When Zero Trust Meets Reality Zero Trust promises to solve network security by eliminating trust assumptions. The marketing pitch is …

Read essay

Fast briefings with context.

View all news

Brief
NIST Publishes Hardware Security White Paper on Firmware-Based Monitoring
April 15, 2026 Security
Summary: NIST published Cybersecurity White Paper 52, “Firmware-Based Monitoring for Bus-Based Computer Systems,” on …
Brief
OpenAI Opens Applications for a Safety Fellowship Focused on Alignment Research
April 6, 2026 AI
Summary: OpenAI announced the OpenAI Safety Fellowship on April 6, 2026, describing it as a pilot program for external …
Brief
NIST Releases CSF 2.0 Quick-Start Guides for ERM and Informative References
March 23, 2026 GRC
Summary: NIST announced two Cybersecurity Framework 2.0 quick-start guide updates on March 23, 2026. The agency released the final …
Brief
NIST Finalizes Revision 3 of Its DNS Deployment Guide
March 19, 2026 Security
Summary: NIST published the final version of SP 800-81 Revision 3, “Secure Domain Name System (DNS) Deployment Guide,” …
Brief
NIST Maps the Hard Parts of Monitoring Deployed AI Systems
March 9, 2026 AI
Summary: NIST published AI 800-4, “Challenges to the Monitoring of Deployed AI Systems,” on March 9, 2026. The report …

Coverage areas

Three beats, one editorial voice.

Each section should read like part of the same publication, with a shared tone and a clear promise to the reader.

Topic 01

GRC

Governance, Risk, and Compliance insights that cut through the checkbox mentality.

Explore GRC

Topic 02

Security

Real-world security analysis beyond the vendor marketing and fear mongering.

Explore Security

Topic 03

AI

Artificial Intelligence developments with a focus on risk and regulatory impact.

Explore AI