← All writing
AI · Jun 2026 · 5 min

Reading AI security claims without losing your mind

The volume of AI security marketing has outrun the reality by a wide margin. A working defender needs a way to read a vendor claim and quickly place it on the spectrum from real to theatrical.

We look for three things: a described mechanism, a failure mode the vendor will admit to, and an evaluation we could in principle reproduce. Claims missing all three are usually selling a feeling.

None of this requires being an AI researcher — just refusing to accept a capability you can't describe.

A CAC creation