Asyraf
Security professional by day, builder by night. Based in Singapore — writing about AI risk, enterprise governance, and shipping things in public.
Latest posts
I Made Claude Bet the World Cup (With Fake Money) — and It Taught Better Risk Lessons Than Most Security Training
7/15/2026
Before the 2026 semifinals, I asked Claude for calibrated predictions and a stake-sizing plan. The AI's most rational recommendation? Barely bet at all. Here's what a football tournament teaches about probability, calibration, and the scams riding the hype.
A DLP Baseline for Small Teams: Stopping Leaks Without a SOC
7/12/2026
Data-loss prevention is usually sold as enterprise tooling. Here's a pragmatic baseline a small team can actually run — built on classification, identity, and a few high-leverage controls.
Threat-Modelling Your First MCP Server: STRIDE for the Agent Era
7/3/2026
MCP servers hand an AI agent real tools and real access. Here's how to run a classic STRIDE threat model over one before you wire it to anything that matters.