“The best systems aren’t the most powerful ones. They’re the ones whose limits you can actually see.” — Nadina D. Lisbon

Hello Sip Savants! 👋🏾

The Senate Judiciary Committee recently advanced the bipartisan NO FAKES Act [1], a sign that the rules around digital identity are starting to firm up. As that happens, it’s a good moment to think about trust as something built into the architecture from the start, rather than added once a problem appears. The three items below are worth a few minutes of your attention this week.

3 Tech Bites

• 🎙️ Digital likeness, getting its guardrails

  • The NO FAKES Act would create federal protections against nonconsensual AI-generated voice and video replicas [1]. If any of your deployments touch synthetic media, it may be worth looking at identity verification early, while the standards are still taking shape.

• 🛡️ A vulnerability worth knowing about

  • Researchers at the Cloud Security Alliance have documented what they call agentjacking, a way autonomous systems can be compromised through weaknesses in the Model Context Protocol [2]. It’s a useful prompt to review how your agents’ context and access permissions are scoped, before they’re handling anything sensitive.

• 🧬 One model, or several working together

  • OpenRouter’s Fusion approach lets different large language models combine their outputs [3]. A composable setup like this can ease reliance on any single vendor and let you pair models to the work they’re best at, rather than forcing everything through one.

5-Minute Strategy

🧠 Putting Agentic Risk on the Map

When you delegate work to autonomous agents, some risk moves out of plain sight. One simple step for technology leaders is to give that risk a home on the books. Think of it as a conversation starter for your risk and security teams, not a finished prescription:

1. Open a draft entry in your IT risk register.

2. Name the category in your own terms. For example, “Autonomous logic compromise via Model Context Protocol” [2].

3. Note a starting impact rating (many teams would place this in the high or critical range) and adjust to your context.

4. Sketch the core concern: unauthorized changes to an agent’s context that could lead to privilege escalation, data exposure, or unapproved third-party calls.

5. Save it and route it to your risk and compliance teams for a proper look.

The point isn’t the exact wording. It’s making the risk visible enough to discuss.

Share

1 Big Idea

💡 Building Glass Houses

Moving to autonomous AI asks for a different kind of design thinking. Earlier automation ran on predictable, linear workflows where you could trace every step. Agents don’t work that way. They make decisions in the moment, which is exactly what makes them useful and exactly what makes them harder to supervise. The interesting design question isn’t how to remove people from the loop, but where to place them so their judgment still counts.

Model fusion [3] is a small example of the shift. Instead of leaning on one provider for everything, you can draw on several models and let their strengths combine. The result tends to be more accurate and less prone to any single model’s blind spots. That’s a reminder that mixed, well-integrated systems are usually more resilient than isolated ones. Used well, the goal is to give people richer information to decide with, not to hand the decision over entirely.

That openness only works with clear boundaries around it. The agentjacking research [2] is a good illustration of what happens when autonomous logic runs without tight limits on what it can see and touch. A continuously-verified, least-access approach lets you keep the flexibility without leaving the door open, and protects the organization as carefully as it processes the work.

Emerging rules like the NO FAKES Act [1] point the same direction. Digital identity and creative ownership are becoming things systems are expected to respect by design. Trust is shifting from a soft value to a concrete design requirement, something you can point to in the architecture, meant in the end to protect the actual people behind the data.

The aim is to build systems people can see into. When the infrastructure is secure, predictable, and legible, the people working alongside it are freed to focus on the work that needs them. That’s the case for glass houses: environments where the logic is visible, the boundaries are clear, and the technology stays a dependable foundation rather than a black box.

Hit reply and start a conversation about what most intrigued you, these are better questions to think through together than alone. I read every response.

Leave a comment

P.S. If a peer is working through their own autonomous AI plans, share this newsletter and help brew up stronger customer relationships.

Share TechSips with Nadina: The Newsletter

P.P.S. If you found these AI insights valuable, a contribution to the Brew Pot helps keep the future of work brewing.

Add to the Brew Pot! ✨

Resources

[1] Blackburn, Coons Bipartisan Bill to Protect Individuals and Creators from Deepfakes Passes Senate Judiciary Committee
[2] Agentjacking: Sentry MCP Injection Hijacks AI Coding Agents

[3] What Is Model Fusion? How OpenRouter Fusion Matches Frontier AI at Half the Cost

Sip smarter, every Tuesday. (Refills are always free!)

Cheers,

Nadina

Host of TechSips with Nadina | Chief Strategy Architect ☕️🍵