Governance

Access reviews weren’t meant to be painful, tedious, or something people dread seeing in their inbox. The idea was simple: periodically check who has access to what, and confirm whether they still need it. Remove what’s no longer necessary. Reduce risk. Keep auditors happy. But somewhere along the way, a good security practice became an overloaded checkbox. The result? Compliance checkbox, not governance. Reviews get bulk-approved. Entitlements pile up. And nobody really trusts the system. ...

Tool calling is easy. Trust isn’t. Every new wave of infrastructure brings its own version of the “simpler protocol.” With AI agents, that moment arrived fast — the Universal Tool Calling Protocol (UTCP) has started making noise as the next big thing. Its promise sounds familiar: no wrapper servers, no middleware, no proxy hops. Agents can “just call” APIs, CLIs, or services directly using a JSON manual. Elegant. Minimal. Free of the heavy machinery that came with the Model Context Protocol (MCP). ...