Governance that works  ·  Evidence-first  ·  No advertising tracking

Technology risk. Evidence. Resilience.

A practitioner's journal at the intersection of audit defensibility, control automation, and AI governance, for regulated environments that demand evidence, not promises.

// Personal writing and small builds, published in my own time. Views are my own.

▶ Start here: Field Notes The Seven Dhārās Collaborate
// navigate

The Seven Dhārās

Seven streams of practice. Each one a discipline.

Dhārā I स्वामी GRC Intelligence Policy-as-code, control automation, evidence engineering. Dhārā II अमात्य AI-Augmented Governance Minimum sufficient control, maturity radar, direction scoring. Dhārā III जनपद Economic Statecraft Geopolitical economics as a governance signal engine. Dhārā IV दुर्ग Resilience Engineering Systems that hold under adversarial pressure, recover by architecture. Dhārā V कोश Signal Sovereignty Weak signal convergence. Niti-driven capital discipline. Dhārā VI दण्ड Regulatory Cartography Cross-jurisdictional signal engine: what shifts, where, when. Dhārā VII मित्र Sovereign Judgment Permission architecture. Vendor maturity. Programme design.
// field notes

Latest Field Notes

Recent dispatches. Each one lives inside its Dhārā.

All field notes →
AI-Augmented Governance
Two hundred and fifty documents
Open weights solve vendor opacity. They do not solve training-data provenance. Corpus integrity, RAG provenance, and prompt injection are the gaps your AI governance programme is missing.
May 2026 · 18 minRead →
AI-Augmented Governance
Whose hash, whose key, whose pin
Trust primitives are technical artefacts. Whose authority chain backstops the hash, the key, and the pin? A supply-chain decision framework for self-hosted AI in regulated firms.
May 2026 · 10 minRead →
AI-Augmented Governance
Sovereign by default, hybrid at edges
Why self-hosted open-weights inference is the boardroom-defensible default for regulated firms, and where hybrid still makes sense.
May 2026 · 11 minRead →
AI-Augmented Governance
Proof with an expiry date
Regulated records can outlive the cryptography that proves them. Crypto-agility is the property that lets a firm migrate primitives without re-attesting the world. The series closer.
Jun 2026 · 12 minRead →
Resilience Engineering
Every server is code in your context
MCP runs every connected server inside your model's trust boundary. The host, not the model, is where integrity holds, and the failure modes are fixed by architecture, not vigilance.
May 2026 · 10 minRead →
AI-Augmented Governance
The root of trust
Hardware attestation for self-hosted AI in regulated firms. The firmware layer is unscoped, the BMC is unpatched, and the DORA register excludes the GPU vendor.
May 2026 · 16 minRead →

What ऋतPulse means

rtapulse.com (ऋतPulse) combines ऋत (ṛta / ṛtá), meaning order, rule, truth, rightness, with Pulse, a living signal of health. It reflects how I think GRC should work: not a quarterly scramble, but a steady rhythm. Detect drift early, keep evidence ready, and translate risk into decisions leaders can act on.