Whitepapers
Decisions made through The Crusible, written up and shared. Each represents a real question, rigorously examined.
Why Enterprise AI Agents Create Vulnerabilities Your Security Programme Was Never Designed to Find
Craig Borman
Every AI agent your organisation deploys makes a security assumption that cannot hold. This briefing shows what failed in production at Google, Microsoft, AWS and Perplexity — and what Article 26 requires before August 2.
The Governance Gap: Why AI Risk Frameworks Fail at the Integration Layer
Craig Borman the Crusible
The security vendors and the regulators share the same foundational error — both assume AI risk is a property of a system, when the Bankr exploit proves it is a property of a position within an integration graph that changes continuously after deployment.
The Volatility Machine: How Bitcoin ETFs Inverted Their Own Promise
Craig Borman the Crusible
Every institution selling the Bitcoin ETF stability thesis benefits from it being believed — regardless of whether it is true. This whitepaper runs the institutional adoption consensus through Crusible's elimination-based reasoning and finds a structural inversion: the instruments designed to dampen Bitcoin volatility are architecturally required to amplify it under stress. The floor became a trapdoor.
The Mathematical Impossibility of FS-ISAC's AI Security Guidance
Craig Borman the Crusible
FS-ISAC says "traditional vulnerability management no longer holds" for AI threats—then recommends incremental updates to those same approaches. This analysis reveals the mathematical impossibility: 50-100x required scaling cannot be achieved within 12-24 month compliance cycles. Financial services is repeating the antivirus industry's 2008-2012 mistake. Includes recommendations for what financial institutions should do instead.
The $3,460 Question: Testing AI Deployment Assumptions Before Production Failures
Craig Borman the Crusible
OpenAI's o3 costs $3,460 per query—200x more than humans. Before deploying expensive AI systems in production, enterprises must identify the hidden assumptions that lead to catastrophic failures. This whitepaper shows why assumption testing delivers 200x-2,000x ROI.
Crucible The Coordination Problem - Completed
Craig Borman — The Crucible
Responsible disclosure — the label applied to how security vulnerabilities are found, verified, reported and patched — was never a coherent framework. It is an aspirational term masking wildly different practices across organisations, contexts, and relationships. What AI has done is make that absence of coherence impossible to ignore.
Crucible The Coordination Problem
Craig Borman Founder, Crucible — The Crucible
Responsible disclosure was never a coherent framework. AI didn't kill it — it made the incoherence impossible to ignore at scale. This paper finds the structural failures that access control solutions like Project Glasswing cannot survive, and names what replaces them.
Crucible The Coordination Problem
Craig Borman Founder, Crucible — The Crucible
Responsible disclosure was never a coherent framework. AI didn't kill it — it made the incoherence impossible to ignore at scale. This paper finds the structural failures that access control solutions like Project Glasswing cannot survive, and names what replaces them. Produced using Crucible, now becoming Tanren.
Crusible is a reasoning methodology, not an academic institution. Its findings are a starting point for your own verification, not a final verdict.