Insights on Zero Trust architecture, Agentic AI governance, Graduated Autonomy, and spec-driven development from Nikola Novoselec.https://graymatter.ch/enhttps://graymatter.ch/blog/spec-driven-development-part-2/https://graymatter.ch/blog/spec-driven-development-part-2/Two months ago I published a 542-line spec and said 'the code is a side effect.' The spec is now 4,400 lines. The code is over 100,000 lines. Here's what happened when the spec stopped being a document and became the product.Sun, 19 Apr 2026 00:00:00 GMTAgentic AISpec-Driven DevelopmentAgentic CodingSoftware EngineeringNikola Novoselechttps://graymatter.ch/blog/five-things-about-zero-trust/https://graymatter.ch/blog/five-things-about-zero-trust/Zero Trust was never just a security initiative. It was an architectural bet - and the companies that made it early are about to collect.Wed, 25 Mar 2026 00:00:00 GMTZero TrustSecurity ArchitectureEnterprise SecurityNikola Novoselechttps://graymatter.ch/blog/the-evaluation-nobody-publishes/https://graymatter.ch/blog/the-evaluation-nobody-publishes/Everyone saw the architecture. Nobody saw the evaluation behind it. We read every major analyst report. Then built a framework that disagreed with all of them.Fri, 20 Mar 2026 00:00:00 GMTZero TrustSecurity ArchitectureEnterprise SecurityNikola Novoselechttps://graymatter.ch/blog/spec-driven-development/https://graymatter.ch/blog/spec-driven-development/Everyone's talking about AI writing code. Almost nobody's talking about why most of it ends up in the trash. ~70,000 lines of code later, I accidentally built my favorite development environment.Sun, 15 Mar 2026 00:00:00 GMTAgentic AISpec-Driven DevelopmentAgentic CodingSoftware EngineeringNikola Novoselechttps://graymatter.ch/blog/integration-is-architecture/https://graymatter.ch/blog/integration-is-architecture/How do you bring Zero Trust to an organization that is older than the concept of a computer? Architecting the transition felt like changing the engines on a plane mid-flight - while that plane was carrying the entire population of a nation.Tue, 20 Jan 2026 00:00:00 GMTZero TrustSecurity ArchitectureEnterprise SecurityNikola Novoselechttps://graymatter.ch/blog/the-great-decoupling-part-2/https://graymatter.ch/blog/the-great-decoupling-part-2/I put a small AI model in charge of my firewall. Then I hired a larger model to watch it. Not just to save time - but because humans are no longer fast enough to stop machine-led attacks.Sat, 17 Jan 2026 00:00:00 GMTAgentic AIGraduated AutonomyAI GovernanceZero TrustSecurity ArchitectureNikola Novoselechttps://graymatter.ch/blog/the-great-decoupling/https://graymatter.ch/blog/the-great-decoupling/Something is shifting in how we build and protect systems. The center of gravity is moving - from writing logic to managing systems that generate it. What hit development is about to hit security. Are you ready?Thu, 08 Jan 2026 00:00:00 GMTAgentic AIAI GovernanceGraduated AutonomyZero TrustSecurity ArchitectureNikola Novoselechttps://graymatter.ch/blog/the-quiet-shift/https://graymatter.ch/blog/the-quiet-shift/The era of the static security rule is ending. As modern organisations roll out new infrastructure on edge platforms, a pattern is emerging that deserves more attention: legacy security components are getting smarter.Wed, 07 Jan 2026 00:00:00 GMTZero TrustAI SecuritySecurity ArchitectureNikola Novoselec