Topics | Spoiledlunch

Start here

Read this beat in order

Start with the pieces that explain how governance theater forms, then move into the essays that show where evidence, ownership, and control design actually break.

Step 1

The SOC 2 Compliance Cargo Cult

April 18, 2026 / 7 min read

The cleanest entry point into the site’s anti-ceremony stance on compliance and control programs.

SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed procedures, and wait for …

Start here

Step 2

Compliance Exceptions Tell You More Than Your Passed Controls

May 26, 2026 / 4 min read

A sharper view of where control programs reveal the truth once the green boxes stop flattering anyone.

Organizations love to report passed controls because passed controls are flattering. They suggest order. They suggest repeatability. They suggest that the environment …

Start here

Core threads

What this beat keeps arguing about

Questions

Start with the pressure points

Which controls are real operating constraints, and which ones are just well-documented beliefs?
Where does evidence prove execution instead of merely proving preparation?
What stays unresolved because the program can record the problem without forcing a decision?

Brief

New ways to buy ChatGPT ads

May 5, 2026

Summary: OpenAI expands ChatGPT ads with a beta self-serve Ads Manager, CPC bidding, and enhanced measurement tools—built to protect privacy …

Read brief

Brief

Deputy Director of Enforcement Jason Burt to Conclude His Tenure at the SEC

April 30, 2026

Summary: The Securities and Exchange Commission today announced that Jason Burt, Deputy Director of the Division of Enforcement (Specialized …

Read brief

Brief

Our commitment to community safety

April 28, 2026

Summary: Learn how OpenAI protects community safety in ChatGPT through model safeguards, misuse detection, policy enforcement, and …

Read brief

Brief

Marking 10 years of the GDPR: the evolution of the European data protection landscape

April 27, 2026

Summary: Brussels, 27 April – Today marks the 10th anniversary of the GDPR’s adoption, the first comprehensive data protection framework …

Read brief

Article

Compliance Gets Better When Regulators Ship Tools Instead of Slogans

April 24, 2026 / 2 min read

A lot of compliance guidance dies as slideware because it explains principles without changing the operator’s daily work. The more interesting recent GRC signal is that standards …

Read analysis

Article

Earth Day: How Environmental Activism Became Carbon Offset Subscription Theater

April 22, 2026 / 6 min read

Today is Earth Day, which means it’s time to feel guilty about your carbon footprint and grateful for the carbon offset subscriptions, green energy apps, and sustainability platforms …

Read analysis

Article

Why AI Governance Frameworks Are Security Theater

April 20, 2026 / 4 min read

Most enterprise AI governance frameworks are elaborate exercises in checkbox compliance that miss the actual risks. They’re designed to satisfy auditors and executives, not to manage …

Read analysis

Article

The SOC 2 Compliance Cargo Cult

April 18, 2026 / 7 min read

SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed procedures, and wait for security to magically …

Read analysis

Brief