June 2025 Published Materials¶
During June 2025, I published 29 comprehensive research documents spanning artificial intelligence, cybersecurity, organizational transformation, and strategic innovation. The month's publications show a concentrated focus on semantic knowledge graphs and their applications (10 documents including user-driven personas, LLMs as graph databases, and graph thinking), ephemeral computing and testing methodologies (3 documents on ephemeral testing and Neo4j instances), and strategic partnership proposals with major technology companies (3 documents on AWS, Neo4j, and Atlassian collaboration proposals). Additional research covered GenAI applications in business transformation (5 documents on legacy code refactoring, workshops, and no-code development), cybersecurity frameworks (4 documents on threat modeling and security implications), and various topics including OWASP history, hiring practices, news media transformation, and personal content rights, demonstrating the breadth of my research interests and expertise.
My research this month particularly emphasizes the intersection of AI technologies with practical business applications, from threat modeling services enhanced by GenAI to legacy code refactoring solutions. A recurring theme is the evolution from static systems to dynamic, graph-based architectures that can adapt and scale with organizational needs. The strategic partnership proposals with AWS, Neo4j, and Atlassian highlight my vision for collaborative innovation in serverless computing, graph databases, and knowledge management systems. The later part of the month saw significant work on ephemeral Neo4j instances and data testing methodologies, showcasing practical implementations of theoretical concepts in graph database management. Throughout June, I consistently explored how semantic knowledge graphs can bridge technical complexity with business value, whether through personalized news feeds, cybersecurity risk modeling, or user-driven persona development.
Overview Table¶
| Date | Title | Focus Area | Key Concepts |
|---|---|---|---|
| 06/02 | Linking Threat Models with Semantic Business Graphs | Cyber Security | Semantic Business Graphs, Threat Modeling, Business Context, Knowledge Graphs, Two-Way Influence |
| 06/03 | Jira as a Graph Database – Proposal for Atlassian Executives | Projects | Jira Graph Database, Issue Links, Semantic Relationships, JSync, Project Lumos |
| 06/03 | Proposal for Neo4j Collaboration with Dinis Cruz | Projects | Neo4j Partnership, Serverless Graph DB, MGraph-AI, Knowledge Graphs, GraphRAG |
| 06/03 | Proposal: Strategic AWS Partnership with Dinis Cruz's GenAI and Graph Innovations | Projects | AWS Serverless, GenAI Integration, OSBot-AWS, MGraph-AI, Amazon Bedrock |
| 06/06 | Personalised Briefing for Dan Raywood on the Future of News | The Future of News | Micropayments, Trust-as-a-Service, Semantic Graphs, Personalized News Feeds, Content Monetization |
| 06/07 | GenAI Legacy Code Refactoring – Business Plan | Projects | Legacy Code Modernization, GenAI Automation, Bug-First Testing, Serverless Architecture, SaaS Model |
| 06/07 | History and Analysis of OWASP In-Person Summits | Cyber Security | OWASP Summits, Collaborative Security, Working Sessions, Community Building, Knowledge Sharing |
| 06/08 | Personalized Briefing: Semantic Knowledge Graphs – Intersection of Dinis Cruz & Kerstin Clessienne's Work | Graphs | Semantic Knowledge Graphs, Marketing Technology, Self-Evolving Graphs, Wardley Maps, Trust Networks |
| 06/08 | Using Presentations Instead of CVs in Hiring | Europe and Learning | Alternative Hiring Methods, Personal Presentations, Diversity in Recruitment, Creative Assessment, Talent Discovery |
| 06/09 | Supercharging AppSec Threat Modeling Services with GenAI and Semantic Graphs | Cyber Security | AppSec Services, GenAI Threat Modeling, Semantic Graphs, Multi-Stakeholder Reporting, AI-Assisted Analysis |
| 06/10 | Explorers, Villagers, and Town Planners: Understanding the Generative AI Divide | Development and GenAI | EVTP Framework, Wardley Maps, Innovation Adoption, GenAI Perspectives, Technology Evolution |
| 06/10 | Security Implications of the Model Context Protocol (MCP) and the Need for Robust Infrastructure | Cyber Security | MCP Security, LLM Tool Integration, Prompt Injection, Identity Management, Zero Trust Architecture |
| 06/13 | Follow-Up Technical Vision: Optimizations, Deployment, and Security | Projects | Web Content Filtering, Performance Optimization, Multi-Tenant Architecture, Serverless Deployment, Cache Strategies |
| 06/13 | Technical Briefing: Web Content Filtering Project | Projects | Web Content Filtering, Real-Time Modification, Proxy Architecture, LLM Processing, Personalization |
| 06/14 | User-Driven Semantic Persona Graphs Powered by GenAI | Graphs | Persona Graphs, GenAI-Driven Q&A, Interactive Workflows, Knowledge Graph Creation, Human-in-the-Loop |
| 06/15 | Personal Content Rights: Protecting Individuals in the Age of Deepfakes and AI Cloning | Cyber Security | Personal Content Rights, Deepfake Protection, AI Ethics, Digital Identity, Watermarking |
| 06/15 | The Hidden Cost of Ephemeral Testing and the Case for Automation | Development and GenAI | Ephemeral Testing, Test Automation, ETDD, Wardley Maps, Development Velocity |
| 06/16 | Workshop Plan: User-Driven Semantic Persona Graphs Powered by GenAI | Development and GenAI | Workshop Design, GPT Pipeline, Multi-Phase Architecture, Vibe Coding, Interactive Learning |
| 06/18 | Bridging Niklas Luhmann's Ideas with Semantic Knowledge Graphs and G³ | Graphs | Zettelkasten Method, Knowledge Management, G³ Framework, Niklas Luhmann, Personal Knowledge Systems |
| 06/18 | Comparing the EU FED Cloud vs. an Open-Source Federated Cloud Proposal | Development and GenAI | EU FED Cloud, Federated Architecture, Open-Source Cloud, ArQiver Platform, Data Sovereignty |
| 06/18 | Empowering the Graph Thinkers in the Age of Generative AI | Graphs | Graph Thinking, No-Code Development, LLMs as Graph Databases, MGraph-DB, Knowledge Democratization |
| 06/18 | No Code Development (NCD): A Paradigm Shift Beyond 'Vibe Coding' | Development and GenAI | No Code Development, Vibe Coding, AI-Assisted Development, Natural Language Programming, ThreatModCon 2025 |
| 06/19 | Empowering Workshops with Custom GPTs for GenAI Training | Development and GenAI | Custom GPTs, Workshop Training, GPT Builder, Knowledge Base Integration, Interactive Learning |
| 06/19 | Using LLMs as Ephemeral Graph Databases | Graphs | LLMs as Databases, Ephemeral Graphs, Natural Language Queries, Cybersecurity Risk Modeling, Graph CRUD Operations |
| 06/22 | FIST Meets the Semantic Knowledge Graph | Cyber Security | FIST Framework, Fast/Inexpensive/Simple/Tiny, Defense Acquisition, Agile Development, G³ Alignment |
| 06/22 | Project Plan: High Street GenAI Learning Hub | Cyber Security | Community Learning, GenAI Education, Third Space Concept, Digital Inclusion, Social Innovation |
| 06/25 | Data Tests for Neo4j: Bringing Automated Testing to Graph Databases | Graphs | Data Testing, Graph Database QA, PyTest Integration, CI/CD Pipelines, Schema Validation |
| 06/25 | Ephemeral Neo4j Instances for On-Demand Graph Analytics | Graphs | Ephemeral Databases, Serverless Neo4j, AWS Architecture, On-Demand Analytics, Cost Optimization |
| 06/25 | Using Ephemeral Neo4j Instances for a Cybersecurity Risk Graph Scenario | Graphs | Risk Graph Implementation, Cypher Queries, Ephemeral Setup, Threat Modeling, Incident Response |
Detailed Summaries¶
Linking Threat Models with Semantic Business Graphs¶
June 2, 2025
This document proposes Semantic Business Graphs as a revolutionary approach to bridging security analysis with business context. The research demonstrates how organizations can map their entire business landscape – including goals, processes, organizational structures, finances, and compliance obligations – into an interconnected knowledge graph that directly links with threat modeling artifacts. This creates a living model where security analyses are always performed in light of real business impact, ensuring that cyber threats are evaluated not in isolation but in terms of their effect on customer trust, revenue, and strategic goals.
The implementation involves creating "graphs of graphs" that connect multiple ontologies and taxonomies, enabling complex queries like "Which critical business services would be impacted by a Log4J vulnerability?" to be answered in seconds. The paper details how this approach creates a two-way influence between business decisions and threat models, where business changes automatically flag relevant threat models for updating, and security findings visibly link to business objectives. The research includes practical examples from a SaaS provider with GenAI capabilities, showing how the semantic graph serves different stakeholders from executives to security teams to external auditors.
Jira as a Graph Database – Proposal for Atlassian Executives¶
June 3, 2025
This comprehensive proposal presents Jira as a Graph Database, showcasing over a decade of Dinis Cruz's experience in pushing Jira beyond traditional use cases. The document demonstrates how Jira's built-in issue linking and customization capabilities can model complex networks of information, effectively transforming it into a powerful knowledge graph where each issue serves as a node and each issue link represents a relationship edge. The proposal includes concrete examples from implementations at Photobox Group and Holland & Barrett, where Jira was successfully used to manage risk data and workflows as graph-backed systems.
The technical approach involves structuring Jira projects so that each represents a distinct node type in the graph, with custom link types encoding semantic relationships between entities. The proposal introduces several innovative tools including JSync (a Jira synchronization system that exports data for offline graph queries), Project Lumos (a serverless Jira-to-GraphDB connector), and MGraph-AI (a memory-first graph database for AI workloads). These solutions address Jira's current limitations while demonstrating how Atlassian could unlock new capabilities in advanced analytics, knowledge graphs, and AI integrations through strategic collaboration.
Proposal for Neo4j Collaboration with Dinis Cruz¶
June 3, 2025
This strategic partnership proposal outlines opportunities for Neo4j collaboration based on Cruz's extensive history with graph technologies and Neo4j specifically. The document traces a timeline from 2017 to 2025, detailing Cruz's pioneering work including the use of Neo4j for GDPR data flow mapping at Photobox and his leadership in sessions on "Ideas for Graph DBs like Neo4j" at the Open Security Summit. The proposal highlights current innovations including MGraph-AI, a serverless graph database designed for AI and serverless environments, and MyFeeds.ai, which demonstrates LLM-powered semantic news feeds using knowledge graphs.
The collaboration opportunities span multiple areas including serverless Neo4j implementations, knowledge graphs for GenAI applications, Jira-Neo4j integration for DevSecOps, and cybersecurity knowledge graph solutions. The proposal emphasizes The Cyber Boardroom pilot as a flagship opportunity, where Neo4j could serve as the core knowledge graph repository for a GenAI-powered platform that bridges cybersecurity expertise with corporate board decision-making. Each proposed initiative aligns with Neo4j's strategic direction in AI, cloud deployment models, and enterprise knowledge graphs.
Proposal: Strategic AWS Partnership with Dinis Cruz's GenAI and Graph Innovations¶
June 3, 2025
This proposal presents a strategic AWS partnership opportunity based on Cruz's six years of building advanced solutions on Amazon Web Services. The document showcases proven implementations of serverless GenAI and graph-based applications, including the open-source MGraph-AI graph database and OSBot-AWS automation toolkit, which demonstrate capabilities that AWS's current offerings don't natively provide. The research highlights how Cruz identified and filled the gap for a truly serverless graph database optimized for Lambda-based use with zero cost when idle.
The collaboration proposals include co-developing a serverless graph database offering, featuring Cruz's work as AWS case studies for GenAI and serverless best practices, sponsoring open-source integration development, and joint solution offerings in the AWS Marketplace. The document details flagship projects like The Cyber Boardroom (a serverless GenAI platform for cybersecurity decision-making) and MyFeeds.ai (personalized semantic news feeds), both built entirely on AWS's serverless stack. These innovations align directly with AWS's priorities in serverless computing and GenAI, including planned integration with Amazon Bedrock.
Personalised Briefing for Dan Raywood on the Future of News¶
June 6, 2025
This executive briefing synthesizes extensive research on the future of news and monetization of trust specifically tailored for Dan Raywood, Senior Editor at SC Media UK. The document presents innovative proposals for diversifying revenue through micro and nano payments, where readers pay tiny amounts for individual pieces of content rather than committing to full subscriptions. The briefing emphasizes how modern technology has removed barriers to micropayments, enabling seamless one-click payments that align monetary incentives with truth, transparency, and trust in journalism.
The research introduces the concept of "Trust-as-a-Service," where news organizations can monetize their credibility and verification capabilities through real-time Verification APIs, credibility scoring services, and expert networks. The document details how personalized news feeds powered by semantic graphs can deliver tailored content while maintaining full provenance and transparency. For SC Media UK specifically, the briefing outlines opportunities to pilot custom cybersecurity news feeds, leverage their reputation through trust metrics and verification badges, and integrate content into cross-publisher micropayment systems.
GenAI Legacy Code Refactoring – Business Plan¶
June 7, 2025
This comprehensive business plan presents a GenAI Legacy Code Refactoring SaaS company dedicated to modernizing legacy software codebases using generative AI, human expertise, and automated workflows. The document outlines a three-phase process: adding comprehensive test coverage and documentation, ensuring continuous integration pipelines run smoothly, and performing AI-assisted code refactoring under the safety net of rigorous tests. The approach addresses the universal pain point that organizations allocate 60-80% of IT budgets to maintaining legacy systems, with technical debt averaging $361k per 100,000 lines of code.
The business model operates on pure SaaS with token-based pricing adding 20% markup to all model costs, ensuring profitability on every project. The solution leverages bug-first testing approaches, where known bugs have passing tests that capture their current behavior, providing meaningful safety nets for refactoring. The plan includes pragmatic success metrics measured through OKRs rather than absolute claims, human-in-the-loop services for expertise coordination, and a serverless architecture that keeps costs minimal while enabling global scalability.
History and Analysis of OWASP In-Person Summits¶
June 7, 2025
This comprehensive historical analysis documents all OWASP in-person summits from 2008 to 2017, providing detailed insights into how these intensive collaborative gatherings shaped the application security community. The research covers four major summits: the 2008 European Summit in Algarve (80 participants), the 2009 Washington D.C. leadership summit, the 2011 Global Summit in Lisbon (175-180 participants from 20+ countries), and the 2017 Summit at Woburn Forest, UK. Each summit is analyzed for its planning, format, key topics, outcomes, and lasting impact on OWASP's evolution.
The document reveals how summit formats evolved from conference-style presentations to pure working sessions, emphasizing collaboration over passive learning. Key outcomes included the establishment of OWASP's core principles and code of ethics (2008), the creation of six global committees, governance reforms introducing member-inclusive board elections (2011), and the acceleration of projects like OWASP SAMM and the Mobile Security Testing Guide (2017). The analysis demonstrates how these summits served as catalysts for organizational change, community building, and the advancement of application security practices globally.
Personalized Briefing: Semantic Knowledge Graphs – Intersection of Dinis Cruz & Kerstin Clessienne's Work¶
June 8, 2025
This personalized briefing explores the intersection of research interests between Dinis Cruz and Kerstin Clessienne, both thought leaders in semantic knowledge graphs. The document highlights how Clessienne, a marketing technology expert, advocates for knowledge graph-driven approaches to improve customer insight and personalization, while Cruz has developed self-evolving semantic knowledge graph systems for capturing complex knowledge and generating tailored content. Both recognize that integrating knowledge graphs with AI is a game-changer for creating truly personalized and context-aware experiences.
The briefing reveals key convergences in their work: both see semantic enrichment as critical for AI to move beyond pattern-matching, both address organizational data silos through unified knowledge graphs, and both use graphs to drive personalized content and insights. Cruz's unique contribution of evolving graphs into Wardley Maps for strategic insight complements Clessienne's focus on marketing strategy and intelligent transformation. The document provides resources for deeper collaboration, including links to Cruz's research repository, MyFeeds.ai architecture details, and key articles on self-improving knowledge graphs and the progression from metadata to stories.
Using Presentations Instead of CVs in Hiring¶
June 8, 2025
This document presents an innovative approach to recruitment where candidates create presentations instead of traditional CVs, based on Dinis Cruz's successful implementations at Glasswall and Holland & Barrett. The research demonstrates how traditional resumes provide only flat, one-dimensional snapshots that can be misleading, invite unconscious bias, and fail to capture true skills or potential. In contrast, personal slide decks allow candidates to tell the story of their professional journey, showcase actual work with visuals, and demonstrate creativity and communication skills.
The case studies show remarkable success: at Glasswall, Petra Vukmirović, an emergency medicine doctor transitioning to cybersecurity, created a 10-slide presentation outlining her self-learning roadmap that led to her hiring and subsequent success in the field. At Holland & Barrett, the security team formally integrated candidate presentations into recruitment, with HR buy-in after seeing improved hiring outcomes. The approach promotes diversity by allowing candidates with non-traditional backgrounds to explain their unique paths and transferable skills, while making interviews more engaging through structured discussions around prepared content.
Supercharging AppSec Threat Modeling Services with GenAI and Semantic Graphs¶
June 9, 2025
This white paper outlines how AppSec consulting services can be transformed through the integration of Generative AI and semantic knowledge graphs. The document demonstrates how LLMs can rapidly produce, customize, and maintain threat models at scale, generating hundreds or thousands of security documents in hours rather than weeks. By representing threats, assets, and mitigations as nodes in a semantic graph linked to business context, static threat models become living knowledge bases that are queryable and continuously updatable.
The proposed service offerings include AI-Augmented Threat Modeling Services that deliver 5x more threat scenarios than manual approaches, Knowledge Graph Integration with custom security dashboards, Multi-Stakeholder Reporting Bundles that generate tailored outputs for different audiences, and AI-Driven Secure Code Review combining LLM analysis with human expertise. The implementation leverages techniques like mass-generation of threat models (demonstrated with Google's Gemini 2.0 generating 1,000 models), customization for specific tech stacks, and open schema outputs for seamless integration. The paper emphasizes that this approach enables consultants to scale their expertise, deliver more value with less effort, and differentiate themselves in a competitive market.
Explorers, Villagers, and Town Planners: Understanding the Generative AI Divide¶
June 10, 2025
This opinion piece applies Simon Wardley's EVTP framework to explain the divide in the GenAI community between enthusiastic explorers who see unlimited potential and cautious town planners who emphasize current limitations. The document explains how Explorers thrive in Genesis phases with high uncertainty, celebrating what works while treating failures as learning opportunities, while Town Planners excel in Commodity phases requiring reliability, consistency, and safety at scale. Both perspectives are valid and necessary within their appropriate contexts.
The analysis reveals that Explorers focus on GenAI's magical possibilities, embracing "vibe coding" and predicting imminent disruption of traditional development, while Town Planners highlight serious concerns including hallucinations, lack of determinism, scalability issues, and security risks. The paper argues that both camps are brilliant and correct from their vantage points – Explorers measure by potential and breakthroughs, Town Planners by worst failures and limitations. The solution lies in recognizing when each mindset should dominate, fostering communication between camps, and investing in bridging solutions that gradually transform exploratory prototypes into production-ready systems.
Security Implications of the Model Context Protocol (MCP) and the Need for Robust Infrastructure¶
June 10, 2025
This paper examines the security implications of MCP, an open standard enabling LLMs to interface with external tools and data sources uniformly. While MCP provides a solid foundation for LLM tool integration (acting as a "USB-C for AI"), its success highlights that security is only as strong as the surrounding infrastructure. The document analyzes how MCP's strength in seamlessly bridging LLMs with real-world actions can become a massive vulnerability if traditional security controls are inadequate.
The research details new attack surfaces including prompt injection exploits (like the GitHub MCP exploit discovered in May 2025), malicious tool poisoning, and rug pull attacks. Current infrastructure falls short due to coarse authorization and over-privilege, lack of agent-specific identities, authentication gaps in MCP, uniform trust for all tools, and limited observability. The paper proposes solutions including fine-grained permissions and sandboxing, strong authentication with cryptographic tool verification, runtime monitoring for "toxic flow" detection, human-in-the-loop confirmation gates, and graph-based threat modeling for continuous analysis. The conclusion emphasizes that robust security must be engineered at the system level, not relying on AI model alignment alone.
Follow-Up Technical Vision: Optimizations, Deployment, and Security¶
June 13, 2025
This technical document provides detailed optimization strategies, deployment options, and security considerations for a web content filtering platform that uses AI to intercept and filter disallowed content. The optimization approach leverages minimal overhead in monitoring mode, sophisticated caching of content segments using hash-based deduplication, DOM structure analysis for intelligent segmentation, and parallel LLM processing with configurable cost/performance trade-offs. The system breaks pages into segments, computes unique hashes, and reuses classifications for previously seen content, dramatically reducing processing time for repeat visits.
The deployment strategy offers flexibility from multi-tenant SaaS using serverless functions to dedicated cloud deployments with tenant-specific encryption, and even on-premises installations for organizations requiring complete data control. Security measures include strong tenant isolation with encrypted data segregation, safe handling of sensitive content with minimal retention policies, integrity controls to prevent filter bypass, and configurable fail-open versus fail-closed behaviors. The architecture supports customer-provided API keys for LLM services, enabling organizations to maintain control over their data while benefiting from the filtering capabilities.
Technical Briefing: Web Content Filtering Project¶
June 13, 2025
This technical briefing outlines the architecture and design of the Web Content Filtering Project, which aims to give users fine-grained control over the content they see as they browse the web. The project's core idea is to intercept and dynamically modify web pages in real-time, allowing unwanted content to be filtered out and relevant content to be highlighted. By leveraging Large Language Models (LLMs) and knowledge graphs, the system can filter or transform content on the fly without requiring changes from the websites themselves.
The implementation showcases several key design principles: personalization via semantic graphs that represent both content and user preferences as structured knowledge, minimal in-line LLM usage to ensure fast browsing after initial processing, deterministic and reproducible results through structured outputs and rigorous data schemas, and comprehensive provenance and explainability where every filtering decision can be audited. The system implements a multi-stage pipeline including page capture via proxy, HTML parsing to typed structures, DOM to graph conversion, text extraction, LLM semantic classification, persona/preference graph matching, and finally page reconstruction with filtered content. The architecture leverages open-source tools like OSBot TypeSafe and MGraph-DB, demonstrating how modern AI can enable personalized web experiences while maintaining transparency and user control.
User-Driven Semantic Persona Graphs Powered by GenAI¶
June 14, 2025
This white paper presents a GenAI-powered, user-driven workflow for creating persona-based knowledge graphs on demand, transforming the traditionally static process of gathering information into an engaging dialogue. The system uses an interactive Q&A workflow orchestrated by an LLM that dynamically generates questions, adapting to user responses and building a semantic graph of the user's domain. Each answer the user provides is parsed into structured data that expands the graph with new nodes and edges, while the next questions are informed by the growing graph, allowing a personalized path of inquiry.
The technical implementation leverages a serverless architecture using OSBot-FastAPI for API endpoints, OSBot-Utils for flow orchestration, and MGraph-DB as a memory-first graph database optimized for AI workloads. The system incorporates human-in-the-loop feedback where users validate and refine the graph's accuracy, pre-population capabilities using external data sources, and the ability to generate multiple persona-specific outputs from the same base knowledge. Applications span cybersecurity risk profiling, personalized news feeds, corporate compliance auditing, customer onboarding, and education, demonstrating how combining human input with AI assistance yields self-improving knowledge structures that are far more aligned to user reality than generic templates.
Personal Content Rights: Protecting Individuals in the Age of Deepfakes and AI Cloning¶
June 15, 2025
This comprehensive white paper proposes establishing Personal Content Rights as a new legal framework to give individuals firm control over their own digital persona in the age of AI-generated deepfakes. The document outlines how generative AI has enabled anyone to clone voices, faces, and writing styles with startling realism, leading to fraud, defamation, and non-consensual pornography on a massive scale. The proposed framework would make it illegal to create or distribute AI-generated content that imitates a real person without explicit authorization, treating digital cloning without consent as a serious rights violation akin to identity theft.
Key proposals include outlawing unauthorized deepfakes with stiff penalties, establishing inalienability of persona rights (preventing wholesale selling of one's digital identity), developing robust identity verification frameworks through persona and identity graphs, mandating watermarking and provenance metadata for all AI-generated media, and preserving legitimate fair uses like parody and satire. The paper details technological solutions including watermarking standards like C2PA, deepfake detection services, and identity graph infrastructure to manage permissions at scale. Implementation strategies cover enforcement mechanisms, global adoption patterns following the "Brussels effect" model, and the need for independent oversight bodies to prevent abuse while fostering innovation in ethical AI applications.
The Hidden Cost of Ephemeral Testing and the Case for Automation¶
June 15, 2025
This analysis reveals how developers practicing Ephemeral Test-Driven Development (ETDD) "write" tests in their mind and execute them with their hands, like scribbling on a whiteboard and erasing it after each use. While this ad-hoc approach feels fast in the moment, it is deceptively expensive over time – each manual test is wasted effort that must be repeated, whereas an automated test can run endlessly at virtually no extra cost. The document demonstrates how teams that embrace capturing these checks as code see compound benefits where every new test makes the next code change safer and faster.
The paper addresses the "metric trap" where teams write minimal or meaningless tests just to satisfy coverage requirements, arguing that the focus must shift from "writing tests for metrics" to "automating tests for insight." It emphasizes investing in test infrastructure and developer experience, highlighting tools like Wallaby.js and NCrunch that provide real-time continuous testing inside the IDE. The analysis incorporates Wardley Map perspectives to balance speed and quality based on project maturity, showing that while Genesis-phase experiments might justify minimal testing, Product and Commodity phases demand comprehensive test suites. Ultimately, the research proves that automated testing is not a tax on development speed but a powerful enabler of sustainable velocity.
Workshop Plan: User-Driven Semantic Persona Graphs Powered by GenAI¶
June 16, 2025
This detailed workshop plan demonstrates how to use Generative AI to build personalized semantic knowledge graphs and generate tailored outputs for different stakeholder personas. The workshop guides technical participants through a multi-phase pipeline of custom GPT-powered assistants that collaboratively transform user input into meaningful insights, showcasing how complex, context-aware solutions can be built by chaining together specialized GPT agents.
The implementation involves six dedicated GPT agents: GPT 1 ingests compliance criteria and designs questionnaires, GPT 2 conducts interactive Q&A interviews, GPT 3 converts raw answers into semantic knowledge graphs, GPT 4 produces comprehensive technical reports, GPT 5 generates persona-specific briefings for different stakeholders, and GPT 6 creates UI prototypes using "vibe coding" techniques. The workshop structure includes a live demonstration of the end-to-end pipeline, hands-on creation of GPTs using provided prompt templates, and discussion of potential improvements like automating data flow between GPTs and serverless deployment. This comprehensive plan with detailed GPT configuration artifacts ensures participants gain concrete understanding of how GenAI can be orchestrated to implement complex workflows, from raw text to knowledge graphs to stakeholder-specific insights and even UI prototypes.
Bridging Niklas Luhmann's Ideas with Semantic Knowledge Graphs and G³¶
June 18, 2025
This briefing introduces Niklas Luhmann's Zettelkasten system and maps its principles to modern Semantic Knowledge Graphs and the G³ (Graphs of Graphs of Graphs) approach. Luhmann, a prolific German sociologist, achieved remarkable productivity through his analog knowledge management method – a slip-box containing 90,000 handwritten notes that served as a "second brain" and thinking partner. The document demonstrates how Luhmann's Zettelkasten was essentially a proto-knowledge graph on paper: atomic notes with unique IDs, densely linked via cross-references, emergent in structure rather than hierarchically organized, and scalable over a lifetime of use.
The research draws technical parallels between Luhmann's half-century-old system and contemporary knowledge graphs, showing how his approach prefigured modern Personal Knowledge Management systems. Cruz's G³ methodology particularly resonates with Luhmann's philosophy of avoiding a single "master ontology" in favor of multiple interconnected perspectives. The paper explores how Luhmann's practices of building knowledge through incremental connections, allowing structure to emerge organically, and maintaining multiple parallel note collections align with modern approaches to semantic graphs, modularity, and federated knowledge systems.
Comparing the EU FED Cloud vs. an Open-Source Federated Cloud Proposal¶
June 18, 2025
This white paper provides a comparative analysis of the EU FED Cloud initiative versus an open-source federated cloud proposal. The EU FED Cloud is a European initiative building a federated, sovereign cloud ecosystem with built-in compliance and security, featuring the ArQiver platform that provides compliance, identity, and workflow backbone. It adopts a three-layer architecture designed to enforce zero-trust security and EU regulatory compliance by default, emphasizing data sovereignty, interoperability, and elimination of vendor lock-in.
In contrast, the open-source sovereign cloud proposal calls for a European cloud infrastructure that is fully open-source and API-compatible with major clouds like AWS and Azure. This approach prioritizes maximum compatibility, allowing developers to migrate applications with minimal code changes while maintaining sovereignty and transparency. The document analyzes key differences: the EU FED Cloud introduces its own framework and APIs focused on compliance-first design, while the open-source proposal emphasizes compatibility-first with existing cloud services. Both approaches aim to empower Europe with sovereign cloud infrastructure, but they cater to different priorities and implementation philosophies.
Empowering the Graph Thinkers in the Age of Generative AI¶
June 18, 2025
This white paper explores how graph thinkers – those who naturally conceptualize information as networks – are being empowered by advances in generative AI. Historically, these creative minds were constrained by technical limitations, requiring heavy implementation, dedicated development teams, or costly graph database infrastructure to realize their visions. The document demonstrates how Large Language Models and AI-assisted development platforms are democratizing the ability to build sophisticated applications without traditional programming, particularly enabling LLMs to serve as ephemeral graph databases.
The research introduces MGraph-DB, a memory-first graph database co-developed by Cruz, and shows how it enables rapid experimentation with graph structures. Through case studies like the ThreatModCon 2025 keynote preparation and MyFeeds.ai project, the paper illustrates how graph thinkers can now leverage AI tools to dramatically compress development timelines without sacrificing quality. The document emphasizes that this democratization of innovation allows anyone with a graph-oriented mindset to turn ideas into tangible models and applications, fostering creativity and problem-solving across domains from business process mapping to enterprise knowledge management.
No Code Development (NCD): A Paradigm Shift Beyond 'Vibe Coding'¶
June 18, 2025
This white paper proposes No Code Development (NCD) as a more accurate and professional term for the emerging paradigm often referred to as "vibe coding." Drawing on Cruz's firsthand experience at ThreatModCon 2025, where he created multiple interactive visualizations and UI tools without writing manual code, the document argues that NCD better encapsulates this workflow's essence: a highly-iterative, feedback-driven process where developers focus on intent and orchestration while AI handles code generation.
The paper examines why "vibe coding" falls short as a descriptor, potentially trivializing the skill involved and failing to communicate that real development work is occurring. Through the ThreatModCon case study, where Cruz was able to make adjustments to UIs up to 5 minutes before his keynote presentation, the document highlights the productivity gains of NCD. It also discusses the "air gap" between NCD and traditional engineering, exploring how context-switching into code disrupts creative flow. The research emphasizes the irony that seasoned software engineers are often the most effective NCD practitioners due to their domain knowledge and prompting skills.
Empowering Workshops with Custom GPTs for GenAI Training¶
June 19, 2025
This white paper explores why custom GPTs are powerful tools for workshops and how they evolved into a commoditized tool in the AI landscape. OpenAI's introduction of GPTs in late 2023 allowed anyone to create tailored versions of ChatGPT for specific purposes, combining a large language model with user-provided instructions, optional domain knowledge, and tool integrations. Within two months of launch, users created over 3 million custom GPTs, demonstrating the demand for accessible AI customization.
The document details key features that make GPTs workshop-ready: pre-loaded expert instructions, custom knowledge bases, integrated tools and skills, user-friendly creation interfaces, auto-generated icons and identities, and easy sharing capabilities. The paper provides a practical workshop plan including prerequisites, introductory demos, hands-on building sessions, iteration and tuning exercises, and use-case discussions. Real-world examples from executive training at financial services firms demonstrate how GPTs transform passive learning into active creation, with participants building functional AI assistants within 45-minute sessions.
Using LLMs as Ephemeral Graph Databases¶
June 19, 2025
This white paper introduces the concept of using Large Language Models as ephemeral graph databases, harnessing an LLM's ability to understand and manipulate structured information without a persistent database. In this approach, the knowledge graph is created dynamically and exists only for the duration of an AI session, constructed at query-time to suit the user's context. The document provides a step-by-step tutorial modeling a cybersecurity risk management scenario, demonstrating how a non-programmer can create and query an ephemeral graph using only an LLM.
The implementation walkthrough shows how to build a risk management graph starting from "User accounts can be compromised" and expanding to include causes (credentials leaked, no MFA), impacts (data exposure, compliance violations, financial losses), controls (password policies, monitoring), and stakeholders (system owners, executives). The paper demonstrates CRUD operations through natural language, showing how users can create nodes, establish relationships, update properties, and query the graph for insights. This approach provides graph thinking capabilities without requiring installation, configuration, or knowledge of query languages like Cypher or SPARQL.
FIST Meets the Semantic Knowledge Graph¶
June 22, 2025
This white paper provides a comparative analysis of how the FIST framework (Fast, Inexpensive, Simple, Tiny) aligns with Cruz's Semantic Knowledge Graph and G³ methodology. FIST, originally coined in the defense acquisition context to promote rapid, low-cost innovation, emphasizes streamlined processes, accelerated timelines, and restrained scope. The document demonstrates how these principles resonate strongly with modern knowledge graph engineering practices, even though FIST emerged in a military-tech context.
The research maps each FIST principle to Cruz's approach: Speed and Agility achieved through automation and real-time LLM interaction, Cost Efficiency through open-source tools and serverless architecture, Simplicity through modular design and user-friendly interfaces, and Small Scale through tiny, focused knowledge graph modules. The paper includes concrete comparisons like the Marine Corps' Harvest Hawk project versus Cruz's Cyber Boardroom risk graph, and the Air Force's Condor Cluster supercomputer versus MyFeeds.ai personalized knowledge system. The analysis concludes that both FIST and the Semantic Knowledge Graph methodology prove that focusing on the smallest effective solution yields better outcomes.
Project Plan: High Street GenAI Learning Hub¶
June 22, 2025
This project plan outlines the creation of a GenAI Learning Hub on town high streets, a modern community space dedicated to making generative AI accessible to all citizens. Inspired by the concept that "Libraries are the only thing left on the high street that doesn't want either your soul or your wallet," the plan envisions a welcoming, café-like environment that demystifies AI technology and empowers citizens to use these tools positively. The hub would serve as a "third place" for creativity and education, anchoring high streets as community learning centers.
The implementation plan details a phased approach starting with foundation and partnerships, moving through pilot operation, refinement and growth, to eventual scale-out and replication. The hub would offer café-style coziness with workstations, open-source AI software, educational content, maker hardware kits, and demonstration zones. Programming includes introductory workshops, themed short-courses, ongoing code/build clubs, guest talks, youth programs, and cross-generational learning events. The business model combines community support, earned income, and sponsorship, operating as a Community Interest Company to ensure the mission remains focused on community benefit.
Data Tests for Neo4j: Bringing Automated Testing to Graph Databases¶
June 25, 2025
This white paper introduces data tests for Neo4j, applying proven software testing principles to graph data itself. Much like unit tests catch code regressions, data tests catch graph regressions – unintended changes to the structure or content of your Neo4j database. The document outlines how to implement them using Python's PyTest and CI/CD pipelines, providing immediate feedback on any change's impact to ensure the data still meets expectations.
The implementation details include defining expected conditions through brainstorming invariants and using past incidents, setting up ephemeral test environments via Docker or Testcontainers, loading synthetic or sampled data for testing, and writing tests using PyTest and the Neo4j driver. The paper provides concrete examples of data tests including schema compliance checks, uniqueness and duplicate detection, referential integrity validation, forbidden subgraph pattern detection, and expected graph metrics verification. Integration with CI/CD pipelines ensures that data tests run automatically on every push or pull request, creating a culture where data integrity is systematically ensured rather than hoped for.
Ephemeral Neo4j Instances for On-Demand Graph Analytics¶
June 25, 2025
This white paper proposes an ephemeral Neo4j architecture for spinning up Neo4j instances on-demand in cloud environments, performing graph computations, then tearing them down. This approach combines the analytical power of graph databases with the cost-efficiency and elasticity of serverless computing, using existing open-source Neo4j as a commodity component deployed and disposed of as needed. The document focuses on AWS implementation using EC2 virtual machines and Fargate containers with Amazon S3 for storage.
The four-stage workflow involves provisioning a new Neo4j instance, initializing and loading data from cloud storage, executing graph transformations and analytics, then exporting results and tearing down the instance completely. The paper details optimization strategies including pre-baked images for faster startup, bulk import for efficient data loading, and automated pipeline integration with CI/CD. Performance considerations address startup latency targets of under one minute, query performance optimization through proper instance sizing, and parallel task execution for scalability. The approach aligns with industry trends toward serverless and on-demand services, as evidenced by Neo4j's own Aura Graph Analytics Serverless offering.
Using Ephemeral Neo4j Instances for a Cybersecurity Risk Graph Scenario¶
June 25, 2025
This tutorial demonstrates how to implement a cybersecurity risk graph using ephemeral Neo4j instances, bridging the conceptual LLM-as-graph approach into practical Neo4j implementation. The document provides step-by-step instructions for recreating the "User accounts can be compromised" risk scenario, showing how to spin up a Neo4j database on-demand, build the graph, perform analysis, and tear it down – providing the full power of a graph database with the flexibility of on-demand usage.
The implementation walkthrough covers creating nodes for risks, personas, and events; establishing relationships to model impacts and causes; expanding the graph with downstream consequences and upstream preventive controls; adding assets and stakeholders to ground the abstract risk in reality; and simulating an incident to test the model. The tutorial includes complete Cypher queries for each step, demonstrating how to query the graph to answer critical questions like identifying at-risk systems, determining potential impacts, notifying appropriate stakeholders, and prioritizing remediation actions. The exercise validates the ephemeral approach for graph analytics, showing how complex graph modeling and querying can be performed without maintaining a permanent database server.