Arnaud Drizard

Arnaud Drizard

CEO & Co-founder

Arnaud is the CEO and co-founder of Bastion. He spent close to 7 years at Palantir where he was leading operations and development for France. He now leads Bastion's mission to help startups and SMBs achieve SOC 2 and ISO 27001 compliance through managed services and security automation.

SOC 2ISO 27001Security LeadershipCompliance Strategy

Blog Posts by Arnaud Drizard

BlogSecurity15 min readFeb 20, 2026

OWASP MCP Security Guide: What It Gets Right, What's Missing, and How to Actually Implement It

OWASP released a practical guide for secure MCP server development. We analyze the 8 security domains, highlight what matters most for SaaS companies, and connect it to SOC 2 and ISO 27001 compliance.

Read post
BlogSecurity9 min readFeb 14, 2026

npm Supply Chain Attacks in 2026: What SaaS Engineering Teams Must Know

npm supply chain attacks are no longer theoretical. With Shai-Hulud compromising 796 packages and the September 2025 hijacking affecting 2 billion weekly downloads, SaaS teams need practical defenses beyond npm audit.

Read post
BlogCompliance9 min readFeb 13, 2026

AI Agent Security Guardrails: What SOC 2 and ISO 27001 Certified SaaS Companies Need Now

Compliance frameworks are catching up to AI agents. If you're SOC 2 or ISO 27001 certified and shipping autonomous AI features, here's how to build guardrails that satisfy auditors while enabling innovation.

Read post
BlogSecurity10 min readFeb 13, 2026

AI-Enabled Attack Patterns: What SaaS Companies Need to Know from Google's Q4 2025 Threat Report

Google's Threat Intelligence Group identified three emerging AI attack patterns in Q4 2025: distillation attacks, AI-powered malware, and nation-state AI integration. Here's what SaaS companies need to understand and how to defend against these evolving threats.

Read post
BlogSecurity12 min readFeb 13, 2026

Phishing in 2026: ClickFix, Adversary-in-the-Middle, and AI-Powered Social Engineering

Phishing has evolved beyond Nigerian prince emails. Modern attacks use ClickFix techniques to trick users into running malicious commands, adversary-in-the-middle proxies to bypass MFA, and AI-generated content indistinguishable from legitimate communications. Here's how to update your defenses.

Read post
BlogSecurity23 min readFeb 6, 2026

Supabase Security Best Practices for Production Apps

Learn how to secure your Supabase application with Row Level Security, proper authentication, API key management, and more. Prevent data breaches with this comprehensive security guide.

Read post
BlogSecurity11 min readFeb 3, 2026

Moltbook Data Breach: AI Agent Security Lessons

In January 2026, Moltbook exposed 1.5 million API keys due to a Supabase misconfiguration. Learn what went wrong and how to prevent similar database security failures.

Read post
BlogCompliance10 min readJan 29, 2026

ISO 42001: Do You Need It If You Only Use AI APIs?

Do you need ISO 42001 if you only use AI APIs? Learn the key differences between AI developers and AI consumers for compliance.

Read post
BlogSecurity12 min readJan 27, 2026

Secrets Management 101: Stop Storing Credentials in .env Files

Learn why .env files are a security risk - especially with AI coding agents - and how to implement proper secrets management with tools like Vault, AWS Secrets Manager, and Doppler.

Read post
BlogCompliance13 min readDec 15, 2025

Understanding Shared Responsibility Models with Third-Party Providers

Many B2B SaaS companies misunderstand shared responsibility models when using cloud and SaaS providers, creating security gaps and compliance failures. Learn how responsibility shifts across IaaS, PaaS, and SaaS, and how to document it for SOC 2 and ISO 27001.

Read post

Other platforms check the box

We secure the box

Get in touch and learn why hundreds of companies trust Bastion to manage their security and fast-track their compliance.

Get Started