Andrew Bullen

Head of AI Security at Stripe. ~10 years at Stripe (per his own remarks at [un]prompted, March 2026).

Contributions in this wiki

• Breaking the Lethal Trifecta (Without Ruining Your Agents) — [un]prompted, March 4, 2026. Coined the Lethal Bifecta (untrusted-content + sensitive-action) as the write-side analogue of Willison’s trifecta; presented Stripe’s containment architecture (Smokescreen + Toolshed + ToolAnnotations + CI-time egress checks).

Notable framing

“Step one is the threat model, step two is the mitigation, but importantly, step three is figuring out how to put in place the mitigation in a way that the business still can achieve its goal.”

Most of his published-talk content is on step three — adoption-friendly versions of architectural prompt-injection controls. The deterministic-controls-over-detective-controls hierarchy he stated in Q&A is the load-bearing methodological position.

External

LinkedIn: linkedin.com/in/arbullen (per the closing slide).

Stub

No prior public writing tracked here yet. If a Stripe engineering blog post or follow-up disclosure surfaces, file as a separate source and link back.