Antonio Montano’s Personal Website

tutorial

A Banca d’Italia indicator of cybersecurity vulnerability designed to support creditworthiness evaluation

ArchiMate 4 is not a radical reinvention of the ArchiMate language. It is a deliberate simplification and normalization of a mature enterprise architecture notation. Compared with ArchiMate 3.2, it replaces layers with domains, introduces the Common Domain as a central modeling structure, merges behavior elements across domains, generalizes role and collaboration, moves path into the Common Domain, removes several specialized elements, and introduces multiplicity on relationships. This article…

May 2, 2026

Modified	May 2, 2026
Keywords	ArchiMate 4, ArchiMate 3.2, Enterprise Architecture, TOGAF, The Open Group, modeling languages, metamodeling, UML, MOF, model driven engineering, architecture governance, semantic governance, architecture repository, Common Domain, architecture domains, viewpoints, specialization, profiles, complexity, socio-technical systems, operational evidence, digital transformation

Measuring Cyber Risk in the Italian Corporate Sector

The growing reliance of firms on digital systems has elevated cyber risk from a technical concern to a material source of economic and financial vulnerability. Cyber incidents can disrupt operations, compromise sensitive data, propagate through supplier networks, and generate persistent legal and reputational costs, with direct implications for firms’ cash flows and creditworthiness. Despite these effects, cyber risk remains largely absent from standard credit risk assessment frameworks…

cyber risk, cybersecurity, cyber risk measurement, cyber risk taxonomy, cyber incidents, ransomware, data breach, corporate cybersecurity, cyber resilience, operational risk, credit risk assessment, probability of default, ICAS, Eurosystem collateral framework, Banca d’Italia, financial stability, non financial firms, cyber risk indicator, natural language processing, large language models, text mining, risk analytics, supply chain cyber risk, information security, corporate governance, digital operational resilience

The December 2025 Cyberattack on Poland’s Energy Sector

A detailed reconstruction of the incident, the malware, and the wider significance for energy and OT security

On 29 December 2025, Poland was hit by a coordinated destructive cyber campaign that targeted at least thirty wind and photovoltaic sites, a major combined heat and power plant, and a manufacturing company. The CERT Polska report shows that the operation crossed from enterprise compromise into direct OT sabotage, damaging RTUs, protection relays, HMIs, and serial device servers while also attempting domain-wide data destruction in corporate environments. In the renewable segment, the attack…

Poland cyberattack, energy sector cybersecurity, OT security, industrial cybersecurity, distributed energy resources, DER cybersecurity, renewable energy cybersecurity, BESS cybersecurity, grid cybersecurity, CERT Polska, DynoWiper, LazyWiper, Sandworm, ELECTRUM, Dragos, ESET, IEC 62443, NIS2, Cyber Resilience Act, Terna Grid Code, CEI 0-16, remote access security, VPN security, RTU security, HMI security, critical infrastructure protection, cyber physical systems, grid connection point, GCP, SCADA security, wiper malware, operational resilience

Reclaiming the Namespace: EU Digital Sovereignty in the CVE Ecosystem?

Rebalancing coordination and autonomy: EU digital sovereignty, federated CVE governance, and the conditions for sustainable economic growth

40 min

cybersecurity

position paper

EU digital sovereignty, CVE, vulnerability management, cybersecurity governance, ENISA, MITRE, Root CNA, CVE Program, distributed governance, federated systems, vulnerability disclosure, coordinated disclosure, global namespace, identifier systems, digital infrastructure, Internet governance, interoperability, geopolitical risk, economic resilience, digital autonomy, enterprise architecture, coordination layers

Digital systems inevitably contain vulnerabilities because they are finite constructions operating in an effectively unbounded environment. Managing these vulnerabilities at scale requires more than technical remediation: it requires a way to identify them consistently, refer to them unambiguously, and coordinate action across organizations, tools, and jurisdictions. The CVE Program performs this function by providing a global naming system for publicly disclosed vulnerabilities and by…

Introducing Enterprise Architecture in a Multinational Company: A Roadmap for Building the Discipline from Scratch

Building an architectural capability to guide technological evolution, manage structural complexity, and evaluate transformation trade-offs in large multinational enterprises

64 min

Engineering quantum resistant web authentication through Merkle commitments, transparency logs, and scalable trust infrastructure

Large multinational enterprises rarely develop their technological landscapes through deliberate architectural design. Instead, enterprise systems typically emerge through decades of incremental decisions driven by local operational needs, acquisitions, regional autonomy, and successive waves of technological adoption. While such environments may remain operationally stable for long periods, they often accumulate structural complexity that becomes increasingly difficult to manage when…

Mar 2, 2018

Modified	Mar 14, 2026
Keywords	enterprise architecture, digital transformation, technology governance, enterprise systems, architectural governance, enterprise complexity, architectural roadmap, enterprise integration, data architecture, cloud transformation

Quantum-Safe HTTPS Certificates: Google’s Structural Innovation, Technical Foundations, and Governance Implications

The security of the modern web depends on public key cryptography embedded in the TLS protocol and the Web Public Key Infrastructure. These systems rely primarily on RSA and elliptic curve signatures whose security rests on mathematical problems believed to be hard for classical computers. The emergence of quantum computing challenges these assumptions. Shor’s algorithm shows that sufficiently powerful quantum computers could efficiently solve integer factorization and discrete logarithms…

Mar 5, 2026

Modified	Mar 5, 2026
Keywords	post-quantum cryptography, WebPKI, TLS, Merkle trees, certificate transparency, authenticated data structures, Internet security architecture, quantum resistant cryptography, cryptographic scalability, transparency logs

A Glimpse of Agent Evolution

Intelligence, incentives, and the rise of machine coordination

Recent advances in autonomous AI agents are shifting agency away from isolated systems toward populations of interacting machines governed by coordination structures. This essay examines that transition through two contemporary case studies: Moltbook, a social network designed exclusively for machine-to-machine interaction, and Anthropic’s Project Vend, an experiment in autonomous economic operation. Rather than treating intelligence, reasoning quality, or internal cognition as the primary…

Jan 31, 2026

Modified	Jan 31, 2026
Keywords	autonomous agents, multi agent systems, emergent behavior, economic agency, long horizon autonomy, governance architectures, cultural emergence, informational cascades, moral hazard, observability, network effects, pathological equilibria, algorithmic collusion, human machine interaction, constitutional design, systems agency

Encrypted Cloning and the Exact Boundary of the No-Cloning Theorem

Redundancy without replication in quantum information processing

The No-Cloning Theorem is a foundational constraint of quantum mechanics, prohibiting the deterministic duplication of arbitrary unknown quantum states. This limitation has profound consequences for quantum computing, shaping how information can be stored, transmitted, protected, and recovered. A recent Physical Review Letters paper, Encrypted Qubits Can Be Cloned, introduces a protocol that appears, at first glance, to challenge this constraint by allowing multiple “clones” of a quantum…

quantum computing, quantum information theory, no-cloning theorem, encrypted cloning, quantum encryption, unitary dynamics, quantum channel capacity, antidegradable channels, multipartite entanglement, one-time decryption, quantum storage, distributed quantum systems, quantum secret sharing, entanglement monogamy, quantum summoning, quantum error correction, quantum cryptography, information-theoretic security, quantum key management, recoverable redundancy, unitarity constraints

When Digital Trust Expires: Quantum Computing and the Collapse of Signature-Based Security

How quantum attacks turn long-lived signatures into silent integrity and impersonation risks

111 min

cryptography

cybersecurity

enterprise risk management

quantum computing

From calendar-driven cycles to signal-driven enterprise adaptation

Digital trust infrastructures are built on the implicit assumption that cryptographic hardness is permanent, while the systems and decisions that rely on it are designed to persist for decades. This assumption no longer holds. Advances in quantum computing do not cause visible system failure, but instead invalidate authenticity, integrity, and authority guarantees retroactively by rendering widely deployed signature schemes forgeable. Because signed artifacts, trust anchors, and encrypted data…

Dec 26, 2025

Modified	Dec 26, 2025
Keywords	post-quantum cryptography, quantum computing risk, digital signatures, cryptographic trust, delayed forgery, store now forge later, long-lived trust anchors, supply-chain security, cryptographic agility, quantum readiness, cybersecurity governance, enterprise risk management

From S&OP to Continuous Orchestration: Envisioning the Hybrid Enterprise of Humans and AI Agents

119 min

agents

Designing the continuously orchestrated enterprise

This essay explores the evolution of enterprise planning from traditional Sales and Operations Planning (S&OP) toward a paradigm of continuous orchestration, where humans and AI agents act as co-orchestrators of business activity. Classical S&OP, built on monthly cycles and calendar-driven governance, struggles in today’s environment of constant volatility, where signal latency translates into competitive disadvantage. Continuous orchestration reframes the enterprise as a complex adaptive…

Sep 28, 2025

Modified	Dec 21, 2025
Keywords	S&OP, continuous orchestration, hybrid enterprise, AI agents, CARO, VAOP, tactical vs strategic planning, human–AI collaboration, organizational governance, adaptive systems

From Planning to Orchestration: Reimagining the Enterprise Beyond S&OP

81 min

agents

From Planning Cycles to Organisational Capability: How Integrated Planning Evolves Through Execution, Feedback and Learning

This essay argues that classic S&OP and its enterprise-wide evolution, IBP, are reaching their limits in environments defined by volatility, uncertainty, complexity, and ambiguity. The calendar-bound ontology of plan first, execute later presumes periodic equilibria; today’s enterprises operate in continuous flow. Enabled by AI, IoT, digital twins, and agent-based simulation, planning is dissolving into an always-on, distributed negotiation among humans and digital agents. The paper traces…

Sep 21, 2025

Modified	Dec 20, 2025
Keywords	continuous orchestration, S&OP, IBP, enterprise architecture, VUCA, signal-driven enterprise, rolling forecasts, digital twins, AI agents & automation, IoT, agent-based simulation, cybernetics & feedback loops, governance & decision rights, resilience & adaptability, control towers, concurrent planning, systems thinking, organizational culture, sensemaking, orchestration vs. choreography

Comprehensive Guide to Sales & Operations Planning, Sales & Operations Execution and Master Production Scheduling

180 min

From lofty predictions to real-world clicks: what AI usage data reveals about job impact and the new governance of human–agent organizational models

This essay presents a comprehensive, end-to-end framework for Sales & Operations Planning (S&OP), Sales & Operations Execution (S&OE), and Master Production Scheduling (MPS) as an integrated planning hierarchy that links strategic intent with operational execution. Drawing on academic literature, industry standards, and practitioner experience, it provides a structured guide for organisations designing or formalising these processes from the ground up. The report details objectives…

May 5, 2022

Modified	Dec 19, 2025
Keywords	S&OP, S&OE, MPS, IBP, demand planning, supply planning, capacity planning, forecast accuracy, cross-functional governance, ERP and APS, operational resilience, supply chain execution

Beyond the Hype: What Microsoft’s Copilot Data Really Says About AI at Work

85 min

agents

machine learning

From formal proofs to empirical evolution: re-energizing self-improving AI with the Darwin Gödel Machine

This essay critically examines Microsoft’s recent study on the occupational implications of generative AI, which leverages large-scale Copilot usage telemetry and O*NET task mappings to produce an empirically grounded AI Applicability Score across job families. The methodology’s strengths and limitations are analyzed in depth, emphasizing its departure from capability-first projections toward observed integration patterns. Results reveal uneven adoption: high uptake in information-dense…

Aug 9, 2025

Modified	Aug 10, 2025
Keywords	generative AI, occupational impact, process allocation, AI applicability score, organizational flattening, CARO governance, VAOP, human–agent collaboration, enterprise AI strategy, AI-driven organizational change, task-level AI adoption, agent orchestration, enterprise resource governance, robotics

Darwin Gödel Machine: A Commentary on Novelty and Implications

Autonomous, self-improving artificial intelligence has long been a theoretical aspiration, yet practical implementations have remained elusive because formal proof–based self-modification is computationally intractable. The recently proposed Darwin Gödel Machine (DGM) breaks this impasse by replacing formal proofs with empirical validation and embedding self-referential code rewriting within an open-ended evolutionary framework. This commentary situates DGM historically—tracing a lineage from…

May 31, 2025

Modified	Jun 2, 2025
Keywords	Darwin Gödel Machine, self-improving AI, open-ended evolution, empirical validation, meta-learning, agentic AI, evolutionary computation, recursive self-modification, AI safety, autonomous software engineering

Beyond the Urgency: A Commentary on Dario Amodei’s Vision for AI Interpretability

Exploring the path from sparse features to a global cognitive safety regime

Frontier AI systems are sprinting toward super-human cognition, yet their inner goals and reasoning remain opaque. Building on Dario Amodei’s 2025 call to action, this essay argues that interpretability—an “AI-MRI” capable of revealing latent concepts and causal chains—has become the decisive bottleneck for technical safety, regulation, and public trust. We show why transparency is essential to verify alignment, arm policymakers with concrete evidence, unlock liability-sensitive markets, and…

Apr 25, 2025

Modified	Apr 25, 2025
Keywords	AI interpretability and transparency, AI alignment challenges, cognitive safety frameworks, frontier AI systems, explainable AI

Beyond Human Data: A Critical Examination of Silver & Sutton’s Welcome to the Era of Experience

How experiential learning could turn the world into AI’s ultimate training ground

Artificial‑intelligence research is poised on the brink of what David Silver and Richard S. Sutton label the Era of Experience, a paradigm in which autonomous agents learn primarily from their own, richly grounded interactions with the world rather than from static corpora of human‑generated data. Their white‑paper manifesto sets out an exhilarating vision that promises super‑human competence, scientific discovery, and new social contracts between humans and machines. Yet the manifesto also…

Apr 20, 2025

Modified	Apr 25, 2025
Keywords	experiential AI, reinforcement Learning, autonomous agents, grounded intelligence, AI alignment

Python: Bridging the Gap Between Human Thought and Machine Code

Reflections on Python and English languages

This essay explores Python’s role as an interface language, serving as an intuitive bridge between human cognitive processes and lower-level programming constructs. Through an analysis of Python’s design philosophy, abstraction capabilities, and widespread adoption across various domains, we illustrate how Python functions effectively as an interface between human reasoning and machine operations. Moreover, we discuss Python’s appeal to non-professional programmers, its ability to integrate…

Jun 22, 2022

Modified	Oct 5, 2024
Keywords

Sudoku and Satisfiability Modulo Theories

You can solve it the standard way or… with Python and math

We explore the fundamental concepts of SAT (Boolean Satisfiability Problem) and SMT (Satisfiability Modulo Theories), which are key tools in computer science for solving complex logical and mathematical problems. SAT focuses on determining whether there exists a True/False assignment to variables that satisfies a logical formula, while SMT extends this by incorporating additional mathematical structures like integers, arrays, and functions. We will understand how these tools are used in…

Sep 5, 2024

Modified	Sep 6, 2024
Keywords	satisfiability modulo theories, sudoku

The Relationship Between Category Theory, Lambda Calculus, and Functional Programming in Haskell

The power of compositionality

This post explores the deep connections between functional programming, lambda calculus, and category theory, with a particular focus on composability, a foundational principle in both mathematics and software engineering. Haskell, a functional programming language deeply rooted in these mathematical frameworks, serves as the practical implementation of these concepts, demonstrating how abstract theories can be applied to build robust, scalable, and maintainable software systems. We present…

Aug 10, 2024

Modified	Aug 12, 2024
Keywords	category theory, functional programming, Haskell, lambda calculus

Harnessing Focus: Merging AI and Market Dynamics

The attention paradigm: bridging natural language processing and economic theory

This essay explores the intersection of attention mechanisms in natural language processing (NLP) and attention economics, emphasizing how both fields manage information by prioritizing relevance. Drawing inspiration from William James’s insight that attention shapes our experience, it examines how attention mechanisms in NLP enable AI models to focus on critical parts of input data, improving tasks like machine translation and text summarization. The historical development of these mechanisms…

Apr 19, 2022

Modified	Jul 31, 2024
Keywords

AI as Important as Fire, Generative AI as the Printing Press, Autonomous Agents as the Wheel – What’s Next?

On finding the right metaphors to frame current and future revolutions

We explore metaphors illustrating the transformative impact of artificial intelligence (AI) on human civilization. Sundar Pichai compares AI to fire and electricity, emphasizing its profound potential and dual nature—capable of immense benefits but also presenting significant ethical challenges such as privacy concerns and job displacement. Generative AI is likened to the printing press, democratizing content creation and ushering in a new era of intellectual renaissance, yet raising questions…

Feb 10, 2024

Modified	Feb 11, 2024
Keywords

Color Space Sampling 101

How to uniformly sample a color space?

The evolution of color spaces is a testament to the intersection of art, science, and technology. Each color space has been developed to meet specific needs - from artistic expression and print media to digital interfaces and scientific research. Understanding these spaces is crucial for professionals in fields like photography, design, and digital media, where color accuracy and consistency are paramount.

Jan 27, 2024

Modified	Feb 11, 2024
Keywords

Homomorphic Encryption for Developers

Unlocking data privacy with powerful cryptographic techniques

As data privacy becomes a critical concern in the digital era, cryptographic innovations such as Homomorphic Encryption are paving the way for secure and private data processing. HE allows computations on encrypted data without decryption, enabling privacy-preserving operations across diverse fields like healthcare, finance, cloud computing, and blockchain. This tutorial explores the principles of HE, its different flavors, and its integration with complementary techniques like Differential…

Jun 23, 2022

Modified	Dec 30, 2023
Keywords	cryptography, homomorphic encryption, RSA

Singletons in Python

Ensuring a single instance for shared resources

The singleton pattern is a creational design pattern that ensures a class has only one instance while providing a global point of access to that instance. This post explores the concept of singletons in Python, exploring various implementation methods including naive approaches, base classes, decorators, and metaclasses. We also discuss the advantages and disadvantages of using singletons, their impact on design principles like the Single Responsibility Principle, and provide thread-safe…

Mar 8, 2018

Modified	Dec 11, 2023
Keywords

View all longforms →

Posts

Short, occasional notes and observations shaped by ongoing curiosity.

Code Sovereignty Starts with the Forge

Why the Dutch government’s Forgejo-based code platform matters for European digital sovereignty

software

Digital sovereignty is usually discussed in terms of cloud platforms, data spaces, artificial intelligence, cybersecurity, and strategic autonomy. Yet every digital public service ultimately depends on a more fundamental layer: the infrastructure where source code is written, reviewed, stored, released, and maintained. This article analyses the Dutch government’s Forgejo-based code.overheid.nl platform as a concrete example of sovereign software-development infrastructure. Using only official…

Apr 30, 2026

Inside the data.gouv.fr MCP server and the new interface stack for public data

Apr 30, 2026

The French state becomes machine readable through an AI layer

machine learning

France’s experimental MCP server for data.gouv.fr is more than a technical connector. It signals a broader shift in how a state can expose public information in the age of AI. Rather than limiting access to web pages for humans and APIs for developers, the French open data platform is beginning to add a third interface layer: a standardized machine readable protocol through which AI agents can search datasets, inspect metadata, discover public APIs, and query part of the national open data…

Apr 18, 2026

From a French workstation migration signal to the broader European effort to regain control over critical digital infrastructure

Apr 18, 2026

France’s Linux Desktop Turn and the European Logic of Digital Sovereignty

France’s announced move from Windows toward Linux based public sector workstations is not merely a desktop migration story. It is a visible manifestation of a deeper strategic objective: reducing structural dependence on extra European digital platforms and rebuilding operational control over critical layers of the state’s information systems. This article examines what the official French sources actually say, distinguishes formal commitments from extrapolation, and situates the initiative…

Apr 12, 2026

An analysis of the Google and Oratomic results on Shor’s resource estimates and their implications for the convergence of quantum circuit optimization, error correction, and hardware architectures

Apr 12, 2026

Quantum Cryptography at the Edge of Feasibility: Resource Estimates, Architectural Divergence, and Systemic Risk

Recent results from Google Quantum AI and from Oratomic, Caltech, and Berkeley have significantly refined the quantitative understanding of the quantum threat to public-key cryptography, shifting the discussion from theoretical possibility to explicit engineering resource estimates. This article analyzes these developments from first principles, distinguishing between logical and physical qubits, circuit complexity, and error-correction overhead, and examining how improvements at each layer…

Mar 31, 2026

Why trust expires before systems fail, and how early remediation becomes a strategic program rather than an emergency rewrite

Apr 11, 2026

Quantum Computing Threats and the Advantage of Acting Now

Quantum computing does not need to break your systems to break your trust. The risk arrives as retroactive forgery, long lived key abuse, and evidentiary collapse. This article explains the threat mechanics and shows why starting remediation today is an opportunity to build agility and reduce future overhaul costs.

Dec 31, 2025

Why generative AI forces a redefinition of mastery, agency, and human value

Dec 31, 2025

Beyond De-Skilling: Intelligence Explosion and the End of Skill as a Stable Category

A critical commentary on The Atlantic’s The Age of De-Skilling, arguing that the article underestimates the paradigm shift introduced by accelerating artificial intelligence. Rather than a story of skill erosion, this post frames AI as an intelligence explosion that dissolves skill as a stable category and forces a redefinition of human mastery, agency, and accountability.

Dec 24, 2025

From psychological theory to machine learning architectures

Dec 24, 2025

What Is a World Model?

machine learning

The concept of a world model describes the ability of an intelligent system to internally represent the structure and dynamics of its environment in order to predict future states and evaluate the consequences of actions. Although the term is widely used in contemporary machine learning and robotics, its conceptual origins lie in earlier work in philosophy, psychology, and neuroscience. In 1943, Kenneth Craik proposed that intelligent organisms carry a “small scale model” of external reality…

Dec 7, 2025

How I blend enterprise architecture, technology, and interim leadership to transform organizations

Dec 8, 2025

Architecting Change

digital transformation

interim management

A deep reflection on my work as an interim manager and enterprise architect, where urgency, systems thinking, and human leadership intersect. I show how architecture, technology, and culture blend into transformation that is both immediate and sustainable.

Apr 20, 2025

How a barely noticed update triggered forgotten emotions

Apr 20, 2025

Simulating Tethered Buoy Dynamics

mathematical modeling

personal life

research

This reflection examines the design and simulation of a tethered buoy system, an enterprise bridging nearly inextensible cables, quaternion-based orientation, and implicit time-stepping. It traces the technical challenges and day-to-day engineering realities of merging advanced finite element concepts with real-world ocean conditions. Through the interplay of mixed methods and iterative solvers, supported by the vibrant research community at MOX, it recounts the milestones, hurdles, and…

Feb 20, 2025

Feb 20, 2025

Quantum computing does not break cryptography in general; it selectively collapses the mathematical assumptions underlying modern public key systems. This distinction is frequently obscured in discussions that conflate encryption, authentication, and key distribution, leading to misplaced expectations around so-called quantum-safe solutions. This article clarifies the respective roles of Quantum Key Distribution (QKD) and post-quantum cryptography (PQC), demonstrating that they address…

Jun 23, 2023

Why x plus y greater than z turns quantum readiness into a present day governance problem

Jul 1, 2023

Cybersecurity in an Era with Quantum Computers: Interpreting Mosca’s Risk Inequality

A commentary on Michele Mosca’s 2018 paper that formalizes quantum cyber risk as an inequality: security shelf life plus migration time versus cryptographic collapse time. The piece introduces quantum computing threats, explains the inequality in plain terms, and derives concrete implications for enterprise and institutional governance.

Dec 8, 2019