You've been asked to publish security guidelines for engineering teams building internal services and AI-enabled features. The goal is not just to create a correct document, but to produce guidance that teams will actually use in design reviews, implementation, and release decisions.
How do you write security guidelines that other teams will actually adopt?