Filings tagged: AI
Practical thinking on security, infrastructure, and AI. No thought leadership for the sake of it.
-
Business as code, not AI as business
· AI Commentary
A new wave of startups is publishing 'AI-native' org charts where seven named LLM agents do most of the work. The first step isn't restructuring around agents. It's making your business legible enough that anything, a new hire, an auditor, or eventually an agent, could read it and act on it. AI can help you get there. Future agent costs are a reason not to skip past it.
-
Your AI policy should say something
· AI Security Commentary
Most AI policies are vendor templates with the company name swapped in. They ban the obvious, permit the vague, and tell you nothing about how the business actually wants AI used. A coherent policy is a short one that takes a position.
-
The NCSC says brace for a patch wave. The NHS is pulling the curtains.
· Security AI Commentary
The NCSC has told UK organisations to prepare for a wave of urgent patches as AI accelerates vulnerability discovery. The same week, NHS England decided the answer was to make its open source repositories private. Only one of those approaches actually fixes anything.
-
AI agents and the shadow AI you already have
· AI Security
Two thirds of UK organisations cannot account for what staff share with AI tools. Now agentic AI is being deployed faster than anyone can govern it. The two problems are the same problem.
-
Sovereign AI is only sovereign if you can actually switch
· AI Infrastructure Commentary
Two-thirds of UK IT leaders say they have an AI exit plan. Nearly half admit switching would seriously disrupt the business. A plan you can't execute is not a plan.
-
Prompt injection is not the new SQL injection
· AI Security Commentary
Schneier and co have reframed prompt injection as 'promptware': a full 7-stage kill chain. The uncomfortable truth: LLMs can't distinguish instructions from data. This isn't a bug you can patch.