Blog
Field notes on AI governance, written by a practitioner.
Long-form writing for risk, security, and board readers. Framework-anchored, regulator-literate, and informed by what actually happens in mid-market deployments.
AI · Channel security
OpenClaw, WhatsApp and Telegram: the phone-linked AI agent threat model, the attacks already in the wild, and the gold-standard alternatives
OpenClaw lets anyone wire a personal WhatsApp or Telegram account to an AI agent in ten minutes. Bitsight found 30,000 instances exposed on the public internet in a fortnight. This is the architecture, the attacks, the config that breaks it, and the official-API pattern that holds.
AI · Channel security
OpenClaw, WhatsApp and Telegram: the phone-linked AI agent threat model, the attacks already in the wild, and the gold-standard alternatives
OpenClaw lets anyone wire a personal WhatsApp or Telegram account to an AI agent in ten minutes. Bitsight found 30,000 instances exposed on the public internet in a fortnight. This is the architecture, the attacks, the config that breaks it, and the official-API pattern that holds.
AI · Architecture
Long-term memory for agnostic agents: a working architecture on Bedrock AgentCore
Bedrock AgentCore gives you a managed runtime, a long-term memory store, and a deliberately framework- and model-agnostic SDK — which means the agent code stays portable while the memory plane becomes the new audit liability. Here is the architecture that uses AgentCore Memory properly, the governance controls memory-poisoning and Privacy Act obligations force on top of it, and the rollout cadence that keeps the deployment defensible.
AI · Authorisation
OAuth scopes weren't built for AI agents: the delegation model that holds up under prompt injection
OAuth scopes assume a human approves once, an app does narrow work, and the trust horizon is months. AI agents break every part of that assumption. The architecture that holds is a two-principal model with short-lived delegation tokens, ReBAC for structure, ABAC for context, and per-action consent gating destructive operations. Here is the design and the rollout.
Board reporting
Reporting AI risk to the board: a one-page position summary that actually works
What the board actually wants on the AI risk page is the answer to four specific questions. Most AI risk reports answer different questions. Here is the structure that lands, four worked examples by sector, and a template you can lift verbatim.
Platform engineering
Digital employees on the platform: the eight integration decisions nobody briefs
When a business unit deploys a digital employee, the platform engineering team gets the bill, the audit findings, and the on-call ticket — usually without being involved in the decision. The integration decisions that protect both sides are not the ones the AI vendor's solution architect will brief you on.
Privacy Act
The Privacy Act reforms changed the AI compliance baseline. Most organisations have not updated.
The Privacy and Other Legislation Amendment Act 2024 brought a statutory tort, expanded OAIC enforcement, and surfaced automated decision-making in legislation. The AI deployments most Australian organisations are running now sit under privacy obligations they were not designed for.
Stay informed
Get new posts by email.
One email a fortnight. Long-form content only, no promotional sequences. Unsubscribe at any time.
Get started
Bring AI risk under board oversight in two weeks.
A thirty-minute discovery call costs nothing. We confirm fit, scope, and timing, then issue a fixed-fee statement of work within two business days.