AI · Authorisation
MCP and the new authorisation surface nobody is reviewing
Model Context Protocol turns every internal API into a tool an agent can call on a user's behalf. The authorisation model most teams ship with is naïve, and the audit log usually proves it.
Email security
AI-assisted phishing: what's actually new
The volume of AI-assisted phishing has gone up; the success rate per attempt has not changed as much as the headlines suggest. The substantive change is the resource asymmetry — and what it means for your defensive program.
AI · Risk
Evals are a risk control. Most AI deployments are missing them.
If you cannot quantify the failure rate of a deployed AI system, you cannot say what its residual risk is — and the regulators are starting to ask. Evals are the discipline that closes the gap, and they are simpler to start than the literature implies.
Browse other topics
Get started
Bring AI risk under board oversight in two weeks.
A thirty-minute discovery call costs nothing. We confirm fit, scope, and timing, then issue a fixed-fee statement of work within two business days.