Resources

    Articles and references.

    Reading and frameworks for teams evaluating and governing AI in production.

    A six-axis risk profile with an uneven brand shape inside it, representing the six dimensions of AI risk.
    Blog · Risk Assessment

    What does "AI risk" actually mean?

    When a board asks about AI risk, it is asking more than whether the model scores well. It wants to know what the system can damage, which controls exist, and what evidence shows those controls still work.

    30 June 202610 min read
    A square wave climbing through three release peaks, then halted by a vertical brand bar.
    Blog · Monitoring

    Production AI needs continuous testing

    Stanford counted 362 documented AI incidents in 2025, and the OECD Incidents Monitor recorded a peak of 435 in January 2026. AI can leave the pilot phase, but production teams need evidence that it still works after every model, data, instruction, tool or policy change.

    18 May 20267 min read
    A field of nineteen scattered dots representing the critical ICT third-party providers, three of them enlarged, with a brand dot at their centroid connected by three dashed lines.
    Blog · Regulation

    DORA already covers your AI systems

    If an AI tool helps approve credit, detect fraud, screen transactions or answer customers, it is no longer just a model governance topic. Under DORA, it may also be an ICT asset, a third-party dependency and an incident source.

    14 May 20268 min read
    A model surrounded by six tools, one in brand colour broken off mid-flight, representing an agent action that escaped control.
    Blog · Risk Assessment

    Agents do not give wrong answers. They take wrong actions.

    A chatbot can invent a policy or write a bad answer. An agent can delete data, send emails, place orders or deploy code. That difference changes how security and governance teams should think about risk.

    8 May 20268 min read