AI assurance

AI Agents and Non-Human Identity Risk

When a single ungoverned AI tool gave attackers a path from a Vercel employee’s device into Vercel’s internal systems, and a poisoned VS Code extension let attackers pull roughly 3,800 repositories out of GitHub, the common thread wasn’t a coding flaw — it was an unmanaged non-human identity. With AI agents now driving machine identities to roughly 109 per human inside the average enterprise (CyberArk, 2026), most governance frameworks still treat identity as a human-only problem.

Why Your Organisation Must Own AI Model Risk Management Beyond Traditional Frameworks

Traditional model risk management falls short for AI. Executives and risk managers must recognise AI model risk as a distinct challenge requiring tailored governance, deeper vendor scrutiny, and proactive controls to protect value and trust.

Why AI Risk Management Must Move Beyond Traditional Model Risk Frameworks

APRA and ASIC both issued 2026 letters to industry warning that AI governance hasn't kept pace with adoption, flagging vendor concentration risk and director accountability gaps. ASIC's enforcement action against FIIG shows what inadequate controls cost in practice. This post sets out what to ask your organisation before a regulator asks first.

How to Navigate AI Risk When Your Vendor Changes the Rules

Third-party AI vendor risk is the widest compliance gap in Australian companies, your vendor's model update is now a regulatory event.

Shifting AI Risk Management from Protection to Performance

AI risk management often focuses on defensive controls, but this mindset limits business value and slows innovation. Leaders must reframe AI risk as a tool to enable success, balancing risk and opportunity through clear ownership, tailored evidence, and ongoing assurance.

AI Agents, Non-Human Identity Risk, and the Transparency Problem Leaders Cannot Ignore

A practical AI risk governance article focused on AI agents and non-human identity risk, evidence, ownership, challenge and maturity assessment.

Shadow AI and uncontrolled usage is not leveraging AI

A practical AI risk governance article focused on Shadow AI and uncontrolled staff usage, evidence, ownership, challenge and maturity assessment.

Recent posts

Popular categories