Loading…
Category
governance
138 posts in this category.
·9 min read
Anthropic Says AI Could Soon Build Itself: What Recursive Self-Improvement Means for Your AI Governance Policy
Anthropic published research on June 4, 2026 showing Claude now writes 80% of its own codebase, and called for the ability to pause frontier AI development. What recursive self-improvement means for human oversight policies and agentic AI governance.
·10 min read
ChatGPT Memory Upgrade (Dreaming V3): What It Means for Business Privacy and Data Governance
OpenAI''s Dreaming V3 memory update stores persistent user profiles across ChatGPT sessions including business plan users. What teams using ChatGPT need to govern, disable, and disclose under GDPR and CCPA.
·10 min read
California AB 2013 Compliance Guide: What AI Developers Must Disclose About Training Data (2026)
California AB 2013 requires generative AI developers to post 12 categories of training data information on their website before making a system available to Californians. Effective January 1, 2026. What to disclose, who is covered, and the xAI lawsuit that tried and failed to block it.
·10 min read
Amazon KiroRank and Tokenmaxxing: How to Measure AI Adoption Without Creating Perverse Incentives
Amazon shut down its KiroRank AI leaderboard after employees gamed it by running fake tasks to inflate token counts. The right AI adoption metrics measure outcomes, not usage. A practical framework for small teams.
·10 min read
Miasma Worm and Phantom Gyp: The npm Supply Chain Attack That Bypasses Security Tools (June 2026)
A self-spreading worm compromised 57 npm packages in under 2 hours using binding.gyp instead of postinstall scripts, bypassing security scanners. What it means for teams that run npm install, and the 5 controls that limit your exposure.
·10 min read
AI Support Chatbots with Account Actions Are a Security Risk: The Meta Instagram Incident and What Your Team Must Govern (2026)
Hackers social-engineered Meta AI into resetting passwords on high-profile Instagram accounts by simply asking. What the attack means for any team deploying an AI chatbot that can take account actions, and the 6 controls that prevent it.
·10 min read
Reviewing AI-Generated Pull Requests: A Review Policy and 9-Point Checklist (2026)
AI now writes a large share of the pull requests your team reviews. A copy-paste policy and 9-point checklist for reviewing AI-generated PRs, who is accountable, what to require, and where AI code fails review.
·11 min read
AI Spend Governance: 5 Token Budget Controls That Stop Runaway AI Bills (2026)
One company burned $500M on Claude in a month with no usage limits. Five copy-paste controls, usage caps, budget alerts, per-seat limits, a kill switch, and a monthly review, to keep token-based AI billing from blowing up your budget.
·9 min read
Vetting AI Tools: How to Avoid Fake AI Apps and Malware (7-Step Check, 2026)
Searching for popular AI tools now surfaces fake malware sites and typosquatted packages at the top of results. A 7-step vetting check to confirm an AI tool is the real one before your team installs it.
·13 min read
Why Administrative Monetary Penalties Matter for Small Teams
Administrative monetary penalties are reshaping data protection enforcement, giving small teams clearer risk signals and practical compliance steps to stay
·10 min read
40 AI Prompts for Vendor Evaluation (Copy-Paste Ready)
40 copy-paste prompts to evaluate AI vendors on privacy, security, compliance, SLA, and contract terms. Use these in procurement meetings, RFPs, or security reviews.
·9 min read
What Is the EU AI Act? Plain-English Guide (2026)
The EU AI Act is a binding EU law classifying AI systems by risk level. High-risk AI (hiring, credit, medical) faces mandatory audits and registration. In force August 2024, high-risk AI rules apply from December 2027 (extended from August 2026 by the EU Digital Omnibus).
Showing 12 of 138 posts. View full blog archive →