Hi, I’m Quinton

Agent Risk Management: Managing Delegated Autonomy Over Time Something that has always amused me in technology is that we keep re-discovering old risk problems and then branding them as new. We did it with distributed systems, cloud, microservices and data platforms. We are now doing it again with AI agents. The vocabulary is new, the demos are impressive, and some of the failure modes are genuinely different, but the underlying management problem is familiar: how do you let a complex system do useful work inside a complex organisation without pretending you can predict every interaction upfront? ...

Clarifying Risk Management concepts: so you can clarify your architecture and processes Something that keeps coming up in conversations about AI, security and governance is that everyone is using the same words, but not always to mean the same things. One person says “compliance” and means security controls. Another says “governance” and means an approval committee. Someone else says “governance” and means policy-as-code in CI/CD. A regulator might say “risk management” and mean a whole organisational system of accountability, challenge, evidence and remediation. An engineer might hear “risk management” and think about threat models, evals, access control, logging and deployment gates. Quite often products list compliance or governance as one of their features, but its a very narrow view or only refers the products internal certification/testing. ...