Blog
The ESOP Backdown Is Real, But It Is Not a Full Reversal
Treasury's 18 June 2026 consultation paper changes the ESOP story: qualifying innovative startup equity may keep a 50% CGT discount, but only inside a targeted concession with new tests, caps, and uncertainty.
AI Adoption Strategy
The Agent Security Supply Chain: What the Sysdig Intrusion Means for Australian Builders
When 97% of enterprises expect a major AI agent security incident and two-thirds have already experienced one, the question is not whether your agent toolchain will be attacked — it is whether you will see it coming.
What ASIC's AI Risk Radar Means for Your Startup
ASIC has put AI governance squarely on its 2026 enforcement radar. For Australian startups building or deploying AI in financial services, the compliance clock is already ticking — here's what you need to know and what to do about it.
APRA Wants AI Governance Evidence. CPS 230 Is Where They Will Look.
APRA's April 2026 letter demands a step-change in AI governance. For regulated entities that have deployed AI in critical operations, the evidence APRA is asking for lives inside the CPS 230 program — not beside it.
The MCP Supply Chain Crisis: Why Every CTO Needs a Gateway
200,000 vulnerable instances. 60-72% poisoning success rates. ASI04 on the OWASP Agentic Top 10. The Model Context Protocol is having its 'log4j moment' — and the response is not a patch, it is a gateway.
EU AI Act Countdown: Human Oversight Cannot Be A Checkbox
With the EU AI Act's 2 August 2026 application date approaching, fintechs need to test whether their human-in-the-loop controls are real, usable, and evidenced.
AI Washing Is The New Greenwashing
The SEC's AI-washing actions show a simple pattern for fintech leaders: if you claim AI advantage, you need evidence, governance, and disclosures that match the claim.
I Gave an AI Agent the Keys to My Life. Here Is the Trust Architecture.
My personal AI agent can read my email, manage my calendar, run scripts, and message people. Handing that much access to an autonomous system is reckless — unless you build the right boundaries first. Here is the architecture that makes it safe.
One Model Is the Wrong Default
Most people pick one AI model and route everything through it. That is like hiring one person to be your strategist, your developer, and your data-entry clerk. A well-built agent uses the right model for each job — and the cost difference is enormous.
Your AI Agent Needs a Soul File
Large language models are stateless — they wake up with no memory of who they are or who you are. The fix is not a bigger context window. It is a handful of plain text files that give an agent continuity, personality, and judgement across sessions.
MCP Tool Poisoning: The Attack Vector Nobody Is Talking About
AI agents trust their tools. That trust is now being exploited. The new attack surface is not your servers — it is the instructions your agents receive.
Who Signs the Contract When Your AI Agent Does It?
AI agents are now managing budgets, filing reports, and executing transactions. Australia's financial law has not caught up. That gap is both a risk and an opportunity.
The Docker Moment for AI Agents
AI agents are moving from clever demos to production systems. The important question is no longer only which model to use, but what scaffolding makes agents reliable, observable, and safe.
Where Are You on the AI Journey? The 4 Stages of AI Maturity
A practical maturity model for moving from scattered AI experimentation to governed, measurable, production AI adoption.
The Human-AI Partnership: A Framework for Safe Adoption
A practical framework for AI adoption that separates where AI should assist, where humans must decide, and how organisations can build trust through verification.
Beyond the Hype: A Pragmatist's Guide to AI Adoption
An optimistic but realistic guide to AI adoption: where AI creates genuine leverage, where it introduces risk, and how leaders can adopt it without losing control.
Cloud & System Architecture
Your MCP Servers Are Now a CPS 230 Service Provider Problem
When an APRA-regulated entity wires an AI agent to an MCP server, it may have just added a material service provider to its CPS 230 register. Most teams have not noticed. APRA will.
The Supply Chain Moved Upstream: GitHub, Canvas, and Trivy
From 19 March to 26 May 2026, three incidents hit three trusted software surfaces: the editor, the scanner, and the platform. The lesson is not only to patch faster. It is to govern the toolchain.
APRA CPS 230: The 90-Day Engineering Framework
Why many CPS 230 programs are still 5-star, and how engineering teams can get to 10-star proof in 90 days with clearer RTO/RPO mapping, incident triggers, and Board-ready evidence.
AU Fintech Compliance Stack: Four AI Clocks, One Architecture Problem
ASIC's cyber 'minute to midnight' warning, APRA's AI governance gaps, the EU AI Act's 2 August 2026 transparency date, and the DTA's 15 June 2026 mandate all point to the same fintech challenge: one control stack for governed AI.
Architecting Cloud-Native Systems with DDD and EDA: AWS vs GCP
A strategic guide to using Domain-Driven Design and Event-Driven Architecture on AWS and GCP, with practical service choices, trade-offs, and decision tests.
Event-Driven Architecture in Practice: AWS vs GCP
A practical guide to building event-driven systems on AWS and GCP, covering EventBridge, Pub/Sub, Eventarc, contracts, failure handling, and real-world operating trade-offs.
Resilience Engineering in the Cloud: Building Systems That Survive
A practical guide to designing resilient cloud systems on AWS and GCP, with failure modes, circuit breakers, bulkheads, chaos testing, and recovery patterns.
Engineering Leadership
CGT Reform 2026: What Every Australian Startup Founder Must Model
The proposed CGT changes do not just affect tax returns. They change the startup compensation story — and founders who model the scenarios now will hire, retain, and communicate better than those who wait for final legislation.
Australia's Five Compliance Clocks: What Regulated Businesses Must Finish Before 2027
CPS 230 service providers, ASIC digital assets, AUSTRAC AML/CTF, Privacy Act automated decisions, and AI mandatory guardrails. Five regulatory obligations, five evidence gaps, and the same failure mode: a policy that exists but proof that does not.
The 2026 Budget Changed the ESOP Question
For startup employees holding options, Australia's proposed CGT reform turns a familiar ESOP promise into a harder question: if the company wins, what do we actually keep?
Australia's $160 Billion Compliance Tax
Australian businesses spend $160 billion a year on compliance. That is 6% of GDP. Most of it is manual, fragmented, and completely automatable. Here is where the software opportunity sits.
Where The Best Startup Opportunities In Australia Are Now
The strongest Australian startup opportunities are not smaller copies of US software categories. They sit where local pain, strategic capability, trust, and export potential overlap.
Australia's Company-Formation Drain
Australia is excellent at forming AI and deep-tech startups. The harder national test is whether strategic companies can keep an Australian centre of gravity when they scale.
Australia's AI Incubator Problem
Australia is forming serious AI startups, but a thin growth-stage layer means the best companies can be pulled offshore just as they begin to matter.
Architecting the Future: A New Chapter
Welcome to a practical knowledge base on modern software architecture, cloud infrastructure, pragmatic AI adoption, and technology leadership.
The 10-Star Experience: Why Product and Engineering Need Legendary Test Cases
Most software is built to pass a 5-star functional checklist. But the products that win design for a 10-star legendary experience, then build the technical test cases to make it feel inevitable.