{ "version": "https://jsonfeed.org/version/1.1", "title": "Haris Habib", "home_page_url": "https://harishabib.au/", "feed_url": "https://harishabib.au/feed.json", "description": "AI adoption, cloud architecture, and engineering leadership from Sydney.", "language": "en-AU", "authors": [ { "name": "Haris Habib", "url": "https://harishabib.au/about/" } ], "items": [ { "id": "https://harishabib.au/blog/esop-cgt-2026-budget-implications/", "url": "https://harishabib.au/blog/esop-cgt-2026-budget-implications/", "title": "The 2026 Budget Changed the ESOP Question", "summary": "For startup employees holding options, Australia's proposed CGT reform turns a familiar ESOP promise into a harder question: if the company wins, what do we actually keep?", "content_text": "A startup-employee-focused look at how Australia's proposed 2026-27 CGT reform may affect ESOP holders, with a free browser-based ESOP CGT Explorer for scenario modelling.", "date_published": "2026-05-30T00:00:00.000Z", "date_modified": "2026-05-31T00:00:00.000Z", "tags": [ "tech-leadership", "ESOP", "ESS", "startup options", "CGT discount", "cost base indexation", "2026 Federal Budget" ], "image": "https://harishabib.au/images/whiteboard-esop-cgt-2026-budget-implications.svg" }, { "id": "https://harishabib.au/blog/mcp-supply-chain-crisis-why-every-cto-needs-a-gateway/", "url": "https://harishabib.au/blog/mcp-supply-chain-crisis-why-every-cto-needs-a-gateway/", "title": "The MCP Supply Chain Crisis: Why Every CTO Needs a Gateway", "summary": "200,000 vulnerable instances. 60-72% poisoning success rates. ASI04 on the OWASP Agentic Top 10. The Model Context Protocol is having its 'log4j moment' — and the response is not a patch, it is a gateway.", "content_text": "200,000 vulnerable instances. 60-72% poisoning success rates. ASI04 on the OWASP Agentic Top 10. The Model Context Protocol is having its 'log4j moment' — and the response is not a patch, it is a gateway.", "date_published": "2026-05-28T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-mcp-supply-chain-crisis-gateway.svg" }, { "id": "https://harishabib.au/blog/the-supply-chain-moved-upstream/", "url": "https://harishabib.au/blog/the-supply-chain-moved-upstream/", "title": "The Supply Chain Moved Upstream: GitHub, Canvas, and Trivy", "summary": "From 19 March to 26 May 2026, three incidents hit three trusted software surfaces: the editor, the scanner, and the platform. The lesson is not only to patch faster. It is to govern the toolchain.", "content_text": "From 19 March to 26 May 2026, three incidents hit three trusted software surfaces: the editor, the scanner, and the platform. The lesson is not only to patch faster. It is to govern the toolchain.", "date_published": "2026-05-27T00:00:00.000Z", "tags": [ "system-design" ], "image": "https://harishabib.au/images/whiteboard-the-supply-chain-moved-upstream.svg" }, { "id": "https://harishabib.au/blog/apra-cps-230-90-day-engineering-framework/", "url": "https://harishabib.au/blog/apra-cps-230-90-day-engineering-framework/", "title": "APRA CPS 230: The 90-Day Engineering Framework", "summary": "Why many CPS 230 programs are still 5-star, and how engineering teams can get to 10-star proof in 90 days with clearer RTO/RPO mapping, incident triggers, and Board-ready evidence.", "content_text": "Why many CPS 230 programs are still 5-star, and how engineering teams can get to 10-star proof in 90 days with clearer RTO/RPO mapping, incident triggers, and Board-ready evidence.", "date_published": "2026-05-25T00:00:00.000Z", "tags": [ "system-design" ], "image": "https://harishabib.au/images/whiteboard-apra-cps-230-90-day-engineering-framework.svg" }, { "id": "https://harishabib.au/blog/au-fintech-compliance-stack-four-clocks-one-architecture-problem/", "url": "https://harishabib.au/blog/au-fintech-compliance-stack-four-clocks-one-architecture-problem/", "title": "AU Fintech Compliance Stack: Four AI Clocks, One Architecture Problem", "summary": "ASIC's cyber 'minute to midnight' warning, APRA's AI governance gaps, the EU AI Act's 2 August 2026 transparency date, and the DTA's 15 June 2026 mandate all point to the same fintech challenge: one control stack for governed AI.", "content_text": "ASIC's cyber 'minute to midnight' warning, APRA's AI governance gaps, the EU AI Act's 2 August 2026 transparency date, and the DTA's 15 June 2026 mandate all point to the same fintech challenge: one control stack for governed AI.", "date_published": "2026-05-22T00:00:00.000Z", "tags": [ "system-design" ], "image": "https://harishabib.au/images/whiteboard-au-fintech-compliance-stack-four-clocks-one-architecture-problem.png" }, { "id": "https://harishabib.au/blog/eu-ai-act-human-oversight-countdown/", "url": "https://harishabib.au/blog/eu-ai-act-human-oversight-countdown/", "title": "EU AI Act Countdown: Human Oversight Cannot Be A Checkbox", "summary": "With the EU AI Act's 2 August 2026 application date approaching, fintechs need to test whether their human-in-the-loop controls are real, usable, and evidenced.", "content_text": "With the EU AI Act's 2 August 2026 application date approaching, fintechs need to test whether their human-in-the-loop controls are real, usable, and evidenced.", "date_published": "2026-05-19T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-eu-ai-act-human-oversight-countdown.png" }, { "id": "https://harishabib.au/blog/ai-washing-is-the-new-greenwashing/", "url": "https://harishabib.au/blog/ai-washing-is-the-new-greenwashing/", "title": "AI Washing Is The New Greenwashing", "summary": "The SEC's AI-washing actions show a simple pattern for fintech leaders: if you claim AI advantage, you need evidence, governance, and disclosures that match the claim.", "content_text": "The SEC's AI-washing actions show a simple pattern for fintech leaders: if you claim AI advantage, you need evidence, governance, and disclosures that match the claim.", "date_published": "2026-05-15T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-ai-washing-is-the-new-greenwashing.png" }, { "id": "https://harishabib.au/blog/i-gave-an-ai-agent-the-keys/", "url": "https://harishabib.au/blog/i-gave-an-ai-agent-the-keys/", "title": "I Gave an AI Agent the Keys to My Life. Here Is the Trust Architecture.", "summary": "My personal AI agent can read my email, manage my calendar, run scripts, and message people. Handing that much access to an autonomous system is reckless — unless you build the right boundaries first. Here is the architecture that makes it safe.", "content_text": "My personal AI agent can read my email, manage my calendar, run scripts, and message people. Handing that much access to an autonomous system is reckless — unless you build the right boundaries first. Here is the architecture that makes it safe.", "date_published": "2026-05-12T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-i-gave-an-ai-agent-the-keys.png" }, { "id": "https://harishabib.au/blog/one-model-is-the-wrong-default/", "url": "https://harishabib.au/blog/one-model-is-the-wrong-default/", "title": "One Model Is the Wrong Default", "summary": "Most people pick one AI model and route everything through it. That is like hiring one person to be your strategist, your developer, and your data-entry clerk. A well-built agent uses the right model for each job — and the cost difference is enormous.", "content_text": "Most people pick one AI model and route everything through it. That is like hiring one person to be your strategist, your developer, and your data-entry clerk. A well-built agent uses the right model for each job — and the cost difference is enormous.", "date_published": "2026-05-05T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-one-model-is-the-wrong-default.png" }, { "id": "https://harishabib.au/blog/your-ai-agent-needs-a-soul-file/", "url": "https://harishabib.au/blog/your-ai-agent-needs-a-soul-file/", "title": "Your AI Agent Needs a Soul File", "summary": "Large language models are stateless — they wake up with no memory of who they are or who you are. The fix is not a bigger context window. It is a handful of plain text files that give an agent continuity, personality, and judgement across sessions.", "content_text": "Large language models are stateless — they wake up with no memory of who they are or who you are. The fix is not a bigger context window. It is a handful of plain text files that give an agent continuity, personality, and judgement across sessions.", "date_published": "2026-05-01T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-your-ai-agent-needs-a-soul-file.png" }, { "id": "https://harishabib.au/blog/mcp-tool-poisoning-agent-attack-surface/", "url": "https://harishabib.au/blog/mcp-tool-poisoning-agent-attack-surface/", "title": "MCP Tool Poisoning: The Attack Vector Nobody Is Talking About", "summary": "AI agents trust their tools. That trust is now being exploited. The new attack surface is not your servers — it is the instructions your agents receive.", "content_text": "AI agents trust their tools. That trust is now being exploited. The new attack surface is not your servers — it is the instructions your agents receive.", "date_published": "2026-04-28T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-mcp-tool-poisoning-agent-attack-surface.png" }, { "id": "https://harishabib.au/blog/australia-160-billion-compliance-tax/", "url": "https://harishabib.au/blog/australia-160-billion-compliance-tax/", "title": "Australia's $160 Billion Compliance Tax", "summary": "Australian businesses spend $160 billion a year on compliance. That is 6% of GDP. Most of it is manual, fragmented, and completely automatable. Here is where the software opportunity sits.", "content_text": "Australian businesses spend $160 billion a year on compliance. That is 6% of GDP. Most of it is manual, fragmented, and completely automatable. Here is where the software opportunity sits.", "date_published": "2026-04-24T00:00:00.000Z", "tags": [ "tech-leadership" ], "image": "https://harishabib.au/images/whiteboard-australia-160-billion-compliance-tax.png" }, { "id": "https://harishabib.au/blog/agent-identity-who-signs-the-contract/", "url": "https://harishabib.au/blog/agent-identity-who-signs-the-contract/", "title": "Who Signs the Contract When Your AI Agent Does It?", "summary": "AI agents are now managing budgets, filing reports, and executing transactions. Australia's financial law has not caught up. That gap is both a risk and an opportunity.", "content_text": "AI agents are now managing budgets, filing reports, and executing transactions. Australia's financial law has not caught up. That gap is both a risk and an opportunity.", "date_published": "2026-04-17T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-agent-identity-who-signs-the-contract.png" }, { "id": "https://harishabib.au/blog/startup-opportunities-in-australia/", "url": "https://harishabib.au/blog/startup-opportunities-in-australia/", "title": "Where The Best Startup Opportunities In Australia Are Now", "summary": "The strongest Australian startup opportunities are not smaller copies of US software categories. They sit where local pain, strategic capability, trust, and export potential overlap.", "content_text": "The strongest Australian startup opportunities are not smaller copies of US software categories. They sit where local pain, strategic capability, trust, and export potential overlap.", "date_published": "2026-04-14T00:00:00.000Z", "tags": [ "tech-leadership" ], "image": "https://harishabib.au/images/whiteboard-startup-opportunities-in-australia.png" }, { "id": "https://harishabib.au/blog/australia-company-formation-drain/", "url": "https://harishabib.au/blog/australia-company-formation-drain/", "title": "Australia's Company-Formation Drain", "summary": "Australia is excellent at forming AI and deep-tech startups. The harder national test is whether strategic companies can keep an Australian centre of gravity when they scale.", "content_text": "Australia is excellent at forming AI and deep-tech startups. The harder national test is whether strategic companies can keep an Australian centre of gravity when they scale.", "date_published": "2026-04-07T00:00:00.000Z", "tags": [ "tech-leadership" ], "image": "https://harishabib.au/images/whiteboard-australia-company-formation-drain.png" }, { "id": "https://harishabib.au/blog/australia-ai-incubator-us-companies/", "url": "https://harishabib.au/blog/australia-ai-incubator-us-companies/", "title": "Australia's AI Incubator Problem", "summary": "Australia is forming serious AI startups, but a thin growth-stage layer means the best companies can be pulled offshore just as they begin to matter.", "content_text": "Australia is forming serious AI startups, but a thin growth-stage layer means the best companies can be pulled offshore just as they begin to matter.", "date_published": "2026-04-03T00:00:00.000Z", "tags": [ "tech-leadership" ], "image": "https://harishabib.au/images/whiteboard-australia-ai-incubator-us-companies.png" }, { "id": "https://harishabib.au/blog/the-docker-moment-for-ai-agents/", "url": "https://harishabib.au/blog/the-docker-moment-for-ai-agents/", "title": "The Docker Moment for AI Agents", "summary": "AI agents are moving from clever demos to production systems. The important question is no longer only which model to use, but what scaffolding makes agents reliable, observable, and safe.", "content_text": "AI agents are moving from clever demos to production systems. The important question is no longer only which model to use, but what scaffolding makes agents reliable, observable, and safe.", "date_published": "2026-03-31T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-the-docker-moment-for-ai-agents.png" }, { "id": "https://harishabib.au/blog/architecting-cloud-native-aws-gcp/", "url": "https://harishabib.au/blog/architecting-cloud-native-aws-gcp/", "title": "Architecting Cloud-Native Systems with DDD and EDA: AWS vs GCP", "summary": "A strategic guide to using Domain-Driven Design and Event-Driven Architecture on AWS and GCP, with practical service choices, trade-offs, and decision tests.", "content_text": "A strategic guide to using Domain-Driven Design and Event-Driven Architecture on AWS and GCP, with practical service choices, trade-offs, and decision tests.", "date_published": "2026-03-27T00:00:00.000Z", "tags": [ "system-design" ], "image": "https://harishabib.au/images/whiteboard-architecting-cloud-native-aws-gcp.png" }, { "id": "https://harishabib.au/blog/event-driven-architecture-aws-gcp/", "url": "https://harishabib.au/blog/event-driven-architecture-aws-gcp/", "title": "Event-Driven Architecture in Practice: AWS vs GCP", "summary": "A practical guide to building event-driven systems on AWS and GCP, covering EventBridge, Pub/Sub, Eventarc, contracts, failure handling, and real-world operating trade-offs.", "content_text": "A practical guide to building event-driven systems on AWS and GCP, covering EventBridge, Pub/Sub, Eventarc, contracts, failure handling, and real-world operating trade-offs.", "date_published": "2026-03-24T00:00:00.000Z", "tags": [ "system-design" ], "image": "https://harishabib.au/images/whiteboard-event-driven-architecture-aws-gcp.png" }, { "id": "https://harishabib.au/blog/resilience-engineering-cloud/", "url": "https://harishabib.au/blog/resilience-engineering-cloud/", "title": "Resilience Engineering in the Cloud: Building Systems That Survive", "summary": "A practical guide to designing resilient cloud systems on AWS and GCP, with failure modes, circuit breakers, bulkheads, chaos testing, and recovery patterns.", "content_text": "A practical guide to designing resilient cloud systems on AWS and GCP, with failure modes, circuit breakers, bulkheads, chaos testing, and recovery patterns.", "date_published": "2026-03-20T00:00:00.000Z", "tags": [ "system-design" ], "image": "https://harishabib.au/images/whiteboard-resilience-engineering-cloud.png" }, { "id": "https://harishabib.au/blog/ai-maturity-stages/", "url": "https://harishabib.au/blog/ai-maturity-stages/", "title": "Where Are You on the AI Journey? The 4 Stages of AI Maturity", "summary": "A practical maturity model for moving from scattered AI experimentation to governed, measurable, production AI adoption.", "content_text": "A practical maturity model for moving from scattered AI experimentation to governed, measurable, production AI adoption.", "date_published": "2026-03-17T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-ai-maturity-stages.png" }, { "id": "https://harishabib.au/blog/human-ai-partnership/", "url": "https://harishabib.au/blog/human-ai-partnership/", "title": "The Human-AI Partnership: A Framework for Safe Adoption", "summary": "A practical framework for AI adoption that separates where AI should assist, where humans must decide, and how organisations can build trust through verification.", "content_text": "A practical framework for AI adoption that separates where AI should assist, where humans must decide, and how organisations can build trust through verification.", "date_published": "2026-03-10T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-human-ai-partnership.png" }, { "id": "https://harishabib.au/blog/beyond-the-hype/", "url": "https://harishabib.au/blog/beyond-the-hype/", "title": "Beyond the Hype: A Pragmatist's Guide to AI Adoption", "summary": "An optimistic but realistic guide to AI adoption: where AI creates genuine leverage, where it introduces risk, and how leaders can adopt it without losing control.", "content_text": "An optimistic but realistic guide to AI adoption: where AI creates genuine leverage, where it introduces risk, and how leaders can adopt it without losing control.", "date_published": "2026-03-06T00:00:00.000Z", "tags": [ "ai-adoption" ], "image": "https://harishabib.au/images/whiteboard-beyond-the-hype.png" }, { "id": "https://harishabib.au/blog/welcome-neural/", "url": "https://harishabib.au/blog/welcome-neural/", "title": "Architecting the Future: A New Chapter", "summary": "Welcome to a practical knowledge base on modern software architecture, cloud infrastructure, pragmatic AI adoption, and technology leadership.", "content_text": "Welcome to a practical knowledge base on modern software architecture, cloud infrastructure, pragmatic AI adoption, and technology leadership.", "date_published": "2026-03-03T00:00:00.000Z", "tags": [ "tech-leadership" ], "image": "https://harishabib.au/images/whiteboard-welcome-neural.png" }, { "id": "https://harishabib.au/blog/10-star-experience-and-test-cases/", "url": "https://harishabib.au/blog/10-star-experience-and-test-cases/", "title": "The 10-Star Experience: Why Product and Engineering Need Legendary Test Cases", "summary": "Most software is built to pass a 5-star functional checklist. But the products that win design for a 10-star legendary experience, then build the technical test cases to make it feel inevitable.", "content_text": "Most software is built to pass a 5-star functional checklist. But the products that win design for a 10-star legendary experience, then build the technical test cases to make it feel inevitable.", "date_published": "2026-02-27T00:00:00.000Z", "tags": [ "tech-leadership" ], "image": "https://harishabib.au/images/whiteboard-10-star-experience-and-test-cases.png" } ] }