Malcolm Groves

AI Strategy

  • The Ghost in the Machine: How Your Unseen Data Will Come Back To Bite You

    The Ghost in the Machine: How Your Unseen Data Will Come Back To Bite You

    Your security strategy is only as good as your inventory, and right now, most of us are flying blind. The recently released IBM Cost of a Data Breach Report 2025 highlights a shift that requires the full attention of both tech leadership and the Board. We love to talk about Zero Trust and Al-driven defence,

    Read more →

  • When AI Starts Acting: The Governance Gap in Singapore’s (actually quite good) New Framework

    When AI Starts Acting: The Governance Gap in Singapore’s (actually quite good) New Framework

    Over the last 18 months, we’ve witnessed a fundamental shift in the AI landscape. We have gone from asking models for information to giving them the keys to our systems. This move from “Generative” to “Agentic” AI is not just a technical upgrade; it is a massive change in our organisational risk profile. The Singapore

    Read more →

  • Why Manual Oversight is Now Your Greatest Systemic Risk

    Why Manual Oversight is Now Your Greatest Systemic Risk

    I’ve spent a lot of my career looking at the friction between how we want to work and how we actually deliver, and I have noticed a recurring issue that has nothing to do with the quality of the applications we build. We are hiring incredibly talented engineers to write high quality code, but we

    Read more →

  • Scaling Governance for AI

    Scaling Governance for AI

    I keep hearing the same dismissal from technical leaders and executives when the topic of AI in the development cycle comes up. They point to issues with code quality, the introduction of security vulnerabilities, or logic that simply doesn’t hold up under pressure. They claim that because a Large Language Model currently performs like a

    Read more →

  • The Governance Blindspot: Mistaking Recklessness for Speed

    The Governance Blindspot: Mistaking Recklessness for Speed

    If there is one mantra that has defined the last decade of tech, it is “move fast and break things.” And looking at the Australian ecosystem right now, we are certainly moving fast. But I worry we are about to break the wrong things. There is a dangerous disconnect playing out in our sector. On

    Read more →

  • The Code We Didn’t Write: Why the “Integrity Crisis” is the Real Story of OWASP 2025

    The Code We Didn’t Write: Why the “Integrity Crisis” is the Real Story of OWASP 2025

    I know it didn’t always feel like it, but with the benefit of hindsight, Application Security used to be a straightforward game. You wrote your code, you ran your scans, you fixed your warnings, and you went home. But lately there has been a shift. Teams aren’t spending their time fixing the code they wrote

    Read more →