tag: series.

2026·05·19 The agent age and the analyst in the loop Post 21 of the AI series, and the closing piece. Where this is heading. The agent age has arrived; the analyst is still in the loop; the architectural decisions that made EmilyAI durable are now the wider field's emerging consensus. What I will be writing about next. ai · soc · series · closing 8 min 2026·04·14 Six years of EmilyAI: what we kept, what we changed, what we should have done sooner Post 20 of the AI series. A longer reflective piece. Eight years on from the first sketch of the system that became EmilyAI, six years on from production deployment, the architectural retrospective the series has been building toward. ai · soc · retrospective · emilyai · series 9 min 2026·03·03 DeepSeek and the supply chain of intelligence Post 19 of the AI series. The open-weight reasoning models from DeepSeek and others have changed the supply chain of intelligence. The provenance, licensing, and operational properties of the models you run are now a cyber security question worth taking seriously. ai · supply chain · provenance · series 7 min 2026·01·20 The CSR Bill and AI in cyber: what the regulator now expects Post 18 of the AI series. The Cyber Security and Resilience Bill is moving toward commencement. What it changes for AI in cyber security specifically, what the secondary legislation drafting suggests, and what vendors and customers should be preparing. ai · regulation · csr-bill · series 7 min 2025·12·09 Year in cyber AI 2025: the agentic year that mostly was not Post 17 of the AI series. The 2025 retrospective. Operator agents arrived but mostly in pilot, the determinism property went mainstream in procurement, the regulators caught up, and constrained agency became the named shape. The honest read going into 2026. ai · retrospective · soc · series 8 min 2025·10·28 Frontier AI in CNI: the regulators are paying attention Post 16 of the AI series. The autumn joint statements from the BoE, FCA and HM Treasury on frontier AI and operational resilience signal where financial-services regulators have arrived. The implications for AI in cyber security are sharper than the public conversation suggests. ai · regulation · cni · series 7 min 2025·09·23 The single-tin posture: why we still ship on a Dell Post 15 of the AI series. A single Dell PowerEdge R760, racked at the customer site, running the whole platform — analyst, inference, persistence, audit. The deployment shape the hyperscaler default would have us abandon, and why we have not. ai · soc · deployment · series 7 min 2025·08·05 Determinism and regulatory defensibility, eighteen months later Post 14 of the AI series. The bit-identical-inference property I wrote about in 2024 is showing up in regulatory drafting. What the Cyber Security and Resilience Bill drafting work suggests about how regulators are going to evaluate AI-driven security decisions. ai · regulation · soc · series 7 min 2025·06·24 Agents in production, eighteen months on Post 13 of the AI series. The agent demos at RSA and Black Hat have got slicker. The agent in production cyber operations has, mostly, not arrived. The honest 18-month read on a category whose marketing has run ahead of its engineering. ai · agentic · soc · series 7 min 2025·05·13 Cross-tenant intelligence: the privacy architecture problem Post 12 of the AI series. The architecture that turns one customer's experience into another's protection — without exposing either to the other. The privacy engineering problem nobody in the LLM space is talking about, and EmilyAI's seven principles. ai · soc · privacy · architecture · series 8 min 2025·04·01 Continuous learning at scale Post 11 of the AI series. EmilyAI has been learning from analyst feedback for six years. The LLM-as-frozen-artefact shape gets the operational properties of *the model that improves over time* structurally wrong. What that means in practice. ai · soc · learning · series 7 min 2025·02·18 Computer Use and the operator question Post 10 of the AI series. Anthropic's Computer Use, OpenAI's Operator, Google's Project Astra. The category where AI literally moves the mouse. What this shape changes for cyber operations — and how it reads against EmilyAI's tighter action vocabulary. ai · agent · operator · series 8 min 2025·01·07 Year in cyber AI 2024: what was real, what was not Post 9 of the AI series. The 2024 retrospective. Six security copilots shipped; one major outage reshaped the resilience conversation; reasoning models arrived; agents mostly did not. The honest read going into 2025. ai · retrospective · soc · series 8 min 2024·12·10 The law, the insurance, the incident plan, and the culture that holds it all together Year-end consolidation. Your UK GDPR obligations, cyber insurance, the one-page incident response plan you need, and how to build a security culture that lasts beyond this series. small business · cyber essentials · plain english · series 9 min 2024·11·26 Agentic AI, year one: the demo vs the deployment Post 8 of the AI series. AI agents in cyber operations have been demoed everywhere this year. The agent that actually ships looks different from the demo. The honest read after twelve months — and the shape of agent EmilyAI already is, not by accident. ai · agentic · soc · series 8 min 2024·11·19 Passing it on: to the next director, to your children Part 18 of 18, the closing post. The privacy work you have done over the last two years has to outlive you in the role. How to write it down, how to teach it, and how to make sure the people who inherit it can actually use it. privacy · series · ned · closing 6 min 2024·11·12 AI-powered threats — and the usage policy you actually need AI is making phishing better and deepfake fraud cheaper. It is also a real risk when your own staff paste customer data into ChatGPT. Both sides of the AI coin, and a simple policy that handles both. small business · cyber essentials · plain english · series 6 min 2024·10·22 Building a personal privacy posture Part 17 of 18. Sixteen posts of specifics, condensed into a posture rather than a list. The five sentences that should govern personal privacy for a board director and their household. How to keep it current. privacy · synthesis · ned · series 7 min 2024·10·15 The basics you can pick up and walk away with: physical security and social media Screen locks, premises, disposing of old kit, USB drives, social media account security, and the risks of oversharing. The unglamorous but high-leverage controls that prevent entire categories of attack. small business · cyber essentials · plain english · series 7 min 2024·10·08 Reasoning models: what o1 changes for SOC work Post 7 of the AI series. OpenAI's o1 launched in September with a different model shape — *think longer, reason step by step*. What this means for the SOC, where the gains are real, and where EmilyAI's purpose-specific architecture continues to win. ai · soc · reasoning · series 7 min 2024·09·17 The AI year, deepfakes, and what changes for children Part 16 of 18, last of the five children-focused posts. Generative AI changed what 'a picture of a child' can mean. What parents should be alert to in 2024, what is genuinely new, and the practical conversations that still work. privacy · children · ai · deepfake · series 8 min 2024·09·10 Backups: the only thing that recovers you from ransomware The 3-2-1 rule, what to back up, why testing your backups is more important than having them, and the specific changes that protect backups from modern ransomware. small business · cyber essentials · plain english · series 6 min 2024·08·27 Single-vendor concentration: the CrowdStrike lesson applied to AI Post 6 of the AI series. The July 2024 CrowdStrike outage was not an AI incident, but it tells us a great deal about where the AI-in-security market is heading. Why single-vendor concentration of intelligent agents is a structural risk worth modelling now. ai · soc · concentration · resilience · series 7 min 2024·08·13 Malware and the layered defence Antivirus is necessary but not sufficient. The defence-in-depth approach that actually catches malware — and how it joins up with everything else we have done this year. small business · cyber essentials · plain english · series 6 min 2024·07·23 Hotels, conferences, and public Wi-Fi Part 15 of 18, third and last of the travel posts. The day-to-day mechanics — the hotel network, the conference Wi-Fi, the airport lounge, the coffee shop on the way to the meeting. The small kit and habits that compound over a year of travel. privacy · travel · ned · series 7 min 2024·07·09 Your network: Wi-Fi, routers, and home workers Your router is your only firewall. Here is how to configure it properly, secure your Wi-Fi, set up a guest network, and look after the staff who work from coffee shops and kitchen tables. small business · cyber essentials · plain english · series 6 min 2024·07·02 Open-source models and the on-prem option Post 5 of the AI series. Llama 3, Mistral, Mixtral. The serious open-source LLM era arrived in 2024. What it means for security teams who do not want to send data to a hyperscaler, and how the on-prem path reads against EmilyAI's single-tin posture. ai · soc · open-source · llm · series 7 min 2024·06·11 Patching: the unglamorous lifesaver Why software updates matter, what actually needs updating, and how to make patching manageable for a small business without dedicated IT staff. The vegetables of cyber security. small business · cyber essentials · plain english · series 5 min 2024·05·28 The hexagonal lesson: vendor agnosticism as structure Post 4 of the AI series. Most security AI products are anchored to one vendor's platform. EmilyAI was built in 2018 with a hexagonal architecture that decouples the analyst from the SIEM matrix. Six years on, the choice is paying back in a way I did not anticipate. ai · soc · architecture · series 7 min 2024·05·21 Clean devices and selective sync Part 14 of 18, second of three travel posts. The clean travel laptop and phone, what to put on them, what to leave at home, and how to remain effective without exposing the whole work footprint. privacy · travel · ned · series 7 min 2024·05·14 Email is the front door: spotting phishing and stopping BEC Over 90% of breaches begin with email. How to spot phishing, build a reporting culture, configure SPF/DKIM/DMARC, and prevent the single most expensive small business fraud: business email compromise. small business · cyber essentials · plain english · series 7 min 2024·04·23 International travel and jurisdictional risk Part 13 of 18, first of three travel posts. What actually changes when you cross a border — customs powers over devices, foreign-state interest, the practical implications of which countries you are visiting. Without the paranoid framing. privacy · travel · ned · series 8 min 2024·04·16 Locking the front door: passwords and access Password managers, multi-factor authentication, the principle of least privilege, and the leaver checklist. The single highest-value hour you will spend on cyber security all year. small business · cyber essentials · plain english · series 7 min 2024·04·09 The Copilot-for-security wave: what they actually do Post 3 of the AI series. Microsoft Security Copilot, CrowdStrike Charlotte, SentinelOne Purple, Google Sec-PaLM — the wave of LLM-powered security assistants. What they actually do well, what they do less well, and how the framing reads against EmilyAI. ai · soc · copilot · vendor · series 8 min 2024·03·12 What a cyber attack actually costs a small business The financial number is the smallest part. Operational disruption, reputational damage, and regulatory consequences are the costs that compound. Plus the positive case for getting this right. small business · cyber essentials · plain english · series 5 min 2024·02·27 Deterministic inference: the property the market is losing Post 2 of the AI series. Same input, same output, every time. A property that used to be table stakes in production systems and that LLM-based security tooling has quietly let go of. Why it matters and how EmilyAI is built to preserve it. ai · soc · determinism · series 7 min 2024·02·20 Board portals and document handling Part 12 of 18. Diligent, BoardEffect, Nasdaq Boards, the email-attachment habit, and the moments in board-paper handling when sensitive material is most likely to leak. The practical posture for non-executive directors. privacy · work · ned · board-portal · series 7 min 2024·02·13 Know your enemy: the threats small businesses actually face Phishing, ransomware, social engineering, malware, credential stuffing, insider mistakes, denial of service. The actual menu of threats facing UK small businesses — in plain English, without the drama. small business · cyber essentials · plain english · series 7 min 2024·01·16 Cyber security for the small business: where to start An honest start to a year-long series. What cyber security actually is, why small businesses are targeted, and the five things every small business has that attackers want. small business · cyber essentials · plain english · series 6 min 2024·01·09 AI in cyber: the long view from 2018 Start of a six-weekly series tracking how AI in cyber security is developing through 2024 and beyond — and how each development reads against EmilyAI, the SOC analyst I have been running in production at Hedgehog since 2018. ai · soc · series · emilyai 6 min 2023·12·12 Assistants, drivers, and household staff Part 11 of 18. The people around a senior board director are, for practical purposes, part of the security boundary. The standing rules that protect everyone — the executive, the staff, the relationship — without becoming surveillance. privacy · work · ned · staff · series 7 min 2023·10·17 The board director's public exposure Part 10 of 18. Companies House, LinkedIn, conference speaker lists, the corporate website. The footprint your board role creates whether you want it or not, and the small set of choices that determine how much it reveals. privacy · work · ned · series 7 min 2023·09·12 Financial and identity hygiene at home Part 9 of 18. Credit freezes, the paper post, joint advisors, mortgage and bank communications, the family-office channel. The unglamorous half of personal privacy that, when neglected, costs the most. privacy · home · financial · identity · series 8 min 2023·08·15 Photo backup, family chat groups, and the extended family Part 8 of 18. iCloud, Google Photos, WhatsApp family chats, grandparents on Facebook. The household network you actually live in is wider than the four walls of the house. What to do about it without becoming the family killjoy. privacy · home · series · family 7 min 2023·07·11 Gaming, voice chat, and the communities that look least like social media Part 7 of 18, fourth of five children-focused posts. Roblox, Fortnite, Minecraft, Discord. The environments where British children spend more time than they spend on social media, what the risks actually look like, and what to do. privacy · children · gaming · series 8 min 2023·06·13 Children, social media, and the parent's reasonable role Part 6 of 18, third of five children-focused posts. The conversation about social media most parents avoid, written for the board-director parent who wants to be present without being absurd. privacy · children · social media · series 8 min 2023·05·16 School accounts and edtech: the parent's reasonable role Part 5 of 18, second of five children-focused posts. Schools collect a remarkable amount of data on children. Some of it is necessary; some of it is not. What a board-director parent should ask, and what they are entitled to. privacy · children · school · edtech · series 8 min 2023·04·18 The digital footprint we create for our children before they can speak Part 4 of 18, first of the children-focused posts. The photos, the school records, the birthday Facebook posts, the WhatsApp groups, the smart toys. What we lay down for our children, before they have any say. privacy · children · series · ned 8 min 2023·03·21 The smart-home dilemma Part 3 of 18. Alexa, Ring, the smart thermostat, the smart TV, the connected fridge. The devices you have invited into your kitchen and what they are actually doing while you sleep. privacy · home · iot · series 7 min 2023·02·28 The home network you live on Part 2 of 18. Your home Wi-Fi router is the only thing between everything connected in your house and the rest of the internet. What boards should ask their household to look at this weekend. privacy · home · series · ned 7 min 2023·02·07 Digital privacy for board directors: the eighteen-post version An honest start to a long series. What digital privacy actually means for a board director in 2023, why the home / travel / work boundary is the right framing even though it leaks, and why children deserve four of the eighteen posts. privacy · ned · board · series 6 min