Skip to content

Governance, Trust & Compliance

Making Ægis Machine-Readable in One Session

An AI-era consulting company that isn't machine-readable is a contradiction. Clients evaluating you will use AI to do it. Agents will look up your services, your methodology, your pricing model. If the only thing they find is a wall of HTML, you're invisible to half the evaluation pipeline before the first conversation starts.

So I spent a session making ægis.no properly machine-readable. Not just an LLM-friendly page — actually structured, federated, and cryptographically signed. Here's what I did and what I learned.

From Capable to Trustworthy: How KCP Evolved from Discovery to Governance

AI agents are getting remarkably good at doing things. They read code, traverse APIs, generate summaries, and execute multi-step plans across sprawling codebases. What they are still bad at is knowing what they should not do.

Today, an agent dropped into a new repository does the equivalent of walking into a library and reading every book on every shelf before deciding which one is relevant. This is expensive, slow, and -- in environments where some shelves contain confidential material -- genuinely dangerous.

The AI-Augmented Consultant: Knowledge Infrastructure Before Deliverables

A brief arrives on Friday afternoon. A compliance startup is building an AI-powered scoring engine. They have a working architecture. What they do not have are settled positions on five hard architectural questions. The deadline is Monday.

The question I asked myself was not "how do I answer these five questions?" It was "what knowledge infrastructure do I need to answer them well?"

That reframing is the entire methodology in one sentence.

Software Entropy at Speed

Fast development with AI doesn't just generate features. It generates disorder at the same velocity.

That's the part nobody talks about. The productivity numbers are real — 53,000 lines, 42 features, five phases of code analysis built in a weekend sprint. But every line you write is also a line you haven't reviewed, a boundary you haven't enforced, a vector you haven't considered.

The entropy compounds with the output.

Autonomy at Scale

Over the years I've tried a lot of organisational models. Standups. Retrospectives. Timesheets. Sprint planning. The full suite.

At eXOReaction, we've converged on something different. It's not a framework with a name. It's more a set of positions — things we've decided, and held to, even when they make people uncomfortable.

The LLM Cautionary Tales

In late 2024 and through 2025, we published a series of short horror stories about building with LLMs. Not fictional in the sense of being made up — fictional in the sense of being slightly dramatised versions of things that happen, or will happen, or already have happened to someone you know.

The format was deliberate. Security warnings written as dry checklists get skimmed. Security warnings written as campfire stories get remembered.

Here are all eight tales.

The Organisational Amnesia Problem

Here's a question most organisations can't answer: what was Pump 47's vibration reading before it failed?

Not a complex question. A specific measurement, at a specific point in time, for a specific piece of equipment. But in most asset management systems, if that reading was overwritten when the failure was logged, it's gone. The data archaeology required to reconstruct it — if it's possible at all — involves manual investigation across multiple systems, log files, and human memory.

The same pattern applies everywhere.