A Security Claim You Cannot Verify Is Marketing

A security or safety claim you cannot independently verify is marketing, not security. From a collapsed bug bounty to a vulnerability database that can no longer verify its own scores, 2026 has exposed an industry built on assertions. The only disclosure that survives is one a sceptic can check alone.

https://mickai.co.uk/articles/a-security-claim-you-cannot-verify-is-marketing

#SovereignAI #AIGovernance #AIregulation #AuditableAI

Most Blockchains Solve a Problem You Do Not Have

Most blockchain projects answer a question nobody asked, then add fragility the user never wanted. After a year of billion-dollar key compromises and governance captures, here is the one narrow thing a chain is genuinely good at, and why that is all Pantheon does.

https://mickai.co.uk/articles/most-blockchains-solve-a-problem-you-do-not-have

#SovereignAI #AIGovernance #AIregulation #AuditableAI

Security Improves When Someone Is Liable

Security does not improve because people mean well. It improves when failure has a price and that price has an address. The 2025 to 2026 shift in artificial intelligence law moves the bill onto deployers, and a bill you can deny is a bill nobody pays.

https://mickai.co.uk/articles/security-improves-when-someone-is-liable

#SovereignAI #AIGovernance #AIregulation #AuditableAI

Cryptography Is the Easy Part

The algorithms almost never break. Key custody, rotation, and crypto agility do, and 2026 has the receipts. Why a record that must outlast its own keys has to be designed for change from the first line.

https://mickai.co.uk/articles/cryptography-is-the-easy-part

#SovereignAI #AIGovernance #AIregulation #AuditableAI

The Signal That Can Be Spoofed

Critical infrastructure quietly runs on signals that can be faked or lost: satellite time, name resolution, certificate authorities. In 2026 those dependencies started failing in public. Resilience means a record you can verify yourself, with no network and no external authority.

https://mickai.co.uk/articles/the-signal-that-can-be-spoofed

#SovereignAI #AIGovernance #AIregulation #AuditableAI

The Board's Duty to Monitor AI Is Now a Documentation Test

Directors now face Caremark-style exposure for ungoverned artificial intelligence, and the decisive question is whether the board can show documented evidence it treated AI as a board-level risk. The Open Audit Record is that evidence.

https://mickai.co.uk/articles/board-level-ai-oversight-documented-or-it-did-not-happen

#SovereignAI #AIGovernance #AIregulation #AuditableAI

When AI Enters the Control Room, the Record Has to Outlive the Vendor

In 2026 CISA, the NCSC and partners issued joint guidance on integrating AI into the operational technology behind power, water and industry. The unsolved question underneath it: when an AI acts in the control room, who holds a record that survives the vendor and a regulator can replay.

https://mickai.co.uk/articles/control-room-ai-record-must-outlive-the-vendor

#SovereignAI #AIGovernance #AIregulation #AuditableAI

Provenance for a Model You Did Not Train

A February 2026 audit found 95.8 per cent of public models cannot tell you where they came from, even as the European Union Artificial Intelligence Act demands supply-chain evidence. You cannot fix a model's murky origin after the fact, but you can sign what it did at the moment it did it.

https://mickai.co.uk/articles/provenance-for-a-model-you-did-not-train

#SovereignAI #AIGovernance #AIregulation #AuditableAI