Frontier LLMs have collapsed the bug-to-exploit window from five months to ten hours, and agents have become a brand new attack surface. Here is what Australian regulated businesses need to do this quarter, and how it maps to the Essential Eight, CPS 234 and the Privacy Act reforms.

When an AI system is involved in a security incident, standard incident response procedures are not always adequate. Here is how Australian businesses should approach AI-specific security incidents, from detection through to recovery and reporting.

CPS 230 is reshaping how businesses approach AI and automation in regulated sectors. This article explains what the APRA standard means for operational resilience, governance, and third-party oversight — and how organisations can use it as a springboard for innovation rather than a hurdle.