Architecture decisions, governance gaps, and what really goes wrong when enterprises deploy AI — from real projects.
The usual AI architecture puts the frontier model at the center and a local one as a stopgap behind it. This piece flips the dependency around: the local model becomes the foundation, the frontier model the teacher that makes it better through distillation and works itself out of the critical path by design — for a risk profile a regulated company can actually take responsibility for.
Why an AI that knows nothing about your business is the safer choice: instead of training knowledge into the model, the agent receives only the data of the one case it's handling per request. The real work isn't in data access — it's in controlling what the agent is allowed to pass on: Dissemination Control.
Chaotic free-text fields are nearly impossible to clean with conventional means. How a local LLM (Ollama/Qwen) recognises context, a regex reverse-check catches hallucinations, and the data stays GDPR-compliant without ever leaving the company network.
Authentication and authorisation aren't enough for AI agents with tool access. This post explains the missing third layer — Dissemination Control — and a four-tier architecture to implement it incrementally.
An AI agent wiped an entire production infrastructure. The industry responded by stripping agents of access — and misses the point entirely. The real fix is architectural.
A practical evaluation of automated PII anonymization for LLM pipelines: spaCy vs. Flair (via Microsoft Presidio) on German business texts, including the limits of contextual personal references and a recommended approach (regex + NER + documented residual risk).
AI agents are not autonomous pipelines — they are team members with defined roles, permissions, and boundaries. A practical report on dissemination control, persona agents from real customer data, and the architecture that makes collaboration between humans and AI secure.
AI assistants can bypass permission boundaries by mixing information from different project contexts. This article shows through a real scenario why context separation matters more than the choice between MCP and API — and which three architecture approaches solve the problem.
RAG on enterprise data rarely fails because of the model — it fails because of access control. An architecture guide on chunk-level permissions with OPA, GDPR masking, and the structural conflict between data protection and AI usage.
Why most risks of using AI are scaled versions of familiar enterprise problems — and why that's good news.