Geordie AI

UC Berkeley's California Management Review outlines five persistent barriers to scaling enterprise AI: • Technical infrastructure • Organizational design • Financial investment • Human factors • Security concerns Our view: Traditional guardrails are insufficient. Enterprises need adaptive security & compliance frameworks anchored by operational observability. CAIO Hanah-Marie Darley shares pragmatic best practices to move through each, so your team can say "yes" to innovation without unleashing risk. Read the blog: https://lnkd.in/gyNbDQTq #AIGovernance #AISecurity

We're proud that our Chief AI Officer Hanah-Marie Darley was on stage this week at the KKR Euro CISO Summit in Paris. Her talk addressed a question many hesitate to ask, but every security leader needs answered: What exactly is an AI agent, and how can teams translate top-down mandates for agentic adoption into safe, operational reality? 3 top takeaways: 1. Generative AI vs. Agentic AI Generative AI transforms inputs into outputs (content, code, summaries); agents act with instructions, pursue goals, and execute actions. AI agents are reasoning engines (often an LLM) equipped with at least one tool. 2. Agentic governance requires explainability Explainability is retrospective: why was a decision made? Behavioural observability is real-time: what’s happening right now? 3. AI agents bring both familiar and amplified risks a. Data exposure, shadow AI, and system sprawl b. Non-deterministic decisions goal drift, and resource misuse c. Complex multi-agent supply chains CISOs need visibility into what AI agents can do, what they’re doing now, and how that changes risk posture as the technology evolves. #AI #AIGovernance #Cybersecurity #Womenintech #CISO

At this week’s KKR CISO Summit, it was clear that security leaders are thinking deeply about how to enable AI safely as business adoption continues to skyrocket. In my session on Securing Agentic Innovation, I shared how AI agents are introducing new patterns of autonomy and decision-making, and why our governance models must now evolve to include behavioural observability and contextual governance. The conversations throughout the Summit reflected a shared ambition to make security a driver of innovation rather than a checkpoint. There’s a growing recognition that the right oversight and controls make progress sustainable rather than slowing it down. It’s an exciting time to be building the foundations for trusted, scalable AI! Thanks so much to Paul Harragan for organising and Accenture for hosting us all! #CISOSummit #EnterpriseAI #AIAgents #CyberSecurity #RiskManagement #AgenticInnovation

Five RCE vulnerabilities disclosed in Cursor IDE over the last week (CVE-2025-59944, CVE-2025-61590, CVE-2025-61591, CVE-2025-61592, CVE-2025-61593) remind us that securing AI agents isn't just about prompt injection defenses or model alignment - it's also about hardening the traditional software stack they run on. Case-sensitivity bugs, workspace file handling, and configuration management might sound mundane, but they become critical when exploited through agentic workflows. As AI-powered dev tools gain production access and autonomy, every legacy weakness becomes a new attack surface. As Geordie AI sees it, agentic security = AI security + software security + supply chain security. All three layers matter. #AIAgents #TaintAnalysis #EnterpriseAI #RiskManagement #Cybersecurity #Observability #SupplyChainSecurity #DevSecOps

NY Geordies 🗽🇺🇸 Awesome week for Toby & I out in New York as a team with our NY Geordies Josh & Juliet, and a heap of time spent with forward-thinking security teams who want to say “yes” to Agentic innovation, without unleashing the risks. Spoiler - Geordie AI can help you there! And to top it off we: - Welcomed another rock star in Juliet (Dachowitz) Galante as our Head of Marketing. When I say Juliet has our signature Geordie energy, I mean she executes so fast, is razor sharp, and oozes the relentless positive energy we pride ourselves on here - and this isn’t her first high-growth rodeo! - Moved into another (ok, tiny!) office in NY. We’re about to move into our 5th office in less than 6 months due to headcount growth. Thanks Fora/WeWork for the flexibility.

Another week, another vulnerable MCP server disclosure: figma-developer-mcp, which incorporates unsanitised user input in command-line strings, possibly leading to command injection and remote execution of arbitrary code https://lnkd.in/eYsJrcVD Yet another example of the tension that exists between early adoption and innovating quickly versus managing the expanded attack surface and security implications for every newly-integrated MCP server — unless you're using Geordie of course! If you're org is using Figma and MCP servers - check whether the figma-developer-mcp tool is in use, and if so, make sure the version is 0.6.3 or higher And if you'd like to know more about some of the techniques we're using to scalably detect these risks, have a read of this article on why AI agents need taint analysis: https://lnkd.in/eQUKAf7b (And credit to the researcher for the original advisory - the brilliant Alessio Della Libera 😉)

Another legend joins the Geordies 🕯️ Thrilled to welcome Toby Wood to the team as Head of Solutions Engineering. Toby will be pivotal as we look to help enterprises say “yes” to Agentic innovation without unleashing the risks. This is a critical role as we lock-in on our mission to ensure our customers get the best experience they’ve had from any security vendor. Ever. There’s no one we wanted more! Toby made an exceptional contribution at Darktrace over the past decade, from leading EMEA’s SE teams to then stepping into a senior role in Product. Anyone who has worked with Toby knows he is both elite + an exceptionally good human. We’re thrilled to have him join the team at Geordie AI! 🤝

Threats to Agents' supply chain are really starting to ramp up with multiple malicious and vulnerable MCP servers disclosed each week. The ecosystem is growing fast with hundreds of thousands of tools that present novel vulnerability scenarios when misconfigured or combined in dangerous ways. This week's most scary was probably the  @lanyer640/mcp-runcommand-server with a reverse shell to grant attackers remote access. This week, like every week, the Geordie AI team added detection for risks across thousands more tools, including malicious tools, vulnerable tools, data leak, damaging actions and more, across dozens of agentic apps, frameworks, and platforms. Getting a handle on where this constantly changing ecosystem is creating risks across your codebases, coding agents, cloud, and SaaS agentic webapps is the challenge we're helping bring under control

No time to die. Taint analysis once kept us safe from SQL and command injection in source code. Today, it can do the same for AI agents — exposing vulnerabilities and hidden risk chains like the ForcedLeak attack which could exploit Salesforce's 'Agentforce'. Read here: https://lnkd.in/eQUKAf7b #AIAgents #TaintAnalysis #EnterpriseAI #RiskManagement #Cybersecurity #Observability

AI explainability and observability aren’t just technical terms anymore. They’re fast becoming board-level priorities. From ML to LLMs to AI Agents, every discipline demands a different approach. And as regulations like the EU AI Act and ISO 42001 take hold, the ability to explain, monitor, and govern systems isn’t optional anymore. In our latest article, Hanah-Marie Darley explores how enterprises can move beyond “black box” uncertainty, why behavioural observability is critical for agents, and how these practices help leaders innovate with clarity and confidence. Read it here 👉 https://lnkd.in/eX4iUP-G #AIAgents #EnterpriseAI #AIAdoption #AIExplainability #AIObservability #RiskManagement