AI applications in finance, legal, healthcare, and other regulated sectors.
A .npmignore oversight shipped Anthropic's entire Claude Code source to the public npm registry. The leaked codebase reveals engineering practices that should inform how regulated teams assess their AI toolchain dependencies.
Generic AI leadership optimises for the wrong objective in regulated industries. Three sector-specific scenarios show why defensibility, not accuracy, is the correct architectural goal.
A leaked spreadsheet revealed that GRC platform Delve generated 494 near-identical SOC 2 reports with pre-written auditor conclusions. The EU AI Act's conformity assessment framework was designed to make this structurally impossible.
The barrier to building bespoke legal AI has collapsed. The EU AI Act's compliance obligations have not. Every vibe-coded tool is potentially an AI system, and every builder is potentially a provider.
The EU AI Act determines scope by market reach, not incorporation.
Article 10 requires testing for bias across protected characteristics. GDPR Article 9 restricts processing the very data you need. This tension has no clean resolution.
The EU AI Act is an operational maturity test. For high-risk AI systems, the majority of obligations are engineering obligations. Compliance is architecture, not paperwork.
Even post-Brexit, the EU AI Act has significant implications for UK businesses deploying AI. We break down the extraterritorial reach and what you need to prepare.