The Atwood blog

Notes on intelligence, design, and governance.

Field notes from building governed AI for regulated organizations — standards, frameworks, workflows, security, and where the work is going. Long-form, with examples.

New to the terminology? Start with the AI glossary — industry jargon in plain English →

Risk

What breaks when you roll out Claude without a governance layer

Claude is excellent. Pointing it straight at your data and your systems, with nothing in between, is a liability. Here is exactly what goes wrong — and how a governed gateway fixes each one.

Read article →
Risk

Where your data actually goes: training sets, retention, and leaked keys

Two quiet ways a careless AI rollout leaks your crown jewels — your prompts becoming training data, and your API keys escaping. Here’s how each happens, and how to stop it.

Read article →
Strategy

You don’t need an AI team — you need the outcomes of one

Hiring a Chief AI Officer and a bench of ML engineers is out of reach for most organizations. The outcomes they’d deliver don’t have to be.

Read article →
Strategy

Why AI pilots stall before production

The demo dazzles, leadership is sold, and then nothing ships. The gap between a pilot and a production system is governance, integration, and ownership — and it’s where most AI initiatives quietly die.

Read article →
Point of view

Long-horizon agents are the next wave of professional work

Chat was the demo. Agents that run for hours or days — and the professionals who supervise them — are the product. What changes, and why governance is the unlock.

Read article →
Future of work

The disappearing first rung: AI and entry-level work

Routine entry-level tasks are the first to be automated — a real disruption to how people learn a profession and how organizations build their talent pipeline. The response isn’t fear; it’s moving people up to supervise the work sooner.

Read article →
Point of view

AI-native operations: redesign the workflow, not just the tool

Bolting a chatbot onto an unchanged process gets you a rounding error. The real gains come from redesigning the work around what agents do well — and what humans do best.

Read article →
Architecture

Using multiple LLMs to do complex work — privately

No single model is best at everything, and routing everything to one public API is a privacy liability. How to get both quality and privacy, with examples.

Read article →
Engineering

A field guide to AI model types — and when to use each

“AI model” isn’t one thing. There’s a whole toolbox — language, reasoning, small, multimodal, embedding, image, and speech models — and good systems use several together.

Read article →
Architecture

The open-weight model landscape — a mid-2026 snapshot

Open-weight models now rival the closed frontier, and you can run them in your own environment. Here’s how to evaluate them, the current leaders, and the licensing fine print — as of mid-2026.

Read article →
Strategy

You don’t need a perfect data warehouse to start with AI

The two-year data-warehouse project is the most expensive way to delay AI value. Governed agents can work your data where it already lives — today.

Read article →
Engineering

RAG, fine-tuning, or better prompts? Choosing the right lever

There are three ways to make a model fit your work — context, retrieval, and fine-tuning. Most teams reach for the expensive one first. Here’s when each is the right call.

Read article →
Point of view

Agents aren’t automation — and the difference matters

“AI automation” makes it sound like fancier macros. Agents reason, sequence, and adapt — and that difference completely changes what you can hand them.

Read article →
Governance

ISO 42001: the AI management system standard, explained

The world’s first certifiable standard for managing AI — what it actually requires, clause by clause, and how to build toward it without boiling the ocean.

Read article →
Governance

NIST AI RMF and ISO 42001: two frameworks, one program

The US risk framework and the international standard are constantly framed as competitors. They’re layers of the same program — here’s how they map, with examples, and why building both is one job.

Read article →
Security

Securing AI applications: the OWASP LLM Top 10

Prompt injection, data leakage, insecure output, excessive agency — the real ways LLM apps break, walked through with examples, and the gateway controls that contain each one.

Read article →
Engineering

AI development workflows that actually ship

How to build with AI in the loop — dramatically faster, without shipping confident nonsense. The practices, the orchestration model, and the pitfalls, with examples.

Read article →
Architecture

Drawing systems people can actually read: the C4 model

Most architecture diagrams confuse more than they clarify. The C4 model fixes that with four levels of zoom — context, containers, components, code.

Read article →
Architecture

The Well-Architected lens, applied to AI systems

The cloud Well-Architected frameworks predate the AI boom — but their pillars map cleanly onto what a governed AI system actually needs.

Read article →
Delivery

Shaping the work instead of estimating it

Fixed time, variable scope, and bets instead of backlogs. Why we scope engagements around appetite — not guesses — especially when the work involves AI.

Read article →
Design

The Laws of UX, applied to mobile and AI

Classic UX laws (via lawsofux.com) still govern whether an experience works — and AI raises the stakes on every one of them. A practical walkthrough, with examples.

Read article →
Framework review

IBM Enterprise Design Thinking: a framework review for AI teams

The Loop, the Keys, and the Principles — where IBM’s framework genuinely helps build AI products, where it falls short, and the AI-specific extensions every team needs.

Read article →
Capabilities

The skill sets we bring to your industry

Governed, ready-to-tailor capabilities for the work your team actually does — with concrete examples by industry, and how each one is governed.

Read article →