Thinking at the Frontier of Regulated AI
Perspectives on agentic AI, compliance architecture, and what it takes to build AI systems that regulators trust.
What AI Actually Is (and Isn't)
Cut through the hype and the science fiction. A clear, jargon-free definition of artificial intelligence, the different things people mean by the word, how it differs from ordinary software, and what it can really do today.
The Operating Model: Putting It All Together
The final part assembles every thread of the course into a single coherent way of working — how the pieces connect, how to build the capability incrementally, and how to make regulated AI a durable institutional competence rather than a project.
Third-Party and Foundation-Model Risk
Increasingly the model at the heart of your system was built by someone else and is opaque even to you. This part covers governing vendor and foundation models — due diligence, contractual control, and validating what you cannot fully inspect.
Incident Response and Model Failure
AI systems will fail; the question is whether you are ready. This part covers what counts as an AI incident, how to contain and remediate one, the obligations that failure can trigger, and how to learn from it.
Monitoring, Drift, and Continuous Validation
A model that was safe at launch can become unsafe without anything changing in its code. This part covers what to monitor, how drift creeps in, and how monitoring and revalidation keep a system defensible over its whole life.
Deployment, Change Management, and Versioning
The gap between a validated model and a live one is where many failures hide. This part covers deploying safely, ensuring what runs matches what was approved, and controlling the changes that inevitably follow.
Security and Adversarial Robustness
AI systems face attacks that conventional software does not. This part covers the adversarial threat landscape — poisoning, evasion, extraction, inversion, and prompt injection — and how security becomes a governance obligation.
Tooling, Permissions, and Blast-Radius Containment
An agent is only as safe as the permissions behind its tools. This part covers least-privilege design, enforcing boundaries through real access controls rather than instructions, and engineering systems so that a wrong action is survivable.
Agentic AI: Autonomy Under Guardrails
Agentic systems plan, use tools, and act over multiple steps with limited supervision. This part covers why autonomy multiplies both value and risk, and how to bound an agent so it is useful inside a boundary you can define and defend.
Testing and Validation of AI Systems
Validation is the independent judgement that an AI system is fit for purpose. This part covers what to test beyond accuracy, the principle of independence, and why validation is continuous rather than a one-time gate.
Documentation and the Audit Trail
In regulated AI, a control you cannot evidence is a control that does not exist. This part covers what to document, the difference between documentation and a live audit trail, and how to generate evidence as a by-product of operation.
Human-in-the-Loop Design
Human oversight is one of the most relied-upon controls in regulated AI — and one of the most frequently hollow. This part covers how to design oversight that is genuine, where to place it, and how to avoid the traps that make it theatre.