Build 2026 makes agents first-class citizens of the Microsoft stack
Microsoft used [Build 2026](https://blogs.microsoft.com/blog/2026/06/02/microsoft-build-2026-be-yourself-at-work/) to make agents first-class citizens of its stack, and the governance tooling arrived alongside the capability for once. Microsoft IQ, a context layer spanning Work IQ, Fabric IQ, Foundry IQ and Web IQ, is generally available across GitHub Copilot, Foundry and Copilot Studio, grounding agents in Microsoft 365 data through APIs that go live on 16 June. Microsoft Execution Containers enter preview as OS-enforced sandboxes that contain what an agent can touch, and ASSERT plus the Agent Control Specification are open-sourced for standardised agent safety evaluation. The headline for compliance teams is Agent 365: Entra, Defender and Purview extended into a unified control plane where agents get identities, security posture and compliance treatment the way employees do. The framing to take into your next architecture discussion: Microsoft is now assuming organisations will run fleets of agents, and is selling the management layer. If your AI governance still models one user prompting one chatbot, the vendor roadmap has already moved past your risk register.
Read post
OAIC survey finds trust in AI companies has collapsed to 4 per cent
The Office of the Australian Information Commissioner has released its triennial [Australian Community Attitudes to Privacy Survey](https://www.oaic.gov.au/news/media-centre/australians-more-concerned-about-privacy-as-trust-in-ai-languishes,-survey-finds), and the AI numbers are stark. Just 4 per cent of Australians trust AI companies. Only social media platforms rank lower, at 3 per cent. The broader trend is sharpening: 87 per cent of respondents are more concerned about privacy than five years ago, and privacy complaints to the OAIC are up 73 per cent this financial year to date. The survey was run by the Social Research Centre in March 2026 with 1,511 nationally representative adults. Privacy Commissioner Carly Kind noted that "wariness of emerging technologies is increasing, particularly in terms of fairness, accountability and the practical ability to exercise rights." The number worth building strategy on: 68 per cent would be more likely to use digital services if they knew data was handled fairly and responsibly. For any team deploying AI on customer or employee data, the complaint pathway is not a side process. It is part of the control environment, and now a measurable trust asset.
Read post
Mistral puts frontier-class weights on four GPUs with Medium 3.5
Mistral has released [Medium 3.5](https://mistral.ai/news/vibe-remote-agents-mistral-medium-3-5/), a 128 billion parameter dense model with a 256k context window that folds instruction-following, reasoning and coding into a single set of weights. It posts 77.6 per cent on SWE-Bench Verified and 91.4 on the agentic telecom benchmark. Two release details matter more than the benchmarks. The weights are open, [published on Hugging Face](https://huggingface.co/mistralai/Mistral-Medium-3.5-128B) under a modified MIT licence that permits commercial use with carve-outs for high-revenue companies. And the model self-hosts on as few as four GPUs, with API pricing at $1.50 per million input tokens and $7.50 output for those who would rather not. The release also ships Vibe remote agents, asynchronous sandboxed cloud coding sessions that integrate with GitHub, Jira and Slack. For regulated Australian entities weighing data residency, APRA-style vendor concentration questions and exit strategies, a frontier-class model that runs inside your own perimeter is no longer hypothetical. The procurement conversation has a new comparison point.
Read post
ASIC research maps AI spreading through underwriting and claims
ASIC has released new research on financial system innovation, and the AI finding deserves more attention than the headline. The [Innovation in Financial Technology and RegTech report](https://www.asic.gov.au/about-asic/news-centre/find-a-media-release/2026-releases/26-102mr-australia-well-placed-to-unlock-opportunities-from-innovation-in-the-financial-system/), conducted by the Digital Finance Cooperative Research Centre, finds AI becoming embedded in credit underwriting, claims processing, portfolio management and disclosure. That list is the point. These are core decisioning functions, not edge pilots, and each carries consumer outcomes a regulator can test. Chair Joe Longo framed the posture: "ASIC's role is to make sure that when innovation happens, it happens safely and responsibly, with the wellbeing of end consumers at the forefront." The release leans optimistic, noting Australian startups raised over $5 billion in venture capital in 2025, the third-best year on record, with strength in payments infrastructure. Next steps are principles-based regulation through regulatory simplification and industry engagement via the Digital Finance Advisory Panel and targeted roundtables. For risk teams, the message is simple: if AI sits in your underwriting or claims chain, assume ASIC now knows it does.
Read post
Google I/O 2026: agents get desktops, sandboxes and enterprise plumbing
Google's [I/O 2026 announcements](https://blog.google/innovation-and-ai/technology/ai/google-io-2026-all-our-announcements/) had one organising idea: the agent is the product now. Antigravity 2.0 arrives as a desktop app that runs multiple agents on parallel tasks, with a CLI and SDK, and connects to Google Cloud projects under enterprise terms. The infrastructure followed. Managed Agents in the Gemini API provision remote Linux environments where agents reason, plan and execute tools without a developer babysitting the runtime. Gemini Omni, a multimodal creation model, generates video from image, audio, text and video inputs, with SynthID watermarking attached, a provenance detail governance teams should note. Workspace gets the everyday layer: AI Inbox drafting replies, plus Docs Live and Gmail Live voice features rolling out from mid-2026. Gemini 3.5 Pro was flagged as coming next month. For Australian workplaces the practical question shifts from which chatbot to license towards who supervises parallel agents doing real work, on which data, with what logging. The tooling is arriving faster than most operating rhythms.
Read post
ASIC demands urgent cyber uplift as frontier AI raises the threat level
ASIC Commissioner Simone Constant has issued an [open letter to AFS licensees, market participants and their directors](https://www.asic.gov.au/about-asic/news-centre/find-a-media-release/2026-releases/26-092mr-asic-calls-for-urgent-cyber-uplift-as-ai-accelerates-cyber-threats/) calling for an urgent cyber uplift. The trigger is frontier AI: "Cyber risk has entered a new era. The advent of frontier AI models creates opportunity, but also materially increases risk." The language is unusually direct for a regulator: "The clock is at a minute to midnight. If you aren't on top of your cyber resilience already, the time to act and prepare is right now." The letter sets out a 12-point action list covering cyber plan reassessment, critical asset protection, patching, access privileges, third-party risk and using AI defensively, plus four board governance expectations. It is principles-based and model-agnostic, and it frames cyber resilience as a core licensing obligation rather than an IT issue. The operational detail to act on first: ASIC instructs that the letter itself be tabled and discussed at the ultimate board and risk governance committees. If it is not on your next agenda, that is the gap.
Read post
Microsoft discloses prompt-injection flaws that let agents run hostile code
Microsoft has [disclosed two vulnerabilities in its Semantic Kernel agent framework](https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/) that turned prompts into shells. CVE-2026-26030 allowed remote code execution through the in-memory vector store, and CVE-2026-25592 enabled arbitrary file writes via the SessionsPythonPlugin. The demonstration is the part worth briefing upward: a single injected prompt could execute code on the host running the agent, including launching arbitrary programs. Root causes were ordinary engineering sins given new reach by agents, unsafe eval-style string interpolation and over-exposed tool functions without path validation. Patches are available, with fixes in Python semantic-kernel 1.39.4 and later and .NET 1.71.0 and later. Teams running agent frameworks should confirm versions now. The architectural lesson outlasts the patch. Microsoft's own framing belongs in every agentic AI risk register: your LLM is not a security boundary. Anything an agent can touch through its tools must treat tool parameters as attacker-controlled input, because a poisoned document or webpage is all it takes to supply them.
Read post
EU agrees to delay high-risk AI Act obligations to late 2027
EU Council and Parliament negotiators have reached a [provisional Digital Omnibus agreement](https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/) that resets the AI Act's compliance clocks. Obligations for standalone high-risk systems under Annex III, the category covering recruitment and credit scoring, move from 2 August 2026 to 2 December 2027. Product-embedded high-risk systems shift to 2 August 2028. Not everything loosens. The deal adds a new prohibition on AI generation of non-consensual intimate content and child sexual abuse material, with compliance due by 2 December 2026, and cuts the grace period for AI-generated content transparency and watermarking from six months to three. National regulatory sandboxes get until 2 August 2027. Formal adoption is expected before the original August 2026 deadline, [per Bird and Bird's analysis](https://www.twobirds.com/en/insights/2026/digital-omnibus-on-ai-provisional-agreement-reached-at-the-may-trilogue). For Australian organisations selling into the EU, or HR teams benchmarking AI recruitment tools against EU categories, the timeline moved but the direction did not: delayed, not diluted.
Read post
OpenAI makes GPT-5.5 Instant the ChatGPT default, claiming halved hallucinations
OpenAI has released [GPT-5.5 Instant](https://openai.com/index/gpt-5-5-instant/) as the new default model in ChatGPT, replacing GPT-5.3 Instant. The headline claim targets the failure mode professionals care about most: 52.5 per cent fewer hallucinated claims than its predecessor on high-stakes prompts spanning medicine, law and finance, by OpenAI's own evaluation. Benchmark movement is substantial, with AIME 2025 at 81.2 against 65.4 for GPT-5.3, and MMMU-Pro at 76, [as reported by TechCrunch](https://techcrunch.com/2026/05/05/openai-releases-gpt-5-5-instant-a-new-default-model-for-chatgpt/). The personalisation layer is the bigger workplace story: the model can search past conversations, uploaded files and connected Gmail, with visible "memory sources" users can inspect, correct or delete. Rollout starts with Plus and Pro on the web, with Free, Business and enterprise tiers following over coming weeks. In the API it ships as "chat-latest", and GPT-5.3 retires from the paid API within three months. The governance note: a default-model swap means every staff ChatGPT session changed behaviour overnight. Check what connected accounts expose before banking the accuracy gain.
Read post
APRA tells boards AI governance has not kept pace with adoption
The Australian Prudential Regulation Authority has written to all regulated entities on artificial intelligence, and the message is blunt: adoption is accelerating, governance is not. [The 30 April letter](https://www.apra.gov.au/apra-letter-to-industry-on-artificial-intelligence-ai) draws on APRA's engagement with a group of large banks, insurers and superannuation trustees in late 2025. The findings read like an audit of habits. Many entities treat AI risk as "just another technology", missing the distinct behaviour of predictive and adaptive systems. Boards show strong appetite for AI's benefits but are, in APRA's words, still developing the technical literacy required to provide effective challenge. The letter also flags overreliance on vendor presentations and summaries, weak post-deployment monitoring, and gaps in ownership across the AI lifecycle from design to decommissioning. There are no new prudential requirements in the letter. There does not need to be. CPS 230 and CPS 234 already give APRA the hooks. The practical shift for governance teams is from policy packs to evidence packs: per use case, a named owner, risk tier, human review rule and monitoring trigger a board paper can actually show.
Read post
Canberra stands up a tripartite AI Employment and Workplaces Forum
The federal government has stood up an elevated AI Employment and Workplaces Forum, announced by Employment and Workplace Relations Minister Amanda Rishworth at the [AFR Workforce Summit in Sydney](https://ministers.dewr.gov.au/rishworth/afr-workforce-summit-sydney), with the first ministerial-level meeting held the same day. The forum is tripartite: government, employer groups and unions at one table, delivering on a National AI Plan commitment. Its work is organised around five themes: trust, capability, transparency, safety and productivity. The Department of Employment and Workplace Relations is also running a gap analysis of how existing workplace frameworks interact with AI adoption. The sentence HR teams should clip is Rishworth's boundary-setting: "Tripartism does not, and should not, involve a right of veto." Unions get a seat and a voice on workplace AI, not a brake. The minister framed the goal as working out how to capture productivity benefits together rather than litigating each deployment. The signal for employers: consultation expectations on workplace AI are about to firm up, and a forum communique will be an easy benchmark for what good looks like.
Read post
GitHub Copilot scraps premium requests for usage-based AI Credits
GitHub is [moving Copilot to usage-based billing](https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/), retiring premium request units in favour of GitHub AI Credits metered on input, output and cached tokens. The change takes effect from 1 June. Sticker prices do not move, but what they buy does. Pro at $10 a month includes $10 of credits, Pro+ $39 includes $39, Business $19 per user includes $19, and Enterprise $39 includes $39. Code completions and Next Edit suggestions remain unmetered, and organisations get pooled credits with budget controls at enterprise, cost-centre and user level. Existing Business and Enterprise customers receive a promotional uplift of $30 and $70 in monthly credits from June through August. Developer reaction has been blunt, with one widely shared summary: "you will get less, but pay the same price." For engineering managers, the action is arithmetic. Heavy agent-mode users on premium models will burn included credits quickly, so re-baseline the real cost per seat, segment users by actual consumption, and set budget alerts before the first metered cycle lands.
Read post
Federal Court draws a line on AI-generated evidence
A Federal Court judgment handed down in the NSW registry on 22 April 2026 has set the first detailed Australian test for the admissibility of AI-generated evidence. The case, a commercial dispute over contract performance, turned on document briefs that one party had summarised using a commercial generative AI tool and tendered without disclosing the tool, the prompts, or any verification step. Justice Henderson did not exclude AI-assisted material outright. The judgment instead lays out a three-part admissibility test that is likely to travel quickly across other registries. The model and version used must be identified on the record. The prompts and inputs that produced the output must be available for inspection. And a human verification step, performed by a person who can speak to the work, must be capable of being demonstrated. Material that fails any one of the three is open to challenge on weight, and may be excluded outright where reliance is heavy. The practical implication for in-house legal and compliance teams is immediate. Prompt logs are now a discovery item. Treat them like one from today.
Read post
APRA puts AI model risk on every regulated CEO's desk
APRA has written to the chief executive of every regulated entity setting formal expectations for AI and machine learning model risk under CPS 220 and CPS 230. The letter, dated 17 April 2026, names four things APRA wants to see by the end of the financial year. A board-approved model risk framework that explicitly covers third-party AI. A registered model inventory with materiality ratings. Independent validation cadence tied to that materiality. And incident reporting that triggers on degradation, not just outage. APRA also signals it will run thematic reviews on banking and insurance subsets later in 2026, with findings published. None of this is new in spirit. CPS 220 has always covered models, and CPS 230 has covered third-party operational risk since 2025. What is new is that AI is now named, the expectation is written down, and the regulator is going to ask. If your model inventory still lives in a single team's spreadsheet, the next twelve weeks are going to be busy. Boards now own the framework, not just the policy.
Read post
Microsoft splits Copilot into a cheaper everyday tier
Microsoft has restructured Microsoft 365 Copilot pricing for the first time since general availability, introducing a Copilot Standard tier at fourteen US dollars per user per month. The new tier sits beneath the existing thirty-dollar Copilot Pro seat, which remains the full-feature option. The split is the substance. Standard includes chat inside Word, Excel, PowerPoint, and Outlook, plus Teams meeting summaries, plus a monthly cap on agent runs. Pro keeps unlimited agent invocations, image generation through Designer, and the higher model-call ceiling that power users actually consume. Two procurement signals are worth reading. First, Microsoft is publicly conceding what every CFO already suspected. The full thirty-dollar seat is overkill for most knowledge workers, and one-size-fits-all licensing was leaving spend on the table. Second, the Standard tier is positioned to claw deployments back from Google Workspace AI and from leakage to ChatGPT Enterprise. For finance and procurement leads, the move opens a real re-segmentation question this quarter. Map your users to the right tier before the next renewal locks the wrong number in.
Read post
OpenAI and Anthropic reset the enterprise floor price
OpenAI and Anthropic have both raised enterprise floor pricing inside the same fortnight. OpenAI lifted ChatGPT Enterprise minimums by roughly 28 per cent on 4 April, with the new floor applying to fresh contracts and renewals from May. Anthropic followed on 14 April with a roughly 22 per cent increase to Claude Enterprise minimums and a tighter committed-spend tier replacing the old pay-as-you-grow option. The published rationales differ. OpenAI cited inference cost and capacity allocation. Anthropic cited expanded enterprise feature set, including Sydney-based contracting. The pattern, however, is not coincidence. Both vendors are signalling pricing power for the first time since launch. Demand for production-grade enterprise AI is firm, frontier capacity is constrained, and the era of pilot-budget seats is ending. Two practical takeaways for procurement and finance leaders. If your renewal lands within the next ninety days, lock terms now before the floor moves again. If your team is still on a pilot SKU, model the production-tier number into your 2026 budget this week. The benchmark just shifted.
Read post
NSW rewrites its AI procurement playbook for 2026
The NSW Department of Customer Service has published version 2 of its AI Procurement Framework, replacing the 2024 guidance that has shaped most state agency AI buying for the last eighteen months. The headline change is structural. A new mandatory AI schedule now attaches to standard ICT contracts whenever an agency buys a solution that uses generative AI. The schedule requires vendors to disclose model provenance at version level, training data sources at category level, the jurisdiction in which inference happens, red-team evidence specific to the agency use case, and a defined incident reporting obligation. Two clauses have real teeth. Silent model upgrades, where the underlying foundation model changes materially without notice, now trigger an agency exit right with refund. And vendors must provide ninety days notice before any feature deprecation that affects the contracted use case. The framework lands at the point where most agencies are renewing 2024-era pilots into production. If you sell AI into NSW, the RFP questions just got sharper. If you buy AI anywhere, this schedule is a defensible baseline.
Read post
Anthropic plants a Sydney flag aimed at regulated work
Anthropic has opened its first Australian office, planted in Sydney and aimed squarely at enterprise customers and APRA-regulated entities. The launch announcement, published on 9 April 2026, names three priorities. A regional go-to-market team led from Sydney with claims-to-coverage roles posted across compliance, public sector, and financial services. Active conversations with Australian hyperscalers on local inference availability for Claude. And a stated intent to engage with the Australian Privacy Principles, the AI Safety Standard, and APRA prudential settings as part of standard contracting. The substance under the announcement is the data residency conversation. Australian regulated buyers have spent the last two years routing Claude through US contracting and US inference, which has been a friction point in CPS 230 third-party reviews and in any procurement that touches sensitive workloads. A local entity changes the contract surface. Two knock-ons matter for compliance buyers. Procurement now has a real counterparty in country. And the OpenAI versus Anthropic enterprise contest, already sharpening on price, just localised on the trust and assurance dimension that actually decides regulated deals.
Read post
EU AI Act draws first blood with €18m fine
The European Commission has issued the first enforcement action under the EU AI Act. An €18 million fine against a Dutch recruitment platform that shipped a high-risk hiring system into the EU market without a fundamental rights impact assessment, and with bias testing the Commission described as materially incomplete. The decision, published on 4 April 2026, is the first under Article 99 since the Act's high-risk obligations bit on 2 August 2025. Three findings drove the size of the fine. No fundamental rights impact assessment on file at deployment. Bias testing limited to a single protected attribute, with no intersectional analysis. And operator-side logging that the regulator's auditors could not reconstruct from the records held. The platform has indicated it will appeal. The signal is the part Australian operators should read closely. The Commission is not waiting for harm. The penalty is being sized off documentation gaps alone. If you are deploying high-risk AI into the EU under the Brussels effect, the next audit conversation just got more expensive.
Read post
Fair Work Commission drafts mandatory disclosure rules for GenAI filings
The Fair Work Commission has published a [President's statement and draft guidance note](https://www.fwc.gov.au/about-us/news-and-media/news/presidents-statement-and-draft-guidance-use-generative-ai-published) on generative AI in Commission cases, the clearest signal yet of how Australian tribunals will handle AI-written filings. The draft sets three requirements. Parties must state in any lodged document that GenAI was used, with a "Use of GenAI" section to be built into Commission forms. They must verify and declare that all facts, legislation and case law references have been checked. And for witness statements and declarations, the Commission recommends GenAI not be used to create substantive content at all. One detail has teeth: GenAI cannot be used as the verification method. Checking means the Benchbooks, the decisions database, AustLII and the Federal Register of Legislation. The driver is volume. President Justice Hatcher describes an unprecedented GenAI-driven workload increase, from roughly 40,000 cases in 2023-24 towards a projected 50,000 to 55,000 in 2025-26, with total workload expected to grow more than 70 per cent across three years. False declarations engage Fair Work Act offence provisions.
Read post
NSW writes algorithms and AI into work health and safety law
New South Wales has passed the [Work Health and Safety Amendment (Digital Work Systems) Act 2026](https://www.parliament.nsw.gov.au/bills/Pages/bill-details.aspx?pk=18847), the first time digital work systems have been directly addressed in Australian WHS law. The Act received assent on 18 February as Act No 5 of 2026. The definition is broad by design: a digital work system is "an algorithm, artificial intelligence, automation or online platform". A new duty requires persons conducting a business or undertaking to ensure worker health and safety is not put at risk by the way these systems allocate work, naming excessive workloads, unreasonable performance metrics, excessive surveillance and unlawful discrimination. That reach goes well beyond gig platforms. Rostering engines, ticket triage, productivity scoring and automated escalation all shape the system of work. The main provisions commence by proclamation, and SafeWork NSW must first develop guidelines through public consultation. That makes this the preparation window: inventory every tool that allocates, monitors or scores work, and get consultation records in order before the duty switches on.
Read post