The new financial year started. Your prompts did not.
Most teams treat ChatGPT like a vending machine. Ask a question, take the answer, walk away. Next week they open a blank window, re-explain who they are, re-paste the same context, and get a slightly different answer. That is not leverage. That is a treadmill, and it quietly caps how good the output can ever be.
A project space changes the shape of the relationship. Instead of a thousand disconnected chats, you get one workspace that knows your team, holds your reference documents, remembers what you decided, and stays on task for a full twelve months. July is the moment to build it. The Australian financial year has just reset, every team is writing a new plan anyway, so build the plan inside the tool that will help you deliver it.
This edition does two things. First, it reviews an extraordinary June for AI, because the month's events change how you should think about relying on these tools. Then it gives three teams a full playbook: health, safety and wellbeing (HSW), workers compensation (WC), and governance, risk and compliance (GRC). Each gets its own strategy build, KPI monitor and everyday prompts, grounded in the regulation that governs it.
June 2026 in review
June was the month a government reached into a model's off switch. Anthropic launched two frontier models, Claude Fable 5 and Claude Mythos 5, on 9 June. Within three days the United States switched them off. On 12 June, citing national security and export-control powers, the US government directed Anthropic to suspend all access to both models for any foreign national anywhere in the world, including Anthropic's own foreign-national staff. Reporting attributes the directive to the Commerce Department, coordinated by Secretary Howard Lutnick, who is named on the conditions for lifting it. The reported trigger was a jailbreak that could unlock the advanced cyber capabilities in the Mythos architecture, turning a consumer product into something closer to an offensive cyber tool. Anthropic argued the vulnerability was narrow rather than universal, took both models offline globally rather than run a partial block, and spent nearly three weeks locked out of its own release. Commerce lifted the controls on 30 June, and Fable 5 returned to the Claude platform on 1 July.
The lesson for anyone building AI into regulated work is uncomfortable and clear. Model availability is now a supply-chain risk, not a given. A tool your team depends on can disappear for reasons that have nothing to do with you, at three days' notice, and stay gone for weeks. That is an argument for building your workflow so the underlying model can be swapped without the whole thing collapsing.
The suspension did not slow the release calendar. Anthropic made Claude Sonnet 5 its new default in Claude Code and on Claude.ai on 30 June, scoring 63.2 per cent on SWE-Bench Pro at introductory pricing of two and ten dollars per million tokens, reverting to three and fifteen from September. Capable models keep getting cheaper as fast as they get better. OpenAI previewed a GPT-5.6 family, codenamed Sol, Terra and Luna, on 26 June, but gated it behind a US-government access list of roughly twenty organisations rather than a public launch. Google's Gemini 3.5 Pro, expected in June, reportedly slipped into a July general-availability window. And China kept pace: Z.ai open-sourced GLM-5.2 under an MIT licence on 16 June, and Meituan unveiled LongCat-2.0, a 1.6 trillion parameter agentic coding model it says was trained entirely on Chinese chips, on 30 June, with open weights to follow. Four labs, two continents, one month.
The more useful shift was in how people use these models. Late in June, CNBC reported enterprise users moving away from "tokenmaxxing," the habit of throwing maximum reasoning and context at every task, towards efficiency: smaller, faster, cheaper calls that are good enough for the job. That matters for the teams reading this. The point of a project space is not to run the largest model on every question. It is to give a capable model the right context once, so it can do useful work at a sensible cost, every time.
The enterprise battle also moved from chatbots to agents. Microsoft used its Build conference on 2 June to plant a flag: it launched its first family of in-house MAI models, including the MAI-Code-1 coding model, and pushed a stack to make Windows an agent-native runtime, including Microsoft Execution Containers for sandboxed agents and Microsoft IQ, whose Work IQ APIs became generally available on 16 June, a context layer that grounds agents in enterprise knowledge across GitHub Copilot, Foundry and Copilot Studio. Google is pushing the same way with Antigravity, a desktop tool that orchestrates several agents in parallel. The theme is consistent. The contest is no longer who has the smartest chatbot. It is who owns the layer that connects a model to your actual work, which is exactly what a project space is at team scale.
Australian regulators kept tightening. The OAIC's consultation on automated-decision transparency closed on 15 June, with guidance expected by September. From 10 December 2026, entities covered by the Privacy Act must spell out in their privacy policies the kinds of personal information used in substantially automated decisions, the nature of decisions made solely or significantly by a computer, and where those decisions could significantly affect a person. That sits on top of APRA's 30 April letter to industry, which told regulated entities to build formal AI governance, keep an inventory of every AI tool and use case, and keep a human accountable for high-risk decisions, and ASIC's 8 May call for stronger cyber resilience as frontier models raise the cyber-risk bar.
Put the month together and a pattern emerges. Models are more capable, cheaper, and less predictable to rely on. The action has moved to the layer that connects a model to your work. And regulators want a human who can explain what the AI did and why. Every one of those pressures points the same way for an HSW, WC or GRC team.

- Keep a fallback. Note which of your workflows would break if your main model vanished for three weeks, and have a second provider or model configured before you need it.
- Right-size the model. Do not default to the biggest model for every task. Match the model to the job and watch the cost, which is where a well-briefed project space earns its keep.
- Keep the human in the record. With the OAIC transparency rules landing on 10 December, start documenting who reviewed each AI-assisted decision now, not in November.
Practical takeaway. Treat model access as a supply chain. For every AI workflow you build this year, write down the fallback: which second model or provider you would switch to, and what would need to change in your prompts to do it. June proved that is not paranoia.
What a project space actually is
Definition. Project space. A persistent ChatGPT workspace with three layers: standing instructions, uploaded reference files, and a project-scoped memory. Every chat inside it shares that context, and nothing leaks out to your other chats.
Three layers do the work.
- Instructions. The standing brief. Project instructions hold several thousand characters, enough room for a full description of who the team is, how you want outputs formatted, and what the model must never do. Written once, applied to every chat in the project.
- Files. The reference set. On a paid plan you attach a working library. OpenAI's help documentation lists 5 files per project on Free, 25 on Plus and up to 40 on Pro, with higher limits and larger storage on Business and Enterprise. Fill it with your strategy, KPI definitions, policies and de-identified data extracts.
- Memory. The running record. Project memory keeps context to that project only. What you agreed last month is still there this month, and it does not bleed into unrelated chats, which is exactly what you want for long-running or sensitive work.

The difference is continuity. Picture a case manager who opens a blank chat every Monday, re-types the team's context, pastes the same policy, and hopes the model remembers how the last plan was structured. Now picture the same person opening a project that already knows the team, holds the policy, and formats every output the agreed way. Same model, very different leverage. The blank window is a tax you pay in re-explanation, and a project space removes it.
Insight. The point of a project space is not smarter answers to single questions. It is continuity. The model stops starting from zero every time, which is the single biggest hidden tax on everyday AI use.
On ChatGPT Business, Enterprise and Edu you can share a project with the team, so the instructions and files are common property rather than trapped in one person's account. Administrators control who can share and what memory is retained, and on those plans project content is not used to train models by default. For a team running a financial year, shared beats solo: one source of truth, one agreed format, and no single point of failure when someone is on leave.
Practical takeaway. Before you build anything, decide the project will be shared, not personal. Put it on a Business or Enterprise workspace so the files, instructions and memory belong to the team and survive any one person leaving.
The build every team follows
Same spine, different content. Five steps, and the whole thing takes about thirty minutes the first time.
- Name it for the year. "HSW Command Centre FY2026-27". A dated name signals scope and makes archiving clean next July, when you spin up the FY2027-28 project and keep this one as a read-only record.
- Write the standing instructions. The highest-leverage twenty minutes you will spend all year. This is where you set the team's identity, the output formats, and the hard rules. Template below.
- Upload the reference set. Strategy, KPI definitions, policies, de-identified data. Keep it curated. A tight, current set beats a dumping ground, because every extra file dilutes the model's attention and raises the odds it cites something out of date.
- Set the operating rhythm. Decide the cadence the project runs on and tell the model what each review looks like, so it produces the same shape of output every week and month.
- Run recurring workflows. Strategy build at the start of the year, KPI monitoring on cadence, everyday work on demand. The prompts for each are below.

Prompt: universal standing-instructions template (paste into project instructions)
Practical takeaway. Spend real time on the standing instructions. Ninety per cent of the quality difference between a good project space and a mediocre one is written into that one block before you ask a single question.
One rhythm, one dashboard
A project space is only as useful as the cadence you run it on. Set three loops and let the project drive them, so the plan you wrote in July is still steering decisions in March.
- Weekly, ten minutes. Update the leading indicators, flag anything drifting off track, decide the one action for the week. This is the loop that stops small problems becoming board problems.
- Monthly, thirty minutes. A full KPI review with RAG status, driver analysis, and a leadership summary you can paste straight into a pack.
- Quarterly, half a day. Check strategy against objectives, reset targets that no longer fit, and capture the lessons so next quarter starts smarter.

Have the model maintain a single KPI dashboard it updates each cycle. You paste the numbers, it returns the same structured view every time, so the trend is comparable month to month rather than a fresh guess each period. Consistency of format is what turns a pile of updates into a line you can actually read.
Prompt: KPI dashboard update (run every cycle)
Practical takeaway. Put the monthly review in your calendar as a recurring thirty-minute hold today. The rhythm is the product. A project space with no cadence is just a tidier chat window.
Turn the dashboard into an offline tool
For teams that cannot put KPI data into a cloud chat at all, there is a neat move. Ask the model to write you a single self-contained HTML file. It opens in any browser, stores its data only in that browser, and sends nothing anywhere. You get a styled dashboard you can keep on a managed drive, hand to a colleague, and open with no internet connection. When you want a change, you paste the file back into the project and ask for the edit, and the model rewrites it. This is where it beats a spreadsheet: it is a shareable, self-contained artefact anyone can open, with the look and logic you want, that the model can regenerate in seconds.
Prompt: build an offline single-file HTML KPI tool
Caution. An offline HTML file keeps data on the device, but it is not a system of record and has no access controls beyond the device itself. Treat it as a working tool, not a register. Keep the authoritative data where your governance requires, and never let the browser file become the only copy of anything that matters.
Practical takeaway. Use the HTML tool to prototype a dashboard in an afternoon, then decide what deserves to graduate into your real system of record. It is a sketchpad, not the filing cabinet.
Playbook 1: Health, Safety and Wellbeing
HSW carries the primary duty of care under the model Work Health and Safety Act, and since the psychosocial amendments to the model WHS Regulations, an explicit duty to identify and control psychosocial hazards. A credible FY plan balances the two and measures both leading and lagging indicators, not just injury counts after the harm has happened. Lagging numbers tell you where you have already failed. Leading numbers tell you whether you are about to.
A worked example. Say last year's data shows a cluster of hazard reports tied to high job demands in one team, and a psychosocial survey flagging low control. A good project space reads both files, proposes an objective ("reduce exposure to high job demands in [TEAM]"), sets a leading indicator (job redesign actions completed) and a lagging one (psychosocial hazard reports from that team), and leaves the targets for you to sign off. It does not invent the numbers. It structures the work.
What the strategy covers. Objectives across physical safety, psychosocial risk, worker consultation, and team capability. Each objective needs a measurable target, at least one leading and one lagging indicator, an owner, and quarterly milestones.
Files to upload.
- FY safety strategy or plan, last year plus any current draft
- WHS policy and consultation arrangements
- Risk register, de-identified
- Incident and hazard data, aggregated and de-identified
- Psychosocial survey summary, aggregated
- Corrective action tracker and the codes of practice you rely on
Prompt: HSW standing instructions
Prompt: HSW build the FY2026-27 strategy
Prompt: HSW monthly safety dashboard
Prompt: HSW psychosocial risk assessment template
Practical takeaway. Anchor every HSW objective to at least one leading indicator you can move this quarter. If an objective only has lagging measures, you are grading the past, not managing the risk.
Playbook 2: Workers Compensation
Caution. This section is educational, not legal advice. Every example uses de-identified placeholders. Real claimant information does not belong in a general chat tool. Decisions on liability and entitlements remain with a delegate, and outputs from the model are drafts for a human to verify and decide.
WC teams under the Safety, Rehabilitation and Compensation Act 1988 (SRC Act) carry obligations to support recovery and return to work. Sections 36 and 37 frame rehabilitation assessments and rehabilitation programs, and section 40 covers the provision of suitable employment. A durable return, not just a return, is the outcome that matters, because a claimant who goes back and then falls out again is a worse result for everyone than a slightly later but stable return. The FY plan should measure the pathway, not only the endpoint.
A worked example. You paste a de-identified portfolio summary showing return-to-work rates holding steady but durable-return rates at six months slipping. A well-briefed project space flags the gap, points to the difference between an initial return and a sustained one, and proposes a leading indicator (rehabilitation assessment turnaround) that plausibly drives it. It does not decide anything. It gives a case manager a sharper question to take into the next review.
What the strategy covers. Objectives across claims management, return to work, and rehabilitation, each tied to a measurable target, an owner, and quarterly milestones.
Files to upload.
- FY claims and RTW strategy, last year plus any current draft
- Aggregate, de-identified portfolio data (claim counts, durations, RTW status)
- RTW and rehabilitation procedures
- Rehabilitation provider panel
- Your KPI definitions and a plain-English SRC Act quick reference
Prompt: WC standing instructions
Prompt: WC build the FY2026-27 strategy
Prompt: WC monthly portfolio dashboard
Prompt: WC de-identified statement summary (draft for human review)
Practical takeaway. Measure durable return, not just return. Set the six-month sustained-return rate as a headline KPI this year, because it is the number that actually reflects recovery.
Playbook 3: Governance, Risk and Compliance
Definition. CPS 230. APRA's operational risk management standard, in force since 1 July 2025. It requires regulated entities to identify their critical operations, set tolerance levels for disruption, and manage service-provider risk. The service-provider transition applied from the earlier of the next contract renewal or 1 July 2026, so the window has now closed.
GRC teams entering FY2026-27 are operating under a fully live CPS 230, the Financial Accountability Regime's accountability obligations, and a board that wants risk kept inside appetite. APRA's 30 April 2026 letter to industry raised the bar again, telling regulated entities to build formal AI governance, keep an inventory of every AI tool and use case, and keep a human accountable for high-risk decisions. A strong FY plan connects regulatory change, operational risk and assurance, and maps every objective back to the risk appetite statement.
A worked example. You upload the obligations register and this month's issues tracker. The project space produces a board one-pager: obligations coverage against plan, controls tested versus scheduled, open issues by rating and ageing, and any tolerance breaches on critical operations, each line citing the register row it came from. It then drafts three decisions to seek from the board. A human owner checks every figure and signs off. The model did the assembly. The accountable person still owns the call.
What the strategy covers. Objectives across regulatory change, operational risk (CPS 230 critical operations, tolerances and service providers), assurance and controls testing, and issue management.
Files to upload.
- FY GRC or compliance plan, last year plus any current draft
- Risk appetite statement
- Obligations register, de-identified
- CPS 230 critical operations list and tolerance levels
- Incident and breach log, de-identified, plus the issues and actions tracker
- Board reporting calendar and regulatory change tracker
Prompt: GRC standing instructions
Prompt: GRC build the FY2026-27 plan
Prompt: GRC monthly board one-pager
Prompt: GRC regulatory change triage
Practical takeaway. Map every FY objective to a line in your risk appetite statement. If an objective does not connect to appetite, either it is not a priority or your appetite statement has a gap. Both are worth knowing.
Guardrails that apply to all three
The same discipline protects every team, and none of it slows you down once it is set up. These are also the controls your regulators now expect to see, so building them in is not overhead. It is the evidence you were in control.
- De-identify before you paste. Use placeholders such as [CLAIMANTNAME], [CLAIMNUMBER] or [PROVIDER], and aggregate wherever you can. The model does not need the real identifier to do the work, and the OAIC's incoming transparency rules make careless handling of personal information a growing liability.
- Human decides. The model drafts strategy, summarises, and monitors. People approve determinations, board reports and safety decisions. APRA's April letter is explicit that a human must stay accountable for high-risk decisions. Never let an output stand as a decision.
- Use the enterprise settings. On Business and Enterprise, project data is not used to train models by default, administrators control memory and retention, and shared-project access can be restricted. Configure these before you load anything sensitive, not after.
- Mind the connectors. Connectors that pull from SharePoint, a drive or a ticketing system are powerful, but they widen what the project can see. Know what is in scope, who can see the shared project, and whether any of it should be there at all.
- Keep an audit trail. Save the prompt, the output, and the name of the reviewer. If a regulator or an auditor asks how a document was produced, you can show the chain, which is exactly the traceability APRA and ASIC are now looking for.

Caution. Shared projects mean teammates see the files and the instructions. Keep personal information, credentials and market-sensitive data out of the shared layer. If it should not sit in a group inbox, it should not sit in a shared project.
Practical takeaway. Stand up a one-line audit log from day one: date, prompt used, output produced, reviewer. It costs you nothing per entry and it is the single artefact that turns "we use AI" into "we govern AI".
Your July move
Thirty minutes today. Create the project, paste the standing-instructions template, upload five files, and run the FY strategy prompt once. You will have a first-draft plan and a live workspace before lunch. Then put a recurring thirty-minute monthly review in the calendar and let the rhythm carry it. Next July, you archive this project, spin up FY2027-28, and you have a full year of decisions and dashboards to learn from rather than a folder of one-off chats you will never reopen.
Insight. The teams that get the most out of AI this year will not be the ones with the cleverest one-off prompts. They will be the ones who built a governed place for the work to live, right at the start of the year.
Sources and further reading
- Model access and June releases: Anthropic, "Statement on the US government directive to suspend access to Fable 5 and Mythos 5" (anthropic.com/news/fable-mythos-access) and "Claude Fable 5 in practice" (return, 1 July); CNBC on the lifting of controls (30 June) and on the shift from "tokenmaxxing" to efficiency (26 June); Anthropic, "Claude Sonnet 5" (30 June, SWE-Bench Pro 63.2 per cent, introductory pricing); OpenAI, GPT-5.6 Sol preview (26 June); Z.ai, GLM-5.2 (16 June, MIT licence); VentureBeat and SiliconANGLE on Meituan LongCat-2.0 (30 June).
- Enterprise agents: Microsoft, "Build 2026" blog and microsoft.ai (2 June: MAI models including MAI-Code-1, Microsoft Execution Containers, Microsoft IQ with Work IQ APIs GA 16 June); Google I/O 2026 announcements (Antigravity 2.0).
- ChatGPT project spaces: OpenAI Help Center, "Projects in ChatGPT" (project instructions, per-plan file limits, project memory, shared Projects on Business, Enterprise and Edu); OpenAI, "Enterprise privacy" (business data not used to train models by default). Web-verified July 2026.
- Work health and safety: Safe Work Australia, model WHS Act and Regulations (psychosocial provisions) and "Managing psychosocial hazards at work: Code of Practice"; ISO 45003:2021.
- Workers compensation: Safety, Rehabilitation and Compensation Act 1988 (Cth), sections 36, 37 and 40; Comcare rehabilitation and return-to-work guidance. Educational reference only, not legal advice.
- GRC: APRA, Prudential Standard CPS 230 (in force 1 July 2025; service-provider transition to 1 July 2026); APRA, "Letter to industry on Artificial Intelligence" (30 April 2026); ASIC cyber-resilience letter (8 May 2026, 26-092MR); Financial Accountability Regime Act 2023 (Cth); OAIC automated-decision-making transparency (consultation closed 15 June 2026; Privacy Act amendments commencing 10 December 2026).