AI does not create a new domain of trust
Most organisations treat AI as a separate governance category. That instinct is wrong - and it explains why adding AI controls often fails to improve governance.
Trust Surface thinking
Digital trust, observed and made governable.
I write about the systems, signals, and dependencies that shape trust in digital organisations - and the governance needed to keep them visible, resilient, and under control.
Essays, framework thinking, and applied work across digital trust and governance.
Writing
A small selection of essays on digital trust, governance, and the systems that shape public confidence.
The Vercel incident
The useful signal in the Vercel incident is not the breach mechanics alone, but how trust moved across integrations, identities, tokens, and systems never governed as one surface.
Translating technology risk for boards
Why boards do not need technical issues simplified; they need them translated into consequence, judgement, and accountability.
Framework
The Trust Surface Framework is a structured model for understanding how trust is expressed, tested, and governed across digital systems.
It is intended to make trust dependencies more visible across domains, identity, communications, infrastructure, suppliers, and change.
Current work
A small number of ongoing instruments and operational work sit behind the writing and framework - reflecting a consistent approach to designing and operating trust surfaces across contexts.
Applied tool
ThreatScope Check
A public-interest instrument for inspecting the visible trust signals of a domain.
Observatory
.auDo
An independent observatory tracking DNS and registration signals across the .au namespace over time.
Framework
Trust Surface Framework
A structured model for making digital trust visible and governable.
Alongside this work, I lead technology delivery within a national mental health organisation, applying the same principles in live operational environments.
In simple terms, I help organisations understand what others can see about them online, and how that shapes trust, risk and control.
I also contribute to consultations and public processes on digital trust, internet governance and the .au namespace.
Selected submissions.