Notes on private AI, written by the people building it
Engineering, delivery, and security perspective from the team behind Marella.
What ISO 27001 actually tells you about an AI vendor
ISO 27001 certification is one of the few security claims you can verify before signing. Here's what it covers, what it doesn't, and the questions to ask any AI vendor who claims it.
Private RAG, explained for people who buy software
Private RAG means AI answers grounded in your own documents, running under your organisation's control. Here's what the term covers, why regulated teams insist on it, and how to evaluate it.
Why cited answers beat confident answers
AI adoption in regulated organisations fails on trust, not capability. Citations — answers linked to the exact source passage — are the mechanism that fixes it.
Occasional notes on private AI
New posts, sent occasionally. No sequences. Unsubscribe any time.