Software Improvement Group

Most organizations are still locking down AI with the same controls they've used for years. Firewalls. Passwords. Perimeter defense. Attackers already know this isn't enough. On April 22, Rob van der Veer (Chief AI Officer at Software Improvement Group (SIG) and founder of OWASP AI Exchange) and Mark Morrison — retired CISO across The Options Clearing Corporation, State Street, and the U.S. Department of Defense — are having a frank conversation about what actually works. What we'll cover: → What's genuinely working in AI cyber defense → Where traditional controls are breaking down → How threat actors are using AI against you → How to build a threat model that gives you real traction, without starting from scratch Register today and secure your spot. #ArtificialIntelligence #AI #CyberSecurity #AISecurity #InfoSec #CyberDefense

Human in the loop isn’t a weakness. It’s often what makes AI usable in real-life. Simon Jagers, Founder & co-CEO at Samotics, explains why human oversight became one of the most valued parts of the solution — and why trust matters just as much as automation when AI is used in the real world. Watch the full episode of the SIGNAL Podcast: https://lnkd.in/e7UqUxJ6 #AI #HumanInTheLoop #EnterpriseAI #ResponsibleAI #SignalPodcast

How to master AI security? Check out the just updated learning guide at the OWASP AI Exchange. It is our mission to enable practitioners to make sense of it all. Just go to the Exchange website owaspai dot org. Press ‘Get started’ and you will be guided, depending on your needs: 👉 Ask any question to AI Exchange Agent 👉 Learn what the Exchange is 👉 How to start as an organization 👉 How to secure an AI system 👉 How to learn AI security To learn AI security: 1️⃣ First study the brief AI security essentials for the big picture. 2️⃣ Do high-over threat modelling according to the risk analysis section - or let AI interview you to find out, or skip this step if you want to learn the complete threat picture. 3️⃣ If you’re involved in Agentic AI, see the section of how agentic threats are covered. 4️⃣ If you run a ready-made model, have a look at the threat model on ready-made models. 5️⃣ See your threats in their context in our AI threat model. 6️⃣ Click on your threats to to get more information. 7️⃣ Check the Controls section of that threat, or the periodic table which lists the controls for every threat. 8️⃣ To learn about the bigger picture of controls, study the controls overview. 9️⃣ If privacy is in scope for you: see the privacy section. 🔟 If you’re involved in testing: see the testing section. We have collected a large table of futher training resources in our references section. I will put links in the comments, but you’ll find it anyhow. There is another way: come join the threat modelling workshop in Washington DC on April 20th, where I'll teach together with Disesdi Shoshana Cox, or join my full day ‘Master AI security’ training in-person or remote during the OWASP Appsec conference in Vienna, on June 24th. We'll go through the learning steps together, in-depth, and hands on, featuring yours truly and my Software Improvement Group co-trainers. #ai #aisecurity

Last week, our team attended the AI in Financial Services Conference series event in Stockholm. It was great to be in the room with so many people from across the industry to discuss AI and its impact face-to-face. One thing that stood out: while AI dominates the conversation, the software behind it rarely gets the same attention. The architecture, the quality, the risks — these are the foundations that determine whether AI delivers on its promise or becomes a liability. That's the space where Software Improvement Group works. We were glad to share our perspective, learn from fellow industry players, and have conversations we hope to continue beyond the event. Want to keep the conversation going? Feel free to reach out to Amit Ved or Ravish Gopal, MBA directly. #AIinFinance #FinancialServices #SoftwareQuality #AINordics

AI coding assistants no longer just suggest code. They plan, write, and test software — and they're moving fast. So what happens when the loop moves faster than humans can keep up? In this episode of SIGNAL, host Werner Heijstek sits down with Luc Brandts, CEO of Software Improvement Group, to explore what agentic AI actually means for software quality, architecture, security, and governance. Drawing on SIG's latest analysis of systems built with agentic AI tools — including Cursor's FastRender and Claude's C Compiler — they get into why keeping a human in the loop still matters, and why that becomes harder to do at scale. The real challenge isn't building faster. It's staying in control while you do. 🎙️ SIGNAL Podcast | April 8, 9:00 AM CEST #AI #AgenticAI #SoftwareEngineering #AIgovernance

We’re still reflecting on the conversations at SuperReturn Operating Partners North America in Miami. One theme that came up repeatedly was the importance of having the right technology guardrails in place especially as AI makes the software “black box” harder to manage. Jasper Geurts touched on this during his panel on managing technological risk and it’s clear this is only becoming more relevant for operating partners. If this is something you’re seeing across your portfolio, we’ve put together a report that dives deeper: https://lnkd.in/eWeiRV8T #SROPNA #SuperReturn #OperatingPartners

Nearly every manufacturer is investing in AI. Almost none have fully embedded it across operations. 95% vs. 2%. That’s the difference between experimentation and broader impact. The real question for leaders has moved beyond whether or not to use AI. Rather, it's “can we govern, scale, and operationalise it effectively?” Get the full report: https://lnkd.in/ejza9Pxr #AI #Manufacturing #HighTechManufacturing #AIGovernance #AILeadership

Today at 2 PM CET: Rob van der Veer and Oliver Patel, AIGP, CIPP/E, MSc will share what effective enterprise AI governance actually looks like in practice. Most companies are already using AI. Far fewer are scaling it successfully. What often makes the difference is governance. Not governance that slows everything down. Governance that gives teams the clarity and confidence to move faster. Join the session to learn: • what’s really getting in the way of AI adoption • why governance should support progress, not stall it • what leaders can do now to balance speed, control, and risk Sign up here and join us live: https://lnkd.in/eUW2JJiH #AI #EnterpriseAI #AIGovernance #AILeadership #AIInnovation

“As soon as an AI starts to make choices on your behalf, you’d better make sure those choices fall within acceptable limits.” Guardrails are not a nice-to-have in AI adoption. When AI starts influencing decisions, the boundaries need to be clear. In our latest SIGNAL Podcast, Simon Jagers, Founder & co-CEO at Samotics, joins Werner Heijstek to discuss what it takes to build AI systems people can actually trust. Watch the full episode: https://lnkd.in/e7UqUxJ6 #AI #ArtificialIntelligence #AIGovernance #ResponsibleAI #AIAdoption #EnterpriseAI #DigitalTransformation #SignalPodcast

Boards are asking about AI strategy. Too few are asking about build quality. That’s a risk. As AI moves into production, governance, software quality, security and control matter more than ever. On March 26 at 11:00 CET, Software Improvement Group CEO Luc Brandts will join Asmo Urpilainen, CTO at Frends, and Jani Vertanen, Head of Product (AI) at Visma Aquila to discuss what it takes to move AI into production, and why build quality, governance, security and control need more attention as adoption grows. Register here: https://lnkd.in/edaj9JyA