AI Governance Observatory

AI is already arriving in your Microsoft estate. Most of it never announces itself.

AIGO gives the people accountable for AI a clear, defendable assessment of what they're carrying. Independent. Research-grade. We never touch your systems.

The governance gap

AI is being switched on inside the tools you already run. Copilot, Copilot Studio agents, Power Platform, and new agents across the estate.

Most of it arrives without being announced as AI, so it lands without anyone deciding to govern it. And your exposure changes every week.

That is a governance gap. You can't govern what you can't see.

What we do

AIGO exists to close that gap.

We help you find the AI in your environment, size the governance each function actually warrants, and manage your exposure with a position you can defend to your board, your auditor, and your regulator.

Independence

Our read answers to you, not to a vendor.

We hold no commercial relationship with the vendors whose AI we assess. The prohibition is written into the company's objects, not just our marketing. That is what makes the rating worth relying on.

Our method

A comprehensive AI risk management system.

AIGO has built ARMS, the AI Risk Management System. It is a calibrated way to measure how much governance an AI function warrants, what is already in place, and the gap between them. It has been validated with the University of Technology Sydney and CSIRO's Data61.

Research

Help shape the evidence base.

AIGO is also conducting empirical research into AI governance and assurance, in partnership with the University of Technology Sydney. We are inviting a small number of organisations to take part.

Talk to us

Tell us a bit about you

Tick what brought you here and we'll be in touch.

I'm interested in

Your email is ready to send in your mail app. If nothing opened, write to hello@ai-governance-observatory.com.

The free entry point

The AI Function Alert

A short monthly read on the AI landing in your Microsoft estate, and whether each new function sits inside safe limits. Under ten minutes. By email. Nothing to install, nothing to connect.

What each edition covers

Every edition has three parts. The AI functions we have confirmed, each rated against our independent tolerance bands. The items still under review. And the vendor features that sounded like AI but turned out to be ordinary automation.

Today it covers your Microsoft estate, where most of the AI is arriving. The Alert draws on public sources only, so we never touch your systems.

What an edition looks like

A sample edition

Illustrative sample only. Function names, ratings and dates are examples, not a real assessment of any organisation.

AI Risk Management System

ARMS

The AIGO AI Risk Management System. The free Alert is one way in. ARMS is the whole method beneath it, and the reason a careful reader, an auditor, or a board can rely on the rating.

What the system does

ARMS measures how much governance an AI function really warrants. Not the blanket maximum, not a hopeful minimum. Then it measures what is already in place. Then it tells you the gap. The Alert reports a slice of this each month; ARMS is the full assessment behind it.

Research and validation

Co-designed and validated with the University of Technology Sydney and CSIRO's Data61, and written to be published and peer-reviewed. The reasoning behind every rating can be examined, not taken on trust.

Independence

We hold no commercial relationship with the vendors whose AI we assess, and that prohibition is written into the company's objects.

How we handle data

The Alert uses public sources only. In deeper ARMS engagements, your data stays yours, every record is provenance-tagged, and the methodology is the only thing we publish.

What it is, and what it isn't

A calibrated, point-in-time read you can defend. Not legal advice, not an audit opinion, not a compliance warranty. It informs the decision you're accountable for.

The research

Empirical research into AI governance, with the University of Technology Sydney.

AI governance today runs on heat maps and maturity scores, built for an older problem. None of them answer the real question. How much governance does this AI function actually warrant, and do you have exactly that. And how do you know that is still true next month, in a space that changes every week.

You're exposed in two directions. Over-control wastes money and slows the business. Under-control leaves risk you can't see. Either way you can't prove your position, because it isn't built on data. And as AI evolves, a position that was right last quarter quietly goes stale.

What's needed is a risk position you can defend, because it's built on evidence. A way to right-size your controls to exactly what each function warrants. And a method that keeps pace as the space evolves. That can't be built at a whiteboard. It has to be tested on real AI estates, independent of the vendors assessed, and built with real organisations.

That's the Observatory research program, built with the University of Technology Sydney and validated with CSIRO's Data61, alongside the organisations who join us.

Here's what you get back. A clear read of every AI thing in your environment, each rated for what it warrants, and a position you can take to your board, your auditor, and your regulator.

Here's what we ask. A few hours from someone who knows the AI in your environment, then less, ongoing.