In February 2026, a security firm pointed an autonomous AI agent at the internet and let it choose its own target. It chose McKinsey & Company's Lilli platform — used by over 43,000 consultants. Two hours later, the agent had full read-write access to 46.5 million internal messages, 728,000 files, and 95 writable system prompts controlling the AI's behaviour. No credentials. No insider access. Just a SQL injection vulnerability that's been on the OWASP Top 10 since 1998 — sitting underneath one of the world's most sophisticated enterprise AI deployments. This is what happens when organisations connect AI to internal infrastructure faster than they secure it. And it's happening everywhere.

 If you ask any random chosen person from the security industry, you will very likely hear, “Agile and security don’t work together”. 

But we think that Agile and Security can work together. Let us discuss how we can make it work together.

Constant pressure from executives to deliver results faster at lower costs has made Agile very popular in recent years. Even the Australian Prime Minister recommended adopting Agile methodologies for government projects. But is Agile really so good? Or maybe there's a hidden catch?

 If you ask any random chosen person from the security industry, you will very likely hear, “Agile and security don’t work together”. 

But we think that Agile and Security can work together. Let us discuss how we can make it work together.

Constant pressure from executives to deliver results faster at lower costs has made Agile very popular in recent years. Even the Australian Prime Minister recommended adopting Agile methodologies for government projects. But is Agile really so good? Or maybe there's a hidden catch?

 If you ask any random chosen person from the security industry, you will very likely hear, “Agile and security don’t work together”. 

But we think that Agile and Security can work together. Let us discuss how we can make it work together.

Constant pressure from executives to deliver results faster at lower costs has made Agile very popular in recent years. Even the Australian Prime Minister recommended adopting Agile methodologies for government projects. But is Agile really so good? Or maybe there's a hidden catch?

 If you ask any random chosen person from the security industry, you will very likely hear, “Agile and security don’t work together”. 

But we think that Agile and Security can work together. Let us discuss how we can make it work together.

Constant pressure from executives to deliver results faster at lower costs has made Agile very popular in recent years. Even the Australian Prime Minister recommended adopting Agile methodologies for government projects. But is Agile really so good? Or maybe there's a hidden catch?

GDPR and New Zealand Privacy Act requires (in certain cases) companies to designate a data protection/privacy officer (DPO). Tailored to your privacy needs, SeComPass provides a Virtual Data Protection Officer (vDPO) service. The vDPO will support you by informing, advising, monitoring compliance and acting as your point of contact for the supervisory authorities.

The Lake Alice privacy breach exposed the identities of survivors in a preventable incident that went far beyond a simple email mistake. This case highlights critical failures in cybersecurity, information governance, and executive oversightand underscores the need for stronger, trauma-informed safeguards when handling highly sensitive public-sector data.

One compromised AI vendor, one stolen OAuth token, and everything your organisation trusted it with was exposed. The Vercel and Context AI breach of April 2026 revealed a critical blind spot most businesses have not yet addressed: the AI tools you approve can be used against you through vendors you never directly vetted. In this article, SeCompass CEO Jatinder Oberoi breaks down exactly how the attack unfolded, why it is part of a growing pattern of AI supply chain threats across Australia and New Zealand, and the five-pillar governance framework every organisation using AI tools needs to put in place now.

Most businesses moved on after EchoLeak was patched. The risk didn't. A single email — no malware, no click required — was enough to silently instruct Microsoft 365 Copilot to expose sensitive data. If your SME uses AI tools in daily operations, here is what you need to understand, and what to do about it.