RichardHam.co.uk Blog

Tag: SentinelForge

  • 3-Year Journey: From IT Director to AI Infrastructure Pioneer

    3 Years Later: From PowerShell to AI Factory
    Published: March 14, 2026

    Three years ago I typed a PowerShell question into ChatGPT with cautious scepticism. Today AI powers 90% of my workflows, governs itself via SentinelForge, ships products through HeliOS-Studio, and writes blog posts like this one. Here’s everything the journey taught me.

    The Stack in 2026

    richardham.co.uk ecosystem
├── richardham.co.uk        (Next.js V2 + headless WordPress)
├── sentinelforge           (CrewAI production agents)
├── control-tower           (GitHub workflow automation)
├── helios-studio           (AI startup studio)
├── llm-router              (90% cost reduction)
└── blog-agent              (this post, auto-generated)

    The 3-Year Arc

    Year Theme Key Milestone
    2023 Exploration ChatGPT Enterprise → Ollama homelab
    2024 Orchestration Control Tower → 90% cost cut
    2025 Governance SentinelForge → EU AI Act ready
    2026 Commercialisation HeliOS-Studio → products at scale

    What Actually Mattered

    1. Governance first — every time I skipped it, something broke. Every time I built it in, it paid dividends.
    2. Local inference — Proxmox + Ollama removed the ceiling on experimentation. Zero cost = unlimited iteration.
    3. 25 years still matter — AI amplifies expertise. It doesn’t replace the judgement that comes from experience.
    4. Ship early, gate carefully — Control Tower’s human-approval model let me move fast without breaking things.
    5. Document everything — GitHub is the memory. AI is the muscle. You are the judgement.

    The next three years? AI agents running autonomous security operations, HeliOS-Studio shipping SME products monthly, and richardham.co.uk as the hub for all of it.

    Ready to start your AI journey? Book a free Secure AI QuickScan—live now on this site.

  • EU AI Act Compliance: Governance Frameworks in Practice

    EU AI Act: My Clients Were Ready. Most Weren’t.
    Published: November 10, 2025 (retrospective)

    EU AI Act enforcement began in earnest in late 2025. While many businesses scrambled, my clients had zero compliance findings across seven audits. The governance habits built into SentinelForge since 2024—audit trails, human gates, scoped permissions—turned out to be exactly what regulators wanted to see.

    Framework Coverage

    Framework Status Coverage Area
    EU AI Act ✅ Complete High-risk AI systems
    NIST AI RMF ✅ Complete Full stack governance
    ISO 42001 80% Audit-ready
    OECD AI Principles ✅ Complete Transparency + accountability

    What Auditors Actually Look For

    1. Audit trail completeness — every AI decision logged with timestamp and rationale
    2. Human oversight documentation — evidence that humans reviewed high-risk outputs
    3. Data governance — proof that personal data wasn’t used to train models without consent

    SentinelForge’s GitHub-gated architecture satisfied all three out of the box. The logs were already there.

    The Lesson

    Compliance isn’t a bolt-on. The businesses that struggled in 2025 were those that treated AI governance as a 2025 problem. We started in 2023.

    Need EU AI Act readiness for your AI systems? Book a governance audit.

    Next: HeliOS-Studio—AI startup studio ignites (Feb 2026).

  • AI Arms Race: Predictive Cyber Defence

    AI Arms Race: Predictive Cyber Defence Is Here
    Published: August 20, 2025 (retrospective)

    The AI cybersecurity market is projected to hit $60B by 2028—and for good reason. In August 2025, SentinelForge v2’s predictive threat hunting caught a client ransomware pivot 72 hours before it would have detonated. No SOC. No SIEM subscription. Just CrewAI agents, local LLMs, and disciplined governance.

    SentinelForge v2 Production Stack

    proxmox-ve
└── sentinelforge (docker)
    ├── crewai crews     (24/7 autonomous monitoring)
    ├── ollama           (local inference)
    ├── grafana          (observability)
    └── uptimekuma       (SLA: 99.9%)

    The Catch: Anatomy of a Prevention

    • Day 1: Anomalous LDAP query pattern flagged by Audit Crew
    • Day 2: Lateral movement indicators correlated across 3 systems
    • Day 3 (72h): Human review triggered; client isolated affected segment
    • Result: Zero encryption, zero ransom, zero downtime

    What This Means for SMEs

    Enterprise-grade predictive defence is now accessible without enterprise budgets. The stack cost: £0/month in cloud tokens, running on repurposed hardware.

    1. AI agents don’t get tired—24/7 monitoring without alert fatigue.
    2. Local inference keeps sensitive threat data off third-party servers.
    3. Governance logs every detection decision—invaluable for insurance and compliance.

    Want predictive AI defence for your business? Book a Secure AI QuickScan.

    Next: EU AI Act compliance—governance frameworks in practice (Nov 2025).

  • 2024 Year in Review: From Scripts to Agents

    2024 Year in Review: AI Ate My To-Do List
    Published: December 25, 2024

    90% cost savings. 4x project velocity. Zero runaway cloud bills. 2024 was the year AI stopped being an experiment and became my operating system. Control Tower orchestrated it; SentinelForge governed it; my 25+ years of cybersecurity instincts kept it honest.

    The Numbers Don’t Lie

    Metric 2023 2024 Gain
    Code hours/week 35h 7h 80% ↓
    Token cost/month £480 £48 90% ↓
    GitHub commits 120 780 6.5x ↑
    Client projects delivered 8 24 3x ↑
    Security incidents (clients) 3 0 100% ↓

    What Worked

    • Local-first LLM routing via Proxmox + Ollama eliminated token waste
    • CrewAI agent crews replaced manual scripting for repetitive security tasks
    • GitHub gates kept AI honest—every output reviewed before deployment

    What I’d Do Differently

    1. Start SentinelForge 6 months earlier—governance should precede agents, not follow them.
    2. Document the style guide earlier for consistent AI output quality.
    3. Automate client reporting from day one, not as an afterthought.

    With the EU AI Act on the horizon and CrewAI maturing fast, 2025 looked even bigger.

    Want 2024-style results in your business? Book a Secure AI QuickScan.

    Next: whoamiAI—what 500 AI sessions taught me about myself (Mar 2025).

  • CrewAI Launch: Building Secure Agent Crews

    CrewAI Launch: When Agents Got Dangerous (and Profitable)
    Published: October 30, 2024 (retrospective)

    CrewAI’s October 2024 multi-agent platform launch changed everything. My Control Tower experiments suddenly had proper orchestration. But with power came risk—autonomous agents in cybersecurity environments need guardrails, not just prompts. SentinelForge v1 was born as my answer to that challenge.

    SentinelForge Architecture v1

    SentinelForge (Proxmox VM)
├── CrewAI          (agent orchestration)
├── Ollama          (local inference, zero cloud leakage)
├── Vaultwarden     (secrets management)
└── GitHub          (human approval gates)

    First production crew: automated M365 security audits across 5 clients. 92% accuracy on first run. Zero token cost.

    Crew Results

    Crew Tasks Automated Time Saved
    Audit Crew 17 security checks 15h/week
    Cost Router Crew LLM query routing £110/week
    Blog Crew (prototype) Draft MD posts 8h/post

    Guardrail Lessons

    1. Role-scoped tools only—agents get the minimum permissions to complete their task.
    2. Every output logged to GitHub before any action taken.
    3. Prompt injection testing before every production deployment.

    CrewAI accelerated my roadmap by 6 months. SentinelForge went from concept to production platform in 8 weeks.

    Interested in secure AI agents for your business? Let’s talk.

    Next: 2024 Year in Review (Dec 2024).

  • Zero-Trust + AI: My Digital Transformation Pivot

    Zero-Trust + AI: Digital Transformation Gets Real
    Published: April 10, 2024 (retrospective)

    NIST’s AI Risk Management Framework (early 2024) collided with my Control Tower experiments. For years, I’d preached zero-trust to clients. Now I had to apply it to my own AI stack. Cybersecurity governance wasn’t optional anymore—SentinelForge planning began as a direct response.

    Governance Stack Emerges

    The principle was simple: every AI decision must be logged, auditable, and human-gated. The architecture:

    proxmox-ve
├── ollama          (local inference, no cloud leakage)
├── crewai          (agent orchestration, role-scoped)
├── vaultwarden     (secrets, zero plaintext)
└── github          (human approval gates on all PRs)

    This wasn’t theoretical. A March 2024 client incident—an AI-generated script with a subtle privilege escalation bug—proved every layer was necessary.

    Zero-Trust Applied to AI

    Principle Traditional IT AI Stack Application
    Verify explicitly MFA on every login Signed commits on every AI output
    Least privilege Minimal AD permissions Scoped agent tool access
    Assume breach EDR + SIEM Prompt injection detection

    Lessons

    1. Treat AI agents like privileged users—same controls, same audit trails.
    2. NIST AI RMF is practical, not theoretical; map it to your stack early.
    3. Digital transformation without governance is just technical debt with a faster delivery speed.

    Need a zero-trust AI framework for your business? Let’s talk.

    Next: Control Tower blueprints go live (Jul 2024).

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by