Articles and Research

AI governance fails without evidence. If it isn’t in the Evidence Pack, it didn’t happen.

7 artifacts that belong in every Evidence Pack (system overview, risk register, eval results, oversight plan, change log, privacy/security, audit trail).

AI governance doesn’t fail on exotic risks. It fails on three boring but brutal gaps.

The EU AI Act makes boards accountable for AI risk. Here’s what leaders need to know — and a 30-day plan that builds trust with regulators & investors.

Executive Summary Artificial intelligence (AI) is rapidly transforming recruitment and human resources (HR) practices across Europe and globally. Tools such as applicant tracking systems, resume screeners, chatbots, and video interview platforms are now integrated into hiring pipelines that previously relied on human judgment alone. While these systems promise efficiency, they also introduce new risks of […]

Mercury Security Research Subscription Terms Effective: September 2025 Introduction Mercury Security provides research papers, governance crosswalks, and templates designed to support compliance, audit, and governance teams. This document outlines the terms for accessing and using Mercury Security’s research subscription service. These terms apply to both annual and lifetime subscription options. Scope of Use Subscribers are […]

Mercury Security Board Governance Roadmap — Sample Brief(Illustrative Example, 2025) This sample demonstrates the format and level of detail provided to boards at the conclusion of a 4-Week Audit → Governance Sprint. Actual deliverables will be specific to your organization, systems, and evidence. Executive Summary Our audit assessed [Sample AI Agent] for compliance readiness under […]

Mercury Security Evidence Pack Contents(v1.0, 2025) The Evidence Pack is the backbone of our 4-Week Audit → Governance Sprint. It contains the artifacts you’ll use to demonstrate compliance readiness to boards, regulators, and auditors. All items are delivered in portable formats (PDF/DOCX/CSV/JSON where applicable). 1. Logs & Records Conversation Logs (Redacted): 20–200 sampled interactions, anonymized […]

Mercury Security Inputs Checklist for 4-Week Audit → Governance Sprint(v1.0, 2025) The 4-Week Sprint is a fixed-scope engagement. To begin, we require specific inputs from your team. This checklist ensures we have everything needed to deliver your Audit Report, Evidence Pack, and Board Roadmap on time. 1. System & Environment Access Input Required? Notes Read-only […]

Mercury Security Research Subscription — License & Scope(v1.0, 2025) The Mercury Research & Evidence Library provides organizations with access to whitepapers, crosswalks, and toolkits for AI governance. This document defines the scope of use and licensing terms for subscribers. 1. License Model License Type: Organization-wide. Permitted Users: All employees and contractors working on behalf of […]

This is meant to clarify for clients: What Mercury provides (audit evidence, artifacts, technical notes). What only legal counsel can provide (formal Data Protection Impact Assessments under GDPR). How the two connect. DPIA Companion Notes Mercury Security | 2025 Introduction A Data Protection Impact Assessment (DPIA) is a formal requirement under the General Data Protection […]