IT Security

Sensitive Data Leaks Drive ORCA Opti’s Push for Sovereign AI Governance

Australian AI security and compliance specialist ORCA Opti has released Opti Assist Free, a no-cost sovereign AI governance assistant for regulated organisations. The launch comes as sensitive data leaks and rising shadow AI use push Australian employers toward governed alternatives to ChatGPT.

Matthew Giannelis
Matthew Giannelis

Australian organisations are being pushed into a new phase of AI governance, as employees increasingly use public AI tools before their employers have systems in place to monitor where sensitive data is going.

In response, Brisbane-based AI security and compliance specialist ORCA Opti has released Opti Assist Free, a no-cost AI governance assistant designed for regulated Australian organisations that need tighter control over data, compliance and staff use of generative AI.

The company says the platform has been built as a governed alternative to tools such as ChatGPT, particularly for workplaces where staff are already experimenting with AI through personal accounts and unmanaged software.

The release comes amid growing concern over “shadow AI” inside Australian workplaces.

Recent research from Josys shows more than one-third of Australian professionals have already exposed sensitive company data to AI platforms, most of it through personal accounts on tools their employer cannot see or control.

For regulated sectors, the problem is no longer only whether employees are using AI.

It is whether organisations can prove where their data has gone, which tools have processed it, and whether confidential information has been exposed to foreign-hosted platforms.

Opti Assist Free runs on Australian infrastructure, does not send user inputs to third-party AI providers, and does not train on customer data.

Organisations can sign up using a Microsoft 365 work or school email account, without a credit card, procurement approval or trial period.

Each user receives free credits to run queries, generate documents and policies, and complete a structured compliance gap analysis against frameworks commonly used by Australian organisations, including ISO 27001, Essential Eight, DISP, NDIS Practice Standards, ISO 42001, PSPF and DSPF.

The tool produces a nine-section readiness report, scored from 0 to 100 across each compliance domain. It also identifies gaps by severity, sets out prioritised remediation steps and generates audit-ready language.

“A DISP readiness report at this level of detail used to cost around $5,000 and take three weeks,” said Kathryn Giudes, Founder and Managing Director of ORCA Opti.

“We’re giving it away for free, on sovereign infrastructure, and it takes about fifteen minutes. Every Australian organisation deserves to know where they stand on compliance,” said Giudes.

Cost and complexity shouldn’t be the barrier, and neither should sending the answers to an overseas tech company.” she said.

What Opti Assist Free Includes

At a glance, Opti Assist Free includes:

  • Sovereign Australian-hosted infrastructure, with no data sent outside your ‘safe zone’; no information to third-party AI providers and no training on user inputs.

  • Compliance gap analysis and scored readiness reports against ISO 27001, Essential Eight, DISP, NDIS Practice Standards, ISO 9001, ISO 42001, PSPF and DSPF, and more.

  • Specialist industry agents covering compliance, governance, AI automation and sector-specific regulation, personalised to each organisation at onboarding.

  • 100,000 OO Credits per month, sufficient for everyday queries, gap analyses and report generation.

  • Easy, free Microsoft 365 work or school account email sign-up.

  • A clear upgrade path to paid Opti Assist and Opti Core tiers for additional users and governed business administration works.

Unmanaged AI Use Is Now A Compliance Problem

The launch follows a recent presentation by Giudes at the 2026 Sunshine Coast Cybersecurity Conference, “SunCon”, where she detailed the scale of unmanaged AI use inside Australian workplaces.

Cyberhaven data shows 85.7 per cent of knowledge office workers now use AI at work, with 72.8 per cent using personal accounts.

The same data shows 83.8% of enterprise data flowing into AI tools is going to platforms classified as high or critical risk. Eleven per cent of what employees paste into those tools is confidential and should not be there.

The risk is no longer theoretical. In March 2026, a single contractor exploited a known vulnerability in McKinsey’s internal AI chat assistant and extracted 46.5 million confidential conversations referencing 728,000 client files in two hours.

In 2023, Samsung engineers pasted proprietary semiconductor source code into the consumer version of ChatGPT within seven days of lifting an internal ban. That data entered the model’s training pipeline and cannot be removed, ever.

Australian regulators have also moved to tighten expectations around AI and data handling.

The Office of the Australian Information Commissioner’s October 2024 guidance made organisations directly accountable for any personal information employees enter into commercial AI tools, including ChatGPT, Copilot and Gemini.

Privacy Act reforms passed the same year lifted maximum penalties for serious breaches to the greater of $50 million, three times the benefit obtained, or 30 per cent of adjusted turnover.

The Australian Signals Directorate’s March 2026 update to the Information Security Manual introduced its first formal AI-specific controls, while Australia’s Voluntary AI Safety Standard set out ten guardrails covering transparency, accountability, human oversight and data governance.

In February 2025, the Australian Government also banned DeepSeek from all federal devices under Direction 001-2025, citing foreign-government access risk.

“Banning ChatGPT did not work for Samsung, JPMorgan or Apple, and it will not work for an Australian council, hospital or defence supplier either,” said Giudes.

“The lesson was never ‘ban AI’. The lesson was ‘ungoverned AI is the risk.’ Regulators have accepted that AI is inevitable,”

“What they will not accept is that organisations can no longer say where their data went, who used it, or which foreign model is now trained on it. That is the visibility gap,”

“Opti Assist Free is how we close it, not by banning AI, but by giving people a version of it they can safely say yes to.” she said

Opti Assist Free is being aimed at organisations most exposed to that visibility gap, including professional services firms, healthcare providers, NDIS operators, financial services businesses, government suppliers, defence industry participants and research institutions.

Many of these organisations operate under frameworks such as ISM and the Essential Eight, ISO 9001 Quality Management, ISO 27001 Information Security Management, PSPF, DSPF and DISP, but do not have the in-house security capacity of a large enterprise.

The free product is also the entry point to ORCA Opti’s broader governed AI stack.

Organisations that need more than one user, additional credits, deep research, automated workflows or full governance, risk and compliance tooling can move to paid Opti Assist and Opti Core tiers, which are built on the same sovereign architecture.

According to Giudes this is so much more than a modern agent.

“It’s a governed AI environment, with a compliance assessment built in. That is the version of AI Australian organisations have been waiting for,” said Giudes.

“Not only does ORCA keep the privacy and security guardrails, it also enables real-time ESG, anti-slavery reporting and simplifies self-reporting requirements.” she said.

ORCA Opti

Founded in Brisbane in 2024, ORCA Opti is positioning itself as a sovereign AI governance provider for regulated Australian organisations.

With its Microsoft 365-based platform, AI Guardian software and planned expansion into North America and Europe by late 2026, the company is pushing further into Australia’s AI compliance market.

ByMatthew Giannelis
Follow:
Secondary editor and executive officer at Tech Business News. An IT support engineer for 20 years he's also an advocate for cyber security and anti-spam laws.
Previous Article ADAPTOVATE Launches Rapid-Deployment AI Capability Uplift Framework the Enterprise ‘AI Scale Gap’ Australian Businesses ADAPTOVATE Launches Rapid AI Capability Framework to Tackle Australia’s Enterprise AI Scale Gap
Leave a Comment

Leave a Reply

Australian Startup ORCA Opt Releases Free AI as Data Sovereignty Crackdown Looms - Kathryn Giudes

Tech Articles

The Internet’s Best Blogs Didn’t Vanish — They Were Stripped for Parts by SEO Parasites

The Internet’s Best Blogs Didn’t Vanish — They Were Stripped for Parts by SEO Parasites

How some of the internet’s best independent blogs were quietly…

Top Big Tech Companies 2026

The Big Tech Companies Actually Winning In 2026 — And Numbers That Prove It

Top tech companies in 2026 included AppLovin, AWS, Microsoft, Meta,…

Sean Yu, VP of Commercial APAC at EBANX.

The Consumers Driving Global E-Commerce Growth Are Closer to Australia Than Many Businesses Think

The consumers driving global e-commerce growth are closer to Australia…

Recent News