Orca Opti releases free AI as data sovereignty crackdown looms

Machine Learning


orca opti

Opti Assist Free provides organizations with a free, managed alternative to ChatGPT on Australian hosted infrastructure

ORCA Opti, the AI ​​security and compliance specialist, today announced the release of Opti Assist Free, a free sovereign AI governance assistant built for Australian regulated organizations.

The announcement is the company’s response to the rapid expansion of ‘shadow AI’ within Australian workplaces and the widening gap between how employees use AI and what regulators expect from employers.

Also read: AiThority interview with Matej Bukovinski, Chief Technology Officer at Nutrient

More than a third of Australian professionals have already exposed sensitive company data to AI platforms, much of it through personal accounts on tools that employers cannot see or control, according to new research from Josys.

As the adoption of generative AI outpaces the governance of its use, the potential for risks related to the exposure of sovereign data and sensitive information is rapidly expanding.

Opti Assist Free is designed to address this issue in a number of ways. The solution runs on Australian infrastructure, does not send user input to third-party AI providers, and does not train on customer data. Organizations sign up using their Microsoft 365 work or school email account. No credit card or procurement authorization or trial period required.

Each user receives enough free credits to run multiple queries, author documents and policies in a secure environment, and perform structured compliance gap analysis against the most important frameworks for Australian organizations, including ISO 27001, Essential Eight, DISP, NDIS Practice Standards, ISO 42001, PSPF, and DSPF. Free users also have access to ORCA Opti’s professional industry agents.

The output is a nine-section readiness report that scores from 0 to 100 across each compliance domain and assesses gaps by severity, prioritized remediation steps, and audit-ready language.

“A DISP readiness report at this level of detail previously cost approximately $5,000 and took three weeks,” said Kathryn Judes, founder and managing director of ORCA Opti.

“We’re offering it for free on sovereign infrastructure, and it takes about 15 minutes. Every organization in Australia has the right to know where they stand on compliance. Cost and complexity shouldn’t be a barrier, and they shouldn’t have to send their answers to technology companies overseas.”

At a glance, Opti Assist Free includes:

  • Australian-hosted sovereign infrastructure. No data is sent outside the “safe zone”. There is no input to third-party AI providers and no training on user input.
  • Compliance gap analysis and scoring readiness reports for ISO 27001, Essential Eight, DISP, NDIS Practice Standards, ISO 9001, ISO 42001, PSPF, DSPF, and more.
  • Industry expert agents covering compliance, governance, AI automation, and sector-specific regulations, customized for each organization during onboarding.
  • 100,000 OO credits per month. Enough for everyday queries, gap analysis, and report generation.
  • Easy and free email sign-up for a Microsoft 365 work or school account.
  • Clear upgrade path to paid Opti Assist and Opti Core tiers for additional users and managed business management features.

The scale, risks, and consequences of unmanaged AI

The announcement follows Mr Giudes’ recent presentation at the 2026 Sunshine Coast Cybersecurity Conference ‘SunCon’ documenting the scale of uncontrolled AI use within Australian workplaces.

Cyberhaven data shows 85.7% knowledge [office] Employees are currently using AI in the workplace, 72.8% of which are in their personal accounts, and 83.8% of corporate data flowing into AI tools is sent to platforms classified as high or critical risk. 11 percent of what employees paste into these tools is confidential information and shouldn’t be there.

In some cases, the effects of these risks are already real. In March 2026, a contractor exploited a known vulnerability in McKinsey’s internal AI chat assistant to extract 46.5 million confidential conversations referencing 728,000 client files in two hours.

In 2023, Samsung engineers pasted their own semiconductor source code into the consumer version of ChatGPT within seven days of the internal ban being lifted. That data goes into the model’s training pipeline and can never be removed.

Australian regulators also responded. The Australian Information Commissioner’s Office’s October 2024 guidance makes organizations directly responsible for the personal information their employees input into commercial AI tools such as ChatGPT, Copilot and Gemini.

Privacy law reforms passed that year increased the maximum fine for material violations to the greater of $50 million, three times the profits earned, or 30 percent of adjusted revenue.

The Australian Signals Directorate’s March 2026 update to the Information Security Manual introduces formal AI-specific controls for the first time, and Australia’s Voluntary AI Safety Standard sets out 10 guardrails covering transparency, accountability, human oversight and data governance.

The Australian government also banned DeepSeek from all Commonwealth devices in February 2025 under Directive 001-2025, citing the risk of access by foreign governments.

“The ban on ChatGPT didn’t work for Samsung, JPMorgan and Apple, and it won’t work for Australia’s parliament, hospitals or defense suppliers,” Judes said.

“The lesson was never ‘ban AI.’ The lesson was ‘Ungoverned AI is a risk.'” Regulators have accepted that AI adoption is inevitable. What they don’t accept is that organizations won’t be able to say where their data went, who used it, and what external models are currently being trained on that data. That’s the visibility gap.

“Opti Assist Free is a way to solve this problem, not by banning AI, but by providing a version of AI that people can safely say yes to. ”

Opti Assist Free is aimed at organizations most exposed to today’s visibility gaps: professional services firms, healthcare providers, NDIS that operate under frameworks such as PSPF, DSPF based on ISM (Essential 8), ISO 9001 Quality Management, ISO 27001 Information Security Management, or DISP, but lack the in-house capabilities of large enterprise security teams. For operators, financial services, government suppliers, defense industry participants and research institutions.

This product is an entry point into ORCA Opti’s broader managed AI stack. Organizations that require multiple users, additional credits, deep investigations, automated workflows, or complete governance, risk, and compliance tools can upgrade through the paid Opti Assist and Opti Core tiers, all built on the same sovereign architecture.

“This goes way beyond modern agents,” Judes says. “This is a managed AI environment with built-in compliance assessments. This is the version of AI that Australian organizations have been waiting for. ORCA not only maintains privacy and security guardrails, but also enables real-time ESG, anti-slavery reporting and simplifies self-reporting requirements.”

Opti Assist Free is now available to anyone with a Microsoft 365 work or school account at http://www.orcaopti.ai/free.

ORCA Opti is a managed AI and compliance platform built for Australian regulated organizations. Founded in 2024 and headquartered in Brisbane, ORCA Opti runs within Microsoft 365 on Australia’s sovereign infrastructure, providing a secure way for teams to operationalize AI while continuously measuring compliance posture against industry-operated standards.

Also read: ​​AI Systems – Interoperable AI Systems: Connecting models across platforms

[To share your insights with us, please write to psen@itechseries.com]



Source link