▸ WORKLOFT RESEARCH NOTES

One paper.
One regulated lens.

~1,000 words. Strong opinions, weakly held.

Long-form essays from Workloft Labs. Each note takes a single substrate-relevant paper, frames it through the lens of an FCA-regulated asset manager or a UK Local Authority, and says something a buyer can actually use. Published openly. Updated weekly.

No. 05 · 9 May 2026 · FCA SS1/23 · ICO §11 · NCSC Secure-AI

Pre-send verification: when an agent speaks for the firm, "the model was careful" is not a control

Outbound agents are now firm-of-record speakers. The producer model that drafts the message cannot also be the control that approves it. A four-axis guardian — two deterministic, two semantic — sitting in front of send() is the substrate pattern that survives an audit. Includes the architecture we shipped on 9 May 2026 and the buyer-side procurement question.

Read note №05 →

No. 04 · 9 May 2026 · Procurement · FCA SS1/23 · ICO DPIA

TrustFall and the procurement question for any regulated buyer adopting agentic coding tools

All four major agentic coding CLIs spawn unsandboxed MCP servers from a malicious repo on a single Enter keypress. Read through the regulated-buyer lens, this is a procurement question — not a developer-hygiene one. Includes the Workloft exposure audit and the buyer-side controls.

Read note №04 →

No. 03 · 9 May 2026 · UK GDPR · UK Local Authorities · civiclaw

Direct corpus interaction: the GDPR-shaped retrieval pattern that was hiding in plain sight

Li et al. propose agents skip embedding retrieval entirely and read raw corpora with grep, cat and find. Read through the UK GDPR lens, embedding stores look like a data-protection liability that a tool-use agent already knows how to avoid. Includes the civiclaw module we shipped with it.

Read note №03 →

No. 02 · 8 May 2026 · UK GDPR · Risk function

When no benchmark exists: the methodology your Risk function was already going to need

What to do when the buyer asks "is it safe?" and there is no published benchmark to point to. A regulated-lens essay on building defensible measurement when the literature hasn't caught up.

Read note №02 →

No. 01 · 7 May 2026 · FCA SS1/23 · Asset managers

ARIS: the executor-reviewer pattern that the regulated AM was already going to need

ARIS proposes an executor-reviewer agent split. Read in the FCA SS1/23 lens, it's not a research curiosity — it's the pattern asset managers were always going to be forced into. Why the architecture matters more than the benchmark.