Orca Opti launches free AI governance tool for Australia

Orca Opti has launched Opti Assist Free, a no-cost AI governance assistant for regulated Australian organisations. It is aimed at employers that need AI tools hosted on Australian infrastructure.

The Brisbane-based company designed the service for organisations in sectors including healthcare, financial services, government supply, defence and research, where compliance and data-handling requirements are stricter than in the broader market. Users can sign up with a Microsoft 365 work or school email account, and the service includes monthly credits for queries, document generation and compliance checks.

At the centre of the offer is a compliance gap analysis tool that assesses organisations against frameworks including ISO 27001, Essential Eight, DISP, NDIS Practise Standards, ISO 9001, ISO 42001, PSPF and DSPF. The system generates a nine-section readiness report with scores across compliance domains, along with prioritised remediation steps and audit language.

Kathryn Giudes, Founder and Managing Director of Orca Opti, said the company was responding to the spread of unsanctioned AI use in workplaces.

"A DISP readiness report at this level of detail used to cost around $5,000 and take three weeks. We're giving it away for free, on sovereign infrastructure, and it takes about fifteen minutes. Every Australian organisation deserves to know where they stand on compliance. Cost and complexity shouldn't be the barrier, and neither should sending the answers to an overseas tech company," said Kathryn Giudes, Founder and Managing Director of Orca Opti.

Growing concern

The launch comes as Australian employers face closer scrutiny over how staff use consumer AI products and where company information ends up. Orca Opti cited research from software management company Josys showing that more than one-third of Australian professionals have exposed sensitive company data to AI platforms, much of it through personal accounts that employers cannot directly monitor.

Additional data cited by Orca Opti points to widespread workplace AI use. According to figures from Cyberhaven, 85.7 per cent of office-based knowledge workers now use AI at work, with 72.8 per cent doing so through personal accounts. The data also showed that 83.8 per cent of enterprise data flowing into AI tools goes to platforms classified as high or critical risk, and that 11 per cent of the information pasted into those systems is confidential.

Those concerns have been sharpened by well-publicised incidents involving large companies. Orca Opti pointed to the case of Samsung engineers who entered proprietary semiconductor source code into ChatGPT after an internal ban was lifted, along with a reported breach involving McKinsey's internal AI chat assistant that exposed millions of confidential conversations and references to client files.

Regulatory pressure

Australian regulators have also tightened their stance on AI governance and data protection. Guidance from the Office of the Australian Information Commissioner made organisations accountable for personal information employees enter into commercial AI tools, including ChatGPT, Copilot and Gemini.

Privacy Act reforms increased potential penalties for serious breaches to the greater of USD $50 million, three times the benefit obtained, or 30 per cent of adjusted turnover. More recently, the Australian Signals Directorate updated the Information Security Manual with AI-specific controls, while the country's Voluntary AI Safety Standard set out guardrails for transparency, accountability, human oversight and data governance.

Against that backdrop, Giudes argued that outright bans on AI use are unlikely to solve the problem for employers.

"Banning ChatGPT did not work for Samsung, JPMorgan or Apple, and it will not work for an Australian council, hospital or defence supplier either," Giudes said.

"The lesson was never 'ban AI'. The lesson was 'ungoverned AI is the risk.' Regulators have accepted that AI is inevitable. What they will not accept is organisations being unable to say where their data went, who used it, or which foreign model is now trained on it. That is the visibility gap. Opti Assist Free is how we close it, not by banning AI, but by giving people a version of it they can safely say yes to," Giudes said.

Product entry point

Opti Assist Free does not send user inputs to third-party AI providers and does not train on customer data, according to Orca Opti. It is positioned as an entry point to the company's wider paid software range for organisations that need more users, deeper research functions, automated workflows or broader governance, risk and compliance tools.

Orca Opti was founded in 2024 and is based in Brisbane. Its products run inside Microsoft 365 on Australian-hosted infrastructure for organisations that need tighter control over data location and compliance reporting.

"This is so much more than a modern agent. It's a governed AI environment, with a compliance assessment built in. That is the version of AI Australian organisations have been waiting for. Not only does ORCA keep the privacy and security guardrails, it also enables real-time ESG, anti-slavery reporting and simplifies self-reporting requirements," Giudes said.