GRC News Today

January 14, 2026 - Diligent

Diligent acquires 3rdRisk, a solution from the Netherlands that focuses on third-party risk management but also supports NIS-2, DORA, and CSRD.

January 14, 2026 - Anecdotes A.I

Anecdotes announces new features for its Agentic AI GRC platform: the AI assistant ChatGRC and Agent Studio, an environment for creating agents.

January 14, 2026 - CoreStream GRC

CoreStream GRC has released five short videos demonstrating various features: Compliance management, conflict of interest, gift and hospitality management, policy management, and action tracking.

January 13, 2026 - HiScout GmbH

German vendor HiScout reorganized its management team on January 1.

January 12, 2026 - Donald Farmer, TreeHive Strategy

The article describes a very interesting aspect of AI governance in RAG systems (Retrieval-Augmented Generation): Here, it is not only important to know where the data comes from and how it enters the system (lineage), but also the history of each individual data point and output (provenance) with the origin of each chunk, the time of recording, changes, and the context in which it was retrieved.

January 9, 2026 - Wolters Kluwer

The international information and software group Wolters Kluwer is acquiring the Canadian GRC software provider StandardFusion. The GRC software will be integrated into the TeamMate platform.

January 6, 2026 - Axiom GRC

Axiom GRC, the company that owns CoreStream, is acquiring another US service provider and integrating it into IS Partners, which was acquired in November 2025.

January 6, 2026 - Swiss GRC

Swiss GRC is delighted to be the only provider from the DACH region to be named in Forrester's latest Governance, Risk, and Compliance Platforms Landscape, Q4 2025.

December 16, 2025 - Cyber Security America Podcast

With Richa Kaul of Complyance.

December 16, 2025 - Vanta

Another episode of a self-made comparison with other products

December 12, 2025 - Vanta

Vanta has introduced new AI-powered features for rapid policy creation and editing, structured risk and data protection management (including ROPAs), more efficient vendor assessments, direct security responses in Slack, and numerous new and improved integrations for greater transparency and automation.

December 11, 2025 - MetricStream

Compilation of the different approaches

December 11, 2025 - NAVEX

The US vendor NAVEX has opened an office in Tokyo to tap into the Japanese market.

December 11, 2025 - GRC Report / Samuel Rasmussen

This article argues that the central risk of modern AI is not individual malfunctions, but rather the growing gap between the rapid development of AI systems and the slow cycles of regulation and governance.

December 10, 2025 - HiSolutions

Implementation with Scrum and Git; English audio track available.

December 10, 2025 - Joshua's Tech Tips

CISO Assistant is a GRC application that is also available as an open source version under AGPL.

December 10, 2025 - Navex

New dashboards and reports, as well as identification of comprehension issues and knowledge gaps.

December 10, 2025 - Neumetric

The Indian provider has announced a 'GDPR Privacy Audit Scanner,' a continuous monitoring tool for data protection. However, details on how it works remain unclear.

December 9, 2025 - Battleground Group, Yields

Simulated crisis simulation: After 1,800 test applications, a journalist reports that a large company's AI-supported screening of resumes is biased. Is this a crisis? Who should be on the crisis management team? How to communicate externally and internally? With results from interactive participation in this webinar and commentary from the experts involved.

December 8, 2025 - BABL AI

Discussion round on the question of what it actually means to be responsible for AI risks, compliance, and governance in a modern company.

December 8, 2025 - Vanta

Vanta continues her series of comparative articles. Drata has also published similar articles.

December 8, 2025 - Apptega

US provider Apptega presents a range of innovations: new and expanded modules, new automation and integration functions, expanded content and functions specifically for MSPs.

December 8, 2025 - Swiss GRC

Nice video about the event in November.

December 7, 2025 - Audit Control Governance Risk and Compliance

Another video from a series on ISO 42001.

December 4, 2025 - Drata

Brief introduction to the definition of no-code workflows.

December 4, 2025 - Swimlane

This short demo shows how BCM is handled in Swimlane Turbine, an AI platform for IT security.

December 4, 2025 - ServiceNow Community

Presentation of AI use cases with Now Assist for integrated risk management and ESG management.

December 3, 2025 - LogicGate

December 3, 2025 - ServiceNow Community

Demo of how regulatory alerts can be analyzed and processed using Agentic AI.

December 2, 2025 - Drata

Future GRC as an engineering discipline with continuous monitoring, automation, and AI support.

December 2, 2025 - Complyance

The NIST CSF AI Agent checks evidence for compliance with NIST CSF criteria and was created by Complyance partner Fine Assurance.

December 2, 2025 - Gartner

Where are GRC platforms headed, where does Agentic AI stand, and what should buyers look for when choosing a platform?

December 2, 2025 - OneTrust

The provider feels validated by the excellent reviews.

December 2, 2025 - Strike Graph

AI Security Assistant, new REST API, Evidence validation.

December 2, 2025 - CoreStream

CoreStream announces integration with Signal AI, a platform for external risk and reputation intelligence.

December 1, 2025

Following the acquisition of RISMA, ComplyCloud, and Wired Relations in July 2025, investor Triple Private Equity is now acquiring another tool provider from Denmark: Openli.

December 1, 2025 - SAI360

GRC provider SAI360 acquires Plural Policy, which specializes in AI-based analysis of legal texts and regulations.

November 28, 2025 - Risma Systems, Wired Relations, ComplyCloud

Joint statement by the founders of Risma Systems, Wired Relations, and ComplyCloud, which recently merged under a private equity umbrella. They explain how their combined strengths will be incorporated into a new integrated GRC solution. Their aim is not only to further mature the Danish market, but also to address Nordic and European markets.

November 27, 2025 - Integrity S.A. / devoteam Cyber Trust

This video presents the new features of IntegrityGRC 10.2, which was released in September.

November 27, 2025 - miss cyberpenny by Jane Lo

This interview highlights new threats posed by AI agents and Agentic AI.

November 26, 2025 - Conveyor

In this video, Conveyor demonstrates how an AI chatbot supports the use of their Trust Center.

November 24, 2025 - Forrester

Forrester has published a current landscape of GRC platforms.

November 20, 2025 - Crunchbase

The US provider of AI solutions for third-party risk management, founded in 2024, raised $16 million. The money will be used to expand the product and sales team.

November 20, 2025 - Raktim Singh

This article describes why traditional compliance approaches involving PDF guidelines, Excel files, and annual audits no longer work in the age of AI. And why companies therefore need a ‘compliance fabric’.

November 20, 2025 - SAP

An article from SAP on the capabilities and challenges of AI-powered GRC tools.

November 20, 2025 - LogicGate

LogicGate appoints new Chief Revenue Officer and new Chief Marketing Officer.

November 19, 2025 - SmartSuite

Demo in policy management, risk management, third-party risk management, evidence assessment, control mapping, and incident handling.

November 19, 2025 - GBTEC Group

Presentation at the BIC User Conference on the introduction of various practices based on the BIC GRC tool at a financial services provider. The presentation highlights the advantages of the chosen self-service approach, in which the customer made important adjustments independently.

November 19, 2025 - GBTEC Group

Webinar on selecting and implementing a BCM tool at Mahle (German language)

November 19, 2025 - GBTEC Group

Datev presents its risk management system (German language).

November 18, 2025 - Complyance Ltd

With the 'Vendor Risk Scorer', Complyance has released a free and publicly accessible tool for assessing supplier risks, which is also integrated into the Complyance platform. The tool searches various databases and, in testing, provided a summary, while the detailed report is available upon providing an email address.

November 18, 2025 - Vanta

Vanta presents the new Agentic Trust Platform, which uses Vanta AI Agent 2.0 to link and automate security, compliance, and risk processes. The equally new Risk Graph links internal and external risks to provide a holistic view. Customer Commitments provides a tool for tracking and fulfilling given commitments.

November 18, 2025 - Risk Professionals / Wasim Malik

This second part shows how to set up an AI Management System (AIMS) in practice, ideally integrating it with existing systems such as ISO 27001 (ISMS) and ISO 22301 (BCM), and how the certification audit is then carried out.

November 17, 2025 - Business Continuity Institute (BCI) / Wasim Malik

AI systems fail differently than traditional IT systems: technically, they remain functional, but may make incorrect, biased, or business-damaging decisions without anyone noticing. That is why classic approaches to business continuity management, such as ISO 22301, need to be expanded to include new concepts.

November 17, 2025 - risk3sixty

This part deals with issues relating to the governance of AI agents, such as an agent's access rights, autonomy, privacy, costs, and security.

November 14, 2025 - Béatrice Moissinac

Compact presentation of experiences from the introduction and certification of an AI governance program at a well-known software provider.

November 12, 2025 - LogicGate

LogicGate has introduced a new AI feature to fill out forms based on documents and other content.

November 12, 2025 - X1

The provider of eDiscovery products for legal and GRC announces AI capabilities that enable analysis at the location where data is stored.

November 11, 2025 - Sprinto

The GRC platform Sprinto has introduced a range of AI functions with Sprinto AI, e.g., in risk management and questionnaires, and there is also control mapping and an AI chat function. In addition, the AI Playground allows users to define their own AI functions.

November 6, 2025 - CoreStream GRC

Including short screen recordings and references to the AI ​​bot. The bot is explicitly described as 'optional'. One screenshot shows a request not to enter any PII so that it is not sent to ChatGPT.

November 5, 2025 - Axiom GRC

Axiom GRC, which also owns CoreStream, continues its expansion in North America.

November 5, 2025 - risk3sixty

Juvare, a provider of emergency management solutions, reports on its implementation of ISO 42001 and certification, supported by risk3sixty.

November 4, 2025 - Security Boulevard / OneTrust

It's just a short text, but it sums up what's happening right now: Agentic AI will completely transform GRC processes in companies. Even if the first thesis is somewhat bold in the literal sense, namely that agents will 'solve' the chaos of information, they will nevertheless make it manageable. And this makes the further predictions realistic: elimination of silos, acceleration, and real-time support for business processes.

Blake Brannon:

Chief Product and Strategy Officer of OneTrust

November 4, 2025 - IBM

IBM is delighted with the excellent result, shows the MQ chart, and is taking this opportunity to describe the key features of OpenPages.

November 4, 2025 - Diligent

In addition to Gartner, the article lists four other successful analyst evaluations. It also highlights the solution's AI capabilities.

November 3, 2025 - Caralegal

Demo of various use cases and functionalities in Caralegal, including AI support (German language only)

October 31, 2025 - Trustero

Implementation of Agentic AI

October 31, 2025 - risk3sixty

This part is about the implementation of a GRC AI agent.

October 30, 2025 - MaryEllen O'Connell

Result: The use of AI risk scorecards can bring significant efficiency gains. At the same time, success does not come automatically; it depends heavily on the integration of governance structures, in particular Explainable AI (XAI).

October 29, 2025 - SmartSuite

This webinar shows how GRC processes are mapped on the no-code SmartSuite platform and how AI can be used, e.g., for risk scoring.

October 29, 2025 - Empowered GRC

This video shows the first AI integration, which is only available to hosting customers.

October 2025 - The British Standards Institution

This British study analyzed 123 annual reports on the topic of AI and surveyed 850 specialists and executives.

October 28, 2025 - Formalize

The Danish vendor raises €30 million for further expansion. The focus is on the DACH region (Germany, Austria, Switzerland) and France, with plans to expand the Munich office to 30 employees.

October 27, 2025 - Swiss GRC

On October 1, the company established a new management team consisting of five areas of responsibility.

October 27, 2025 - Risk Professionals / Wasim Malik

Excellent introduction to ISO 42001 with examples and tips for integration with ISO 27001.

October 24, 2025 - Cloud Security Alliance

Overview of the CSA's extensive activities, including: 7-layer reference architecture for Agentic AI; MAESTRO for threat modeling; Risk Rubric for evaluating LLMs.

Jim Reavis:

CEO, Cloud Security Alliance

October 24, 2025 - Cloud Security Alliance

The AI Controls Matrix is a framework for AI security and governance to build and operate trustworthy AI systems. It is based on the Cloud Control Matrix and aligned with international standards.

October 23, 2025 - ServQual

October 22, 2025 - Cloud Security Alliance

Until now, logs only explained what happened. With conversation-based AI interfaces (e.g., MCP), the 'why' is also documented as a byproduct. This records both the human's reasoning and the AI's reasoning, fundamentally improving traceability and auditability.

Kurt Seifried:

Chief Innovation Officer, CSA

October 22, 2025 - Forrester

In this article, Forrester presents how its AEGIS framework for AI governance maps to other standards such as ISO 42001 and NIST AI RMF.

AI Governance AI Regulation

October 22, 2025 - London School of Cybersecurity

The third part of a series, approx. 35 minutes long.

October 22, 2025 - AuditBoard

The functions are bundled under the name 'Accelerate': Audit Agent, Continuous monitoring and continuous auditing and Document Intelligence.

October 22, 2025 - AuditBoard

AuditBoard announces the acquisition of FairNow, an AI governance platform provider.

October 21, 2025 - Hive Systems

Derive combines cyber risk management, governance, and operations, and aims to replace traditional GRC platforms.

October 21, 2025 - Tines

October 20, 2025

Integration of generative AI: Agents can read, analyze, and write data in AuditBoard.

October 19, 2025 - CAIF

How can AI risks be integrated into a company's GRC processes, and how do they fit in with frameworks such as ISO 31000 and COSO ERM?

October 17, 2025 - Safeshield Training

Good overview of this topic from a governance and compliance perspective.

October 16, 2025 - CompliSolv / MohaMar LLC

With over 82,000 requirements recorded, structured by topic and subcategory, the platform aims to help financial institutions comply with complex compliance requirements. The new system is scheduled to be unveiled on October 19.

CompliSolv:	Regulatory intelligence; founded 2024
John Martini:	Founder

October 15, 2025 - RegASK

RegASK, a provider of AI-powered regulatory intelligence, announces the launch of the 'Action Hub', an agentic AI command center for regulatory affairs.

RegASK:	Regulatory intelligence; HQ: Singapore, offices in the US and in Switzerland; founded 2018; approx. 60 employees
Caroline Shleifer:	Founder and CEO
Amenallah Reghimi:	Chief Product and Technology Officer

October 15, 2025 - LatticeFlow AI

LatticeFlow, a provider of solutions for trustworthy and compliant AI, announces an integration with Vanta. The collaboration connects technical evaluations of AI systems with Vanta’s governance and compliance workflows, helping organizations deploy AI securely and in compliance with regulations.

LatticeFlow AI:

Solutions for AI Governance; HQ: Zurich (Switzerland), offices in Bulgaria and the US; founded 2020; approx. 30 employees

October 15, 2025 - Kovrr

Kovrr, a provider of cyber, GRC, and risk modeling solutions, announced the launch of its new AI Risk Assessment and AI Risk Quantification modules. The tools help organizations gain visibility into AI risk, evaluate governance maturity, and quantify potential financial losses from AI-related incidents.

October 15, 2025 - Adetunji Adebayo

Three interesting scenarios that illustrate the tasks GRC will have in the future in the context of agentic AI.

October 14, 2025 - Onspring Technologies

These include content generation, recommendations for related content, redundancy detection, OCR, and a workbench for editing prompts. The basis is Claude from Anthropic.

Onspring:

GRC platform; HQ: Overland Park, KS (USA); founded 2010; approx. 120 employees.

October 14, 2025 - Qualio

Under the name 'Compliance Intelligence', Qualio offers a number of AI features for its GRC platform. These include gap analysis, continuous compliance monitoring, dashboards, and guided remediation workflows. Launching frameworks include FDA QMSR, ISO 13485, ISO 9001, ISO 27001, and MDSAP.

Qualio:

GRC platform für Life Sciences; HQ: San Francisco, CA (USA), Office in Dublin (Ireland); founded 2012; approx. 120 employees.

October 13, 2025 - E-V-E GRC / Evolve Solutions ApS

This video shows the process in EVE GRC of analyzing documents against control requirements using OpenAI's AI. Support for the Secure Controls Framework (SCF) is also announced.

Evolve Solutions ApS:	Compliance plattform; HQ: Gentofte (Denmark); founded 2024
Anders Søborg:	Co-founder of Evolve Solutions

October 13, 2025 - risk3sixty

risk3sixty:

Consulting company and GRC platform 'fullCircle GRC'; HQ: Roswell, GA (USA); founded 2016, approx. 60 employees.

AI Assistant

October 13, 2025 - Workiva

Topics: Unregulated AI use poses significant risks; Traditional governance models are coming under pressure; Technology is overtaking governance and control systems; Avoiding the 'Department of No' - collaboration instead of rejection; Opportunity to reposition audit and risk

AI Governance

October 13, 2025 - Prabh Nair

Good general introduction

AI Governance

October 10, 2025 - OneTrust

Tasks, roles, working principles

OneTrust:

GRC platform; HQ: Atlanta, GA (USA), offices worldwide; founded 2016; approx. 2000 employees

AI Governance

October 9, 2025 - CoreStream GRC

CoreStream GRC announces a partnership with AscentAI, a provider of Regulatory Lifecycle Management. The solution will be integrated to help U.S. financial institutions identify regulatory changes and implement them efficiently.

CoreStream GRC:

GRC plattform; London (HQ), New York; founded 2004; approx. 50 employees

October 9, 2025 - Verano.AI

Verano.AI is pleased to announce that it has launched its Agentic AI solution for Regulatory Monitoring in the ServiceNow Store.

Verano.AI:

Regulatory Monitoring; HQ: Calgary, AB (Canada), Houston, TX (USA); founded 2023.

October 8, 2025 - Grant Thornton

As part of a survey on digital transformation

October 8, 2025 - Zania AI

Risk management at Plaid, introduction of AI agents, FAIR framework, human-machine collaboration, KPIs, results, unexpected benefits, recommendations

Zania:	GRC with Agentic AI; HQ: Palo Alto, CA (USA); founded in 2023
Shruti Gupta:	Founder and CEO of Zania

October 7, 2025 - Hyperproof

Hyperproof acquires Expent.ai, a provider of solutions for managing vendors and third parties.

Expent.ai:	Vendor management; HQ: Fremont, CA (USA); founded in 2020; approx. 10 employees
Hyperproof:	GRC platform; HQ: Seattle, Washington (USA); founded 2018; approx. 170 employees

October 7, 2025 - Valdez Ladd

The article describes the advancement of Cloud-Native Application Protection Platforms (CNAPP) through multi-agent systems.

October 6, 2025 - Complyance

Interview with Neal Bridges from Query AI

Complyance:	GRC platform; New York, London; approx. 20 employees
Richa Kaul:	Founder and CEO of Complyance

October 6, 2025 - Hubscale Podcast

Lara Scott interviews Stevie Case, Chief Revenue Officer at Vanta. Topics include target customers and their needs, entering new markets, including the needs in the EMEA region, internationalization, company culture and hiring talents.

October 6, 2025 - Telos

Telos:

Network solutions, Cyber security, GRC; HQ: Ashburn, VA (USA); approx. 520 employees

October 5, 2025 - Centraleyes

On October 10, 2025, a national AI law will come into force in Italy.

AI Regulation

October 2, 2025 - E-V-E GRC / Evolve Solutions ApS

A video of just under 5 minutes with a demo of E-V-E GRC.

Evolve Solutions ApS:

Compliance plattform; HQ: Gentofte (Denmark); founded 2024

October 2, 2025 - IT Masters / Charles Sturt University

Part 1 of a course on ethics, risks, and compliance of AI systems.

October 1, 2025 - StackAI

This demo shows how to create a compliance checker with AI agents based on the StackAI AI platform.

October 1, 2025 - Telos

Under the name Xacta.ai, Telos is expanding its GRC platform with a range of AI functions. These include control implementation and validation, risk identification and mitigation. Mentioned technologies include: Prompt library, RAG, and AI-supported data tagging.

Telos:

Network solutions, Cyber security, GRC; HQ: Ashburn, VA (USA); approx. 520 employees

September 30, 2025 - Zania AI

US provider Zania has secured $18 million in a funding round. Zania relies on Agentic AI for its GRC platform and wants to use the money to expand the product in order to automate the entire GRC lifecycle. This includes expanding its own AI models and tripling its team. The focus is on Fortune 500 companies.

Zania:

GRC with Agentic AI; HQ: Palo Alto, CA (USA); founded in 2023

Agentic AI

September 29, 2025 - Iskera, Pocket Result, Optimiso Group, Acuredge

Acuredge, Pocket Result (France), and Optimiso Group (Switzerland) merge to form Iskera. The new company has approximately 100 employees and more than 400 customers in Europe.

September 29, 2025 - F5, Inc.

F5 displays monthly updated dashboards on the security and performance of well-known models such as GPT, Claude Sonnet, and DeepSeek.

September 2025 - E-V-E GRC / Evolve Solutions ApS

Evolve Solutions announces that its platform now supports Arabic and that it has launched a partner program.

Evolve Solutions ApS:

Compliance plattform; HQ: Gentofte (Denmark); founded 2024

September 28, 2025 - Safeshield Training

AI systems are highly complex and elude our direct understanding. At the same time, explainability is crucial for their use in many areas. This presentation by Safeshield provides a good introduction to the topic from the perspective of AI governance (The AI ​​voice reading allows the video to be played at a higher speed)

AI Governance

September 25, 2025 - risk3sixty

Discussion of ISO 42001 and comparison with ISO 27001; certification process and example.

risk3sixty:	Consulting company and GRC platform 'fullCircle GRC'; HQ: Roswell, GA (USA); founded 2016, approx. 60 employees.
Christian Hyatt:	Founder and CEO of risk3sixty
Danny Manimbo:	Principal & ISO AI Services Leader, Schellman

AI Governance

September 24, 2025 - EQS Group

Testing different LLMs on various GRC tasks

September 24, 2025 - SolidCore

Founded in 2024 and previously in stealth mode, SolidCore is another company now offering a solution for LLM security and compliance.

SolidCore:	Solution for AI security and AI governance; HQ: Menlo Park, CA (USA); founded in 2024
Hemma Prafullchandra:	Founder and CTO
Eric Chiu:	Founder and CEO

AI Governance AI Security

September 24, 2025 - Protecht

Starting at 17:00, introduction and demonstration of AI functionalities in Protecht, both embedded and conversational, under the name 'Cognita.' Unfortunately, the video is constantly interrupted by YouTube ads.

Protecht:	GRC platform (SaaS); HQ: Sydney (Australia), branches: Los Angeles (USA), London (UK); founded 1999
Kelly Ngai:	Head of Product Marketing
Terence Lee:	VP North America

AI Assistant

September 23, 2025 - risk3sixty

Part 2 of this high-quality series: Business Case for Agentic AI; A vision for the journey to maturity; Real world examples. With demos in the GRC platform fullCircle.

risk3sixty:	Consulting company and GRC platform 'fullCircle GRC'; HQ: Roswell, GA (USA); founded 2016, approx. 60 employees.
Christian Hyatt:	Founder and CEO of risk3sixty
Sawyer Miller:	Director of Advisory and Assurance

Agentic AI

September 23, 2025 - Corporate Compliance Insights / Lighthouse

Three employees of the provider Lighthouse advocate for balance in dealing with AI.

Lighthouse:	Solutions for eDiscovery, Records Management and others; HQ: Seattle, Washington (USA); founded 1995; approx. 1000 employees
Karl Sobylak:	Senior director of product management at Lighthouse
Fernando Delgado,:	Executive director of Lighthouse’s AI & analytics group
Lon Troyer:	Vice President of Review and Advanced Analytics at Lighthouse

September 22, 2025 - Decision Focus

The vendor from Denmark is changing ownership.

Decision Focus:

GRC platform; HQ: Birkerød (Denmark); founded 2004; approx. 65 employees

September 22, 2025 - Hyperproof

Hyperproof announces end-to-end AI functionalities with “Hyperproof AI.” The emphasis is on transparency, explainability, and the possibility of human oversight.

Hyperproof:	GRC platform; HQ: Seattle, Washington (USA); founded 2018; approx. 170 employees
Craig Unger:	CEO
Alam Ali:	SVP of Product at Hyperproof

September 19, 2025 - VComply

VComply:	GRC platform; HQ: Sunnyvale, California (USA); founded 2019
Harshvardhan Kariwala:	Founder and CEO of VComply

AI Governance EU AI Act

September 18, 2025 - Strike Graph

How is the burden of regulatory requirements perceived, and how willing are companies to use AI to solve the growing number of tasks? US provider Strike Graph conducted a survey and presents the results here.

Compliance

September 17, 2025 - Themis Press Release

Themis, a provider of solutions for combating financial crime, has introduced the 'AI Investigator', an LLM-based platform for due diligence processes. The launch took place in Abu Dhabi, aligning with the United Arab Emirates' national agenda to establish the country as the global leader in artificial intelligence by 2031.

TPRM VRM

September 17, 2025 - RegScale

RegScale has raised an additional $30 million in a Series B financing round.

RegScale:

GRC platform focused on Continuous Control Monitoring; HQ: Tysons, Virginia (USA); approx. 70 employees

September 17, 2025 - LatticeFlow AI

The AI GO! platform enables enterprises to operationalize their AI governance. The solution provides evidence-based evaluations of AI systems through reproducible technical tests. This allows regulatory requirements to be systematically verified and audit-ready documentation for compliance and risk management to be generated.

LatticeFlow AI:

Solutions for AI Governance; HQ: Zurich (Switzerland), offices in Bulgaria and the US; founded 2020; approx. 30 employees

AI Governance

September 16, 2025 - Archer

Seven months after announcing its new cloud product line Archer Evolv™ with 'Archer Evolv Compliance', two new modules for risk management and scenario planning are coming.

Agentic AI Risk Management

September 16, 2025 - ACA Group

The 'Encore AI' engine will be integrated into the provider's GRC solutions.

ACA Group:

GRC for financial institutions; HQ: New York (USA), offices in Europe and Asia; founded 2002; 1,400 employees

Compliance

September 15, 2025 - CrowdStrike

CrowdStrike acquires Pangea to cover the entire AI lifecycle and create a new category of 'AI detection and response (AIDR)'.

AI Governance

September 15, 2025 - Heise

In this detailed experiment, the German ISMS standard 'BSI IT-Grundschutz' (IT baseline protection) was further developed using AI. This was done on three levels: 1) Conversion of the current standard from PDF documents into machine-readable OSCAL structures, including translation into 14 languages. 2) Further development of the standard's content. 3) AI-based automation of document review, which resulted in the creation of the “BSI Audit Automator” tool (available under the Business Source License). The projects resulted in 8,000 lines of Python code, 4,000 lines of JSON stubs, and 50 prompts, using Gemini 2.5 Pro, 2.5 Flash, ChatGPT o3, and Claude Opus 4.

ISMS

September 15, 2025 - Workiva

Not sure if this animated AI assistant from Workiva is really new, but today I discovered it for the first time: “Ask Anna.” The lady dutifully answers all questions about Workiva, but remains at a non-committal, general level. At least she also answers questions such as “What is the capital of Alaska?” or explains “What is Independence Day?”

AI Assistant

September 12, 2025 - EY

AI adoption strategy, risks, governance, compliance with the EU AI Act, etc. at 55 companies surveyed.

AI Governance AI Regulation AI Strategy EU AI Act

September 12, 2025 - Finopotamus

In Governance, Risk & Compliance, critical tasks such as the final approval of policies, the interpretation of regulatory gray areas, and the strategic definition of risk tolerance should not be outsourced to AI. While AI can optimize existing processes, detect patterns, and provide valuable analyses, its lack of contextual understanding and the risk of misinterpretation make human judgment indispensable, that’s the core message of this article. At a time when many vendors in the current AI hype talk only about the upsides, this is a pleasantly down-to-earth voice that identifies today's limits.

ViClarity / YouComply:	GRC platform for financial services providers, insurance companies, hospitals, credit unions, and other highly regulated sectors; HQ: Kerry (Ireland), Des Moines, Iowa (USA); founded in 2008
Ogie Sheehy:	Founder and global CEO of ViClarity

AI

September 12, 2025 - AI Wisdom

After a general introduction to AI in GRC, there is a DiGRC product demo starting at 26:25. Shown AI features: 31:50: AI support for a maturity assessment was to be demonstrated. 37:23: Integration of AI agents into workflows. 38:29: Use of AI in risk analysis; 42:10: AI-assisted mapping of frameworks; 42:30: Prompt list.

Rezilens:	GRC platform DiGRC; HQ: Dubai (UAE); founded 2021
Dr. Sam Mokhtari:	Host of AI Wisdom
Dr. Shan Sokhanvar:	Founder and CEO of Rezilens

AI

September 11, 2025 - RiskNET

Critical discussion of the discrepancy between the EU's zeal for AI regulation on the one hand and the low level of own European AI development on the other.

AI Governance

September 10, 2025 - Cyberday / Digiturvamalli

The GRC platform from Finland announces an AI assistant. A first version will be rolled out in September, with further features planned.

Cyberday / Digiturvamalli:	GRC platform; HQ: Tampere (Finland); founded 2016; approx. 20 employees
Aleksi Pulkkanen:	Co-founder and COO of Cyberday

AI Assistant

September 10, 2025 - Vanta Company News

Vanta announces the integration of its AI agent into policy management. It is designed to assist in drafting, updating, and reviewing policies.

AI Agent

September 9, 2025 - Gartner

A report from the Gartner Enterprise Risk, Audit & Compliance Conference in Grapevine, Texas. With interesting insights into how customers use GRC tools and their satisfaction levels. With an excerpt from the Gartner Hype Cycle for Legal, Risk, Compliance and Audit Technologies, 2025.

AI

September 9, 2025 - Gartner

Trends in global legislation on AI use and recommendations.

AI Governance AI Regulation

September 9, 2025 - Workiva

At its annual Amplify conference in Washington, Workiva announced significant enhancements to its AI capabilities, including Agentic AI, which is integrated directly into workflows.

Workiva:

Cloud-based platform for complex financial, reporting, and compliance processes; HQ: Ames, Iowa (USA); founded in 2008; 2,900 employees

Agentic AI

September 9, 2025 - Origami Risk

The solution automatically generates lists of enterprise exposures based on inputs of key information such as industry, employee count, and geographic location.

Origami Risk:

GRC platform; HQ: Chicago, IL (USA); founded 2009; 500+ employees

AI

September 8, 2025 - Workiva Release Notes: August 30 – September 5, 2025

Comparison with SEC reports from other companies; improved waiting screen when using AI; referencing documents in chats; AI support in documents with Workiva AI Intelligent Companion; support for additional document formats

AI

September 8, 2025 - Protecht Product Updates

The Australian GRC platform Protecht ERM announces an AI assistant called Cognita, which will be rolled out in November 2025.

Protecht:

GRC platform (SaaS); HQ: Sydney (Australia), branches: Los Angeles (USA), London (UK); founded 1999

AI Assistant

September 4, 2025 - risk3sixty

Part 1 of a four-part series on the role of Agentic AI in GRC. This one-hour session covers the business context and general trends in this field, and includes an example, methodology, and a demo. Another outstanding video from risk3sixty.

risk3sixty:	Consulting company and GRC platform 'fullCircle GRC'; HQ: Roswell, GA (USA); founded 2016, approx. 60 employees.
Christian Hyatt:	Founder and CEO of risk3sixty
Sawyer Miller:	Director of Advisory and Assurance

Agentic AI

September 4, 2025 - Scytale Product Updates

The US provider, which is represented by partners in numerous regions, has incorporated the EU AI Act into the AI governance part of its application.

Scytale:

GRC Plattform; HQ: New York (USA); founded 2021; approx. 100 employees

AI Governance EU AI Act

September 3, 2025 - Commugen

Israeli provider Commugen announces several AI agents for its GRC platform. It remains unclear what the “first of its kind” refers to.

Commugen:	GRC platform; HQ: Tel Aviv (Israel); founded 1999; approx. 25 employees
Itai Sassoon:	CEO

AI

September 2, 2025 - SimplifyISO Interviews & Podcasts

Interview with Dejan Kosutic on the role and the challenges of artificial intelligence in information security management systems and in related fields.

Jim Moran:

Co-founder of Simplify ISO; London, Ontario (Canada)

AI ISMS

September 2, 2025 - ISACA

What are the issues for an auditor when dealing with Agentic AI? How do you deal with these systems that can make decisions autonomously? Three fictional but realistic scenarios are used to illustrate the problems and derive requirements from them.

Agentic AI AI Governance

August 28, 2025 - ZenGRC

The provider, headquartered in San Francisco, has announced an AI assistant for its GRC platform that performs tasks at an 'analyst-grade'. ZenGRC points to differences compared to other vendors' AI strategies, but has not yet provided details on how exactly this higher level will be achieved.

ZenGRC:

GRC plattform; San Francisco (USA)

August 27, 2025 - Verdantix

As part of its Green Quadrant report, Verdantix provides an interesting assessment of the current status of AI in GRC platforms: AI alone does not sell GRC solutions; investment in R&D is the strongest driver of true AI maturity; and regulatory requirements are making governance and explainability the next differentiating factor.

AI Governance XAI

August 26, 2025 - Workiva Release Notes: August 16 – August 22, 2025

Workiva supports various LLMs. Claude Sonnet from Anthropic has been updated from version 3.5 to 4. Knowledge cutoff date: January 2025.

Claude GenAI LLM

August 26, 2025 - Governance Dynamics, Diligent

Particularly interesting from 29:10: This section deals with approaches that can be used to improve data quality so that AI can deliver the best possible and most comprehensible results based on that data.

Explainability XAI

August 24, 2025 - AI Engineer World's Fair 2025

Not directly related to GRC, but still an interesting architectural topic: This presentation is about the development of Agentic AI within Box, a cloud-based content management platform. Ben Kus, CTO of Box, reports on the stages from simple LLM usage to an architecture for Agentic AI.

Agentic AI

August 21, 2025 - VerifyWise Blog

Version 1.2 of the open source solution for AI governance is now available. The application from the Canadian startup based in Toronto currently supports ISO 42001 for AI management systems and the EU AI Act, with further standards in preparation.

VerifyWise:

Open Source AI Governance; Located in Toronto (Canada), founded 2024

AI Governance AI Management System EU AI Act ISO/IEC 42001 Open Source

August 18, 2025 - New in Vanta, August 2025 Vanta

In its August product news, Vanta describes a new AI use case in vendor risk management (VRM): Based on uploaded documents, the application makes suggestions for answering questionnaires.

AI Third-Party Management TPRM VRM

August 18, 2025 - Workiva Release Notes: August 9 – August 15 , 2025

Workiva supports various LLMs. ChatGPT from OpenAI has been updated from version ChatGPT-4o to ChatGPT-4.1. Knowledge cutoff date: June 2024.

GenAI LLM OpenAI

August 14, 2025 - NIST

The National Institute of Standards and Technology (NIST) is developing guidelines on how organizations can operate AI systems securely. This will take the form of overlays to SP 800-53, the SP 800-53 Control Overlays for Securing AI Systems (COAiS). NIST is requesting feedback on this.

AI Security

August 7, 2025 - Gartner

AI Analyst Report Cybersecurity

August 6, 2025 - CoreStream GRC

CoreStream GRC outlines in this paper how it integrates Artificial Intelligence (AI) into its GRC platform. The approach is not to embed AI rigidly into the core platform but to provide AI in a flexible, secure, and optional way through integrable services. The strategy is based on market feedback, client requirements, and CoreStream’s philosophy of acting as the 'GRC backbone.' No fixed commitment to specific AI models or providers, integrations instead of in-house developments, and a focus on core competencies. The goal: more time for strategic GRC work instead of manual processes.

CoreStream GRC:	GRC plattform; London (HQ), New York; founded 2004; approx. 50 employees
Rich Eddolls:	Co-Founder and CPO of CoreStream GRC

AI Strategy

July 28, 2025 - GRC 20/20 Research

In this article, Michael Rasmussen presents a strategic outlook on what he calls GRC 7.0: a new era of Governance, Risk & Compliance in which agentic AI acts as an autonomous force to identify risks, support decision-making, and orchestrate GRC processes. The piece combines trend analysis with conceptual framing and illustrates how GRC is evolving from static controls to dynamic, intelligent, and proactive systems.

Agentic AI

July 1, 2025 - GRC Uncensored

This interesting interview focuses on the positioning of GRC tools, particularly in the US market, as well as various aspects of AI use both in the GRC sector and in general. Richa Kaul is the founder and CEO of Securely Technology, the provider of the AI-oriented GRC tool 'Complyance', based in New York and London.

Complyance:	GRC platform; New York, London; approx. 20 employees
Richa Kaul:	Founder and CEO of Complyance

AI

June 2025 - Massachusetts Institute of Technology (MIT)

95% of organizations do not generate a return on their AI investments. This MIT study reveals possible reasons why.

AI

June 09, 2025 - Vanta Blog

A more technical or architectural topic: Vanta has implemented its first MCP server. The Model Context Protocol (MCP) is an open standard that defines how AI models communicate with external tools, data sources, and applications. It ensures that a model can exchange information in a structured way without having to build separate integrations for each system. The article demonstrates access to Vanta data using the example of Claude and Cursor.

Vanta:

GRC-Plattform; San Francisco (HQ); founded 2018; approx. 1000 employees

AI LLM MCP

April 28, 2025 - Vanta Blog

In this blog article, Vanta's Information Security & Compliance Manager describes four insights gained from their ISO 42001 certification for AI management systems.

Vanta:

GRC-Plattform; San Francisco (HQ); founded 2018; approx. 1000 employees

AI AI Governance AI Management System Certification Compliance ISO/IEC 42001

January 7, 2025 - IBM

A number of AI innovations are presented, including OpenPages as an experimental MCP server.