We’re at a critical inflection point in cybersecurity and compliance, accelerated by the rapid rise of artificial intelligence (AI). During a recent conversation with Meiran Galis, CEO of Scytale, I gained a deeper understanding of how dramatically AI is reshaping Governance, Risk, and Compliance (GRC)—a domain traditionally viewed as necessary but tedious. Galis, leveraging his extensive experience from Technology Risk at EY and his current role leading Scytale, is uniquely positioned to offer insights into how AI not only complicates compliance but also dramatically enhances our ability to manage it.
Compliance has evolved from a point-in-time activity, traditionally carried out annually through burdensome audits, into an ongoing, continuous process. Galis vividly describes this shift: “Initially, compliance was disruptive and manual, entirely Excel-based. Continuous compliance makes this ongoing, automated, and stress-free. Companies know their compliance status in real-time, addressing issues proactively rather than reacting annually.” This evolution is significant; it acknowledges the reality of modern enterprises operating in dynamic cloud and SaaS environments.
In my conversation with Galis, I underscored the rising complexity organizations face due to increasing regulatory expectations, evolving cybersecurity threats, and particularly, the rapid integration of AI into all aspects of business. Scytale’s mission—to simplify security compliance through automation—is more critical than ever, especially as AI expands the landscape of risk and regulatory complexity.
Galis explained how AI is creating new compliance frameworks, emphasizing, “AI is the next revolution, akin to the internet and cloud revolutions. It’s transformative—enabling startups to innovate rapidly by leveraging advanced AI platforms. But it introduces risks around data privacy, security, and governance, necessitating more compliance oversight.” He highlighted emerging frameworks such as ISO 42001, the EU AI Act, and NIST AI standards that companies are quickly needing to adopt.
The rapid adoption of AI tools like OpenAI’s GPT and Claude raises fundamental questions about data management, security, and ethics. Organizations increasingly rely on AI to boost productivity and automate critical functions. However, as Galis emphasized, this also exposes them to significant new risks. AI tools require careful oversight of data governance and security, shifting the compliance landscape profoundly.
Galis articulated a compelling vision of how AI itself can address these compliance challenges. At Scytale, AI is employed to streamline documentation, optimize policies and procedures, manage control assessments, and automatically respond to complex security questionnaires. “AI enables real-time insights, helps maintain compliance efficiently, optimizes policies and procedures, and accelerates decision-making. It’s indispensable for scaling compliance effectively,” Galis explained.
Moreover, Galis believes AI won’t immediately replace compliance professionals but will rather reshape their roles significantly. He anticipates AI augmenting human roles, making compliance teams far more productive and effective. This aligns closely with my own experiences at Clarity, where I’ve seen AI transform reactive security postures into proactive defense strategies, significantly enhancing both efficiency and security.
Yet, this transformation also requires a broader mindset shift. Organizations must embrace AI’s potential while carefully navigating its risks. Compliance should no longer be perceived merely as a regulatory burden but as a strategic asset—especially when enhanced by AI. Galis’s perspective underscores the necessity of seeing compliance as an ongoing, integral aspect of an organization’s security posture, rather than an annual box-ticking exercise.
Concluding our discussion, Galis emphasized the importance of an adaptive, forward-looking approach: “People will evolve alongside AI, boosting productivity and quality. Over time, roles might shift significantly, but new jobs and opportunities will emerge.” This perspective resonates deeply with me, highlighting the critical importance of proactive adaptation in today’s rapidly evolving cybersecurity and compliance landscape.
Organizations that swiftly integrate AI into their compliance and cybersecurity strategies will not only enhance their security posture but will also create significant competitive advantages. Those that resist or delay risk falling behind, exposing themselves to increasingly sophisticated threats and regulatory non-compliance.
Now is the time for enterprises to act decisively—to leverage AI responsibly and strategically, transforming compliance from a necessary evil into a powerful strategic asset.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
