The intersection of Governance, Risk, and Compliance (GRC) and artificial intelligence (AI) represents one of today’s most compelling business transformations. In my recent conversation with Yair Kuznitsov, an expert in AI and GRC, it became clear to me that the role of Governance, Risk, and Compliance within enterprises has fundamentally shifted, driven primarily by the rapid adoption of AI.
Kuznitsov, whose team has dedicated a full year to rigorous AI research specifically in the GRC domain, brings a unique perspective to the topic. His extensive work focuses on leveraging proprietary datasets to ensure high accuracy in specific enterprise use cases. “It’s very difficult to create AI that addresses specific use cases with high accuracy without training it on highly specific and vertical datasets,” Kuznitsov explained. The importance of proprietary data in achieving the high accuracy necessary for enterprise-level trust cannot be overstated.
Historically, GRC was perceived primarily as a gatekeeper function—slowing innovation with stringent compliance requirements and risk assessments. Kuznitsov clearly articulated how the role of GRC is changing dramatically: “Historically, GRC was a gatekeeper slowing innovation. Today, modern GRC teams enable innovation, ensuring trust remains intact.” This transformation is largely due to increased complexity arising from enterprises’ expansion into global markets, cloud adoption, and SaaS proliferation.
Indeed, today’s enterprises face an exponential increase in complexity and risk exposure due to technological advancements. According to Gartner, by 2025, approximately 85% of enterprises will operate predominantly in cloud environments, presenting significant challenges for traditional compliance frameworks. Enterprises, therefore, require GRC functions that can rapidly assess new regulations and facilitate safe, compliant, and swift market entry.
AI offers a unique opportunity to meet these demands. Kuznitsov emphasized that the effectiveness of AI in the GRC space depends critically on achieving high accuracy levels, particularly because enterprises need confidence rates of at least 80-90% to trust AI-driven decisions. He highlighted how proprietary data plays a crucial role in achieving such high accuracy: “It’s very difficult to create AI that addresses specific use cases with high accuracy without training it on highly specific and vertical datasets.”
This insight resonates with my own experience at Clarity, where we’ve witnessed firsthand how integrating precise and contextualized AI models dramatically enhances cybersecurity. AI is not just a technology upgrade—it fundamentally reshapes how organizations approach risk management and regulatory compliance, transforming them from reactive gatekeepers into proactive enablers of innovation.
The conversation also illuminated the significant challenge enterprises face in managing the complexity of GRC. Kuznitsov described how traditional compliance, driven by static, document-based methods, has turned chaotic due to globalization and rapid technological adoption. AI-powered solutions streamline this chaos by automating gap assessments, policy checks, and risk management processes at previously unimaginable speeds.
Moreover, Kuznitsov stressed that proprietary data is the cornerstone of AI differentiation in GRC applications. Leveraging enterprise-specific datasets ensures high accuracy, maintaining trust and providing security. The future of enterprise GRC, according to Kuznitsov, is deeply tied to the strategic use of such vertical, data-enriched AI solutions. “Vertical AI solutions achieve high value by providing tailored accuracy for specific enterprise use cases,” he noted.
Reflecting on our conversation, it is clear to me that organizations embracing AI-driven GRC practices today will not merely survive but thrive in the rapidly evolving global market. The transition from passive gatekeeping to active enabling through AI is essential. Enterprises failing to recognize this shift risk being left behind in an increasingly complex regulatory landscape.
In conclusion, enterprises must urgently reconsider their approach to GRC. The AI era demands dynamic, proactive, and precise compliance strategies, fundamentally driven by proprietary data and tailored AI solutions. The choice facing enterprises today is stark: embrace this AI-driven transformation and enhance innovation capability, or remain mired in outdated practices, exposing themselves to increasing risk.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
