Any attempt to shore up cyber resilience must account for ever-evolving AI technologies. That's where governance, risk, and compliance come in, serving as a critical framework to navigate current and future AI-driven vulnerabilities.

In this special report, you'll hear from companies and proponents using strategies to shore up GRC to safely manage AI's rapid, unpredictable expansion along three fronts:

Data Integrity: GRC frameworks must evolve to secure outbound data, preventing AI engines from scraping and spreading compromised or inaccurate corporate information.

Operational Vulnerabilities: The rush to adopt AI introduces "tech intolerance," where bypassing IT guardrails creates massive compliance gaps, shadow IT, and severe cybersecurity liabilities.

Frontline Shadow AI: How overburdened professionals are turning to generative AI to handle regulated paperwork; without strict GRC oversight, this ad-hoc usage exposes sensitive data to major security risks.

-- Michael Domingo

Innovation moves fast, but security bottlenecks shouldn't slow you down. Discover how Dell PowerStore delivers cyber-resilient, scalable storage designed to eliminate infrastructure complexity and keep your most valuable data assets safe from evolving threats.

AI is transforming supply chain operations but also exposing new cybersecurity vulnerabilities, writes Chuck Brooks, the president of Brooks Consulting International. AI enhances efficiency through real-time data transfer and automation but also expands the attack surface for cybercriminals, Brooks notes, citing a 2025 Verizon Data Breach Investigations Report that indicated a rise in third-party involvement in breaches from 15% to 30%. Brooks recommends organizations adopt comprehensive risk frameworks, zero-trust architectures, transparency and AI-driven defensive measures to mitigate these risks.

The shift from traditional web applications to agentic ecosystems driven by AI agents is creating a major challenge for identity and access management. AI agents, often operating with broad or inherited permissions, pose risks such as acting outside intended boundaries and unauthorized data access. Security strategies should include treating agents as first-class identities, using short-lived tokens, and implementing relationship-based access control.

AI rollouts at organizations like Fidelity Investments and EY have been temporarily halted because of unexpected data exposure, highlighting the challenges of managing vast and often unstructured data. "It wasn't an AI problem," said Steve MacIntyre, senior vice president at Fidelity. "It was the productivity and the ability of AI to find things quickly." Both companies are now focusing on establishing stricter data governance and ownership protocols to mitigate these issues.

Unauthorized use of AI tools, or "shadow AI," is increasing in healthcare as clinicians seek to enhance workflows, but it can pose significant risks to patient safety, compliance and data security. "The risk associated with multiple shadow AI tools and potential compliance gaps is high enough that health system leaders need to focus on streamlining technology selection and implementation processes to get these tools into clinicians' hands faster," said physician Sunny Kumar, a partner at Informed Ventures.

AI governance has become a major focus for enterprises, driving the need for effective digital supply chain management and third-party risk management. Governance, risk and compliance teams and security operations teams must collaborate more closely to address the rapid pace of threats from advanced AI models such as Claude Mythos and OpenAI Daybreak, according to BitSight.

Employers face growing cybersecurity risks from employees using personal and free-tier AI accounts for business purposes, according to Harmonic Security. Tammy Sergie, chief HR and privacy officer at Edgewood Health Network, highlights that this practice often involves inputting sensitive information into unsanctioned AI tools, increasing the risk of data breaches. Sergie emphasizes the importance of adhering to data governance principles and obtaining proper consent when using employee data beyond its original purpose.

According to IBM's 2025 Cost of a Data Breach Report, one in five organizations experienced breaches related to shadow AI, with costs averaging $670,000 higher than those without such incidents. The report highlights that 80% of office workers use public AI tools, often without IT knowledge, creating an unmanaged attack surface that traditional security tools may miss.