The best GRC tool for AI

Sleek v2.0 public release is here

Lorem ipsum dolor sit amet, consectetur adipiscing elit lobortis arcu enim urna adipiscing praesent velit viverra sit semper lorem eu cursus vel hendrerit elementum morbi curabitur etiam nibh justo, lorem aliquet donec sed sit mi at ante massa mattis.

Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potent i
Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti

What has changed in our latest release?

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut aliquam, purus sit amet luctus venenatis, lectus magna fringilla urna, porttitor rhoncus dolor purus non enim praesent elementum facilisis leo, vel fringilla est ullamcorper eget nulla facilisi etiam dignissim diam quis enim lobortis scelerisque fermentum dui faucibus in ornare quam viverra orci sagittis eu volutpat odio facilisis mauris sit amet massa vitae tortor condimentum lacinia quis vel eros donec ac odio tempor orci dapibus ultrices in iaculis nunc sed augue lacus

All new features available for all public channel users

At risus viverra adipiscing at in tellus integer feugiat nisl pretium fusce id velit ut tortor sagittis orci a scelerisque purus semper eget at lectus urna duis convallis. porta nibh venenatis cras sed felis eget neque laoreet libero id faucibus nisl donec pretium vulputate sapien nec sagittis aliquam nunc lobortis mattis aliquam faucibus purus in.

Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti
Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti

Coding collaboration with over 200 users at once

Nisi quis eleifend quam adipiscing vitae aliquet bibendum enim facilisis gravida neque. Velit euismod in pellentesque massa placerat volutpat lacus laoreet non curabitur gravida odio aenean sed adipiscing diam donec adipiscing tristique risus. amet est placerat in egestas erat imperdiet sed euismod nisi.

“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum”

Real-time code save every 0.1 seconds

Eget lorem dolor sed viverra ipsum nunc aliquet bibendum felis donec et odio pellentesque diam volutpat commodo sed egestas aliquam sem fringilla ut morbi tincidunt augue interdum velit euismod eu tincidunt tortor aliquam nulla facilisi aenean sed adipiscing diam donec adipiscing ut lectus arcu bibendum at varius vel pharetra nibh venenatis cras sed felis eget dolor cosnectur drolo.

Don't put ClearOPS in the GRC bucket, please. Governance, Risk Management, and Compliance (GRC) tools may be useful to some, but I find them comparable to a CRM. Sometimes useful, but requiring way too much work to maintain and manage. It is time someone came up with a way to do the work for you (like we did at ClearOPS). The purpose of this blog post is to explore if GRC is the round hole that the square peg of AI assessments is going to be jammed into. Spoiler alert: it should not.

The EU AI Act aims to ensure that AI systems deployed within the European Union are safe, transparent, and respect fundamental rights. Similar to GDPR, that went into effect in May of 2018, the Act is so comprehensive that businesses in the US and other countries will be forced to comply. The EU AI Act categorizes AI systems based on their risk levels—unacceptable risk, high risk, limited risk, and minimal risk—and sets stringent requirements for those classified as high-risk.

Governance: I think this is the area that most software tools fall flat. Governance is about people and if you don't have enough people in your organization with the right skillsets then having a governance tool is a huge waste of your time. When I began setting up an AI ethics program at Clarifai, I started with a committee of folks who were interested in the topic. From there, I was able to determine the correct strategy for the company in terms of which people and what skillsets. People determine process, not the other way around. If you are the only person responsible for AI governance, then you don't need a tool. You need help.

Yet, from what I have seen, GRC tools do not foster multi stakeholder collaboration. There is a sense that "the security team is responsible for it." It makes sense when the tool is set up for such a silo, but governance is not a siloed job. Look for a tool that encourages multiple stakeholders to log in and cross collaborate.

Risk: I have seen so many tools break down risk into a process: harm X probability equals risk. Bleh. Risk is not a process and it is not objective. All factors that go into making a decision about risk are subjective. The only point of discerning it down into a mathematical equation is to make it easier to digest at a glance. While we continue to wait for the AI assessments that will ultimately be required by regulation, AI is adding a new complexity to the process of determining risk. You can have a GenAI tool writing marketing content for one company where they deem that a high risk and, for another company, it may be the only acceptable risk.

I think this is also an area where GenAI can help. When I was the General Counsel, I would frequently advise business leaders of the risk they were taking, but ultimately leaving the decision to them. If the point of GRC is to record these conversations, then having GenAI take my audio and transcribe it to text and add it to a knowledge base would be useful. Also being able to tell it what is legal privilege and what isn't would be extremely useful. No current GRC tool I know does that right now.

Compliance: If you are like me, then you think of compliance as policy writing. This area is the one I am most excited about for the application of AI as well as the evaluation of AI. At ClearOPS, our reporting GenAI function enables companies to build brand new policies in minutes that are custom to their business and in compliance with regulation. It's really impressive! Most GRC tools I have seen require you to upload a fully complete policy and then help with storing it and making it available to employees. That is still useful, but it is also very 2010.

In addition, GenAI can help evaluate your current policies against new regulations and offer suggestions for improvements or update accordingly. With the many new laws and regulations and standards emerging on AI, this is a critical feature moving forward.

And let's face it, the point of policies is to guide people when they don't know what to do. Most policies I have read are confusing at best and pointless at worst. If you think your AI governance needs a policy, then at least let your employees be able to use GenAI to interact with it.

Conclusion

Organizations must consider investing in specialized AI governance tools that are designed to handle the unique challenges posed by AI technologies. Whether you are evaluating AI or using AI, tools that do the work for you are the future. Let's not stay stuck in the GRC past.

‍