Metricstream Logo

AI-First Connected GRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

webinar

MetricStream Ranked #1 in Operational Risk and Audit Categories

Learn More

Discover Connected GRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Your Insight Hub for Simpler, Smarter, Connected GRC

Download this report to explore why cyber risk is rising in significance as a business risk.

Explore the forces reshaping governance, risk, and compliance in 2026

Download the eBook

Learn about our vision and mission

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

From AI Agents in Action to Star Trek: Reflections from the GRC Summit

GRCSUMMITBLOGBANNE
6 min read

Introduction

A few weeks ago, nearly 200 GRC professionals, industry analysts, and MetricStream team members gathered in Las Vegas for our semi-annual event and highlight: the GRC Summit.

The Summit is always a wonderful chance to connect, share learnings, and learn what’s new in GRC in general and at MetricStream in particular, and this year was no different. Las Vegas was an especially apt setting for a risk management event, of course! What better place to talk about placing bets on the future and managing risk!

It’s also a perfect example of machines and humans interacting, although unlike with AI – the key focus of the conference – the machines always win.

It was MetricStream’s 13th year for the Summit, and coincidentally, the 2nd time in Vegas – where the conference first took place. That first Summit featured the venerable General Colin Powell as a speaker.

Many years have passed and times have changed, but some things remain the same. Risk still remains volatile, and we’re all still looking for ways to make it simpler, more efficient, and more productive.

Luckily, today that’s more possible than ever, with the advent of automation and AI. It was such a privilege to be able to attend and hear the many speakers and observations – there’s no way I’ll be able to capture them all. But here are a few of the key takeaways, sessions, and themes that stayed with me. I hope you’ll join us next time!

1. AI is Here to Stay – and Agents + Humans is the Power Equation

If there was one theme that permeated the conference, it was AI and how it is transforming GRC.

MetricStream’s mission is to simplify GRC and amplify outcomes through AI – and that came across loud and clear across the two days.

Gaurav Kapoor, MetricStream’s Co-Founder and Vice Chairman kicked off with his keynote on Orchestrating AI by showing, not telling, how AI and humans and AI can work together.

His “digital twin,” Digital Gaurav, opened with a funny but serious commentary on how AI and humans must work together, launching Gaurav into his talk on how AI must address the key pain points of manual, tedious work, inflexible GRC workflows, and constantly changing data. He also discussed the importance of data and AI governance and building a culture around AI. AI is as much a cultural change as a technological one.

Most interestingly, we saw AI agents in action!

  • We met a Risk Agent who created an AI-bias risk
  • We talked to an Audit agent who gathered evidence for a SOC audit
  • And we spoke to an “indestructible” Cyber agent who showed us how he could automatically and autonomously create a board report of key risks and statuses, keeping senior leadership in the loop

Gaurav’s was just one of multiple talks showing AI in action. It’s clear that AI in GRC – especially agentic AI – is no longer a novelty, a theory, or a toy. It’s already working and transforming processes. It was fascinating and inspiring!

2. Even in Space, Risk Requires Collaborative Management

I might lose a friend when I admit this – I’m sorry, Michael Rasmussen!!! – but I confess I am not and have never been a Star Trek fan. Of course, I know the opening theme and recognize Captain Kirk and Mr. Spock but that’s about it.

So, I had a little trepidation when we welcomed 4 volunteers aboard the stage, I mean the Starship Enterprise (I think?), to talk about the risks of acquiring a new planet.

Michael Rasmussen, industry analyst and chief pundit of GRC 20/20, was the master of ceremonies and led the 4 volunteers through multiple scenarios, such as the planet has encountered modern slavery risks! We’ve experienced a ransomware attack! What do we do?

Each represented an area of the business – the Captain/CEO, the Science Officer/Risk & Analytics, the Security Officer/Compliance & Legal, and Engineering/IT & Resilience.

Each also was brave and donned Star Trek shirts. One, the Science Officer, MetricStream’s Shreyank Kamat, even wore Vulcan ears!

Of course, it was fun, but more important, illustrated the tremendous importance of collaboration across the enterprise… I mean, business. That message came through loud and clear across sessions, including not just this but also a powerful CXO panel featuring Marco Aspessi, Head of Internal Assurance/Audit, Siemens Energy AG, James Downing, Chief Compliance Officer, JLL (also a Star Trek Officer!), and Mike Koenig, Global Chief Ethics and Compliance Officer, JBS.

Connection and collaboration may seem like cliches but they’re the foundation of modern GRC. Siloes have no place in forward-looking, proactive risk management and compliance.

3. “Power is nothing without controls.”

This fantastic quote came from Marco Aspessi of Siemens Energy on the CXO panel and stuck with me as representative not just of GRC but also as of AI – and of leadership and the world at large.

Risks today are so volatile. We are facing unprecedented economic, geopolitical, cyber, and technological changes. To gain power over these, we must implement controls – and we must monitor those in real time.

The same is true of AI. It grants us, like Spiderman, great power, but also great responsibility – but it too requires significant controls and oversight, particularly when it comes to governance, policies, and guardrails. We had a great deal of discussion around balancing innovation, ethics, and risk management.

A significant thought starter.

4. The Best Learning Comes from Others

One of the real joys of the Summit is meeting and interacting – connecting – with like-minded professionals.

The case studies and presentations from real-life practitioners are always extremely valuable. I particularly enjoyed hearing from organizations who transformed their GRC programs or built them from the ground up.

The GRC journey award winners were all impressive. I sat in on a detailed workshop with California State University, Chico State who built a GRC program for the first time across their educational institution. It was inspiring. Their program crosses cyber, enterprise risk, and audit and even incorporates AI, creating accountability and resilience across the school.

5. Show Up for Life!

Finally, I’m not sure our attendees expected to get motivation or inspiration from a GRC conference, but that’s exactly what they got from our keynote speaker Rudy Ruttieger.

If you’re like me, you’ve probably seen the 1993 movie “Rudy” once or a dozen times! Rudy is a kid who wants to play football at the University of Notre Dame but is too small and also couldn’t get into the school. He doesn’t let that stop him and manages to get in, and well, I won’t spoil it, but if you’ve seen it, you will recognize, “Rudy! Rudy! Rudy!”

It's a classic underdog story like Rocky and we were all excited to hear the real Rudy speak.

He entertained us with his life story and many jokes and anecdotes.

Most important, though, some basic advice: “You’ve got to show up.”

It was all about resilience and not giving up – and really, what better advice is there for GRC?

There is so much more I could cover. Fantastic workshops by risk expert Chris Mandel and GRC Pundit Michael Rasmussen. Terrific product updates by our MetricStream team, including our Head of Product, Raghuram Srinivas. Inspiring brass-tacks focus on customer feedback and how we are listening – and what we are doing – by MetricStream CEO Marc Levine.

It was two days of AI, GRC, and upskilling – but still most important, human connection.

We hope to see you at our next event in London!

Pat McParland

Patricia McParland VP – Marketing

Pat McParland is VP of Product Marketing at MetricStream. She is responsible for creating product messaging, product go-to-market plans, and analyzing market trends for MetricStream's cyber compliance and third party risk product lines. Pat has more than 25 years of financial data and technology marketing experience at Fortune 1000 brands as well as startups and has led product and marketing teams at Dow Jones and Dun & Bradstreet. She has a BA from the College of William and Mary and lives in Summit, New Jersey.

 

Related Resources

Blog
Blog
6 mins
Patricia McParland
Top GRC Trends for 2026: Agentic AI, Enterprise Cyber GRC, and Resilience