The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
What Risk Leaders Need to Know About AI Infrastructure
Risk leaders are sitting in vendor briefings where the presenter uses the words "agentic," "MCP," "orchestration," and "autonomous" in the same sentence, often without defining any of them. Most audiences nod along. A growing number are starting to ask harder questions. The ones who understand the infrastructure layer underneath the marketing claims are getting better answers.
This is not a technology article. It is a procurement and governance article. The AI infrastructure concepts that matter for risk leaders are not technical curiosities. They determine whether a vendor's agentic AI claims are architecturally real or a chat interface with a new label. They determine whether your organization's AI agents will operate within auditable guardrails or outside them. And they determine how exposed your technology investments are as AI reshapes the economics of risk and compliance delivery.
This article tells you what you need to know.
Professional Services Firms Admit AI Is an Existential Risk
PwC just announced PwC One, an AI platform that delivers tax, audit, and consulting services directly to clients without a PwC professional in the loop. CEO Paul Griggs warned this week that partners who resist are "not going to be here that long." Accenture said something similar earlier this month.
Two of the largest professional services firms in the world have now publicly acknowledged that AI threatens their core business model. But the bigger question is not what happens to PwC and Accenture.
It is what happens to the technology vendors who depend on them.
Subscribe free to The RiskTech Journal to learn more.
Why Data Streaming Is the Hidden Backbone of Autonomous IRM
Data streaming has become a foundational capability for modern enterprises. As organizations move away from periodic reporting and manual control cycles, the emphasis has shifted to continuous sensing, real time telemetry, and rapid mitigation. These operational patterns depend on data in motion, not data at rest. Streaming architectures now sit at the center of this shift.
The acquisition of Confluent announced today by IBM reinforces this point. Confluent is the leading commercial platform built on Apache Kafka, one of the most widely adopted streaming technologies worldwide. The acquisition signals that streaming has moved from a niche data engineering function to a strategic capability that enables AI operations, continuous controls, and integrated risk programs. Enterprises are recognizing that autonomous risk management depends on steady, reliable streams of operational signals that can be sensed, analyzed, and acted upon in real time.
How CrowdStrike’s Agentic AI Accelerates Autonomous IRM
CrowdStrike’s launch of Charlotte AI—its agentic AI architecture now embedded within the Falcon platform—marks a decisive shift in how risk is not only detected, but addressed. With its triad of capabilities (Agentic Detection Triage, Agentic Response, and Agentic Workflows), Charlotte introduces a new operating model: one where AI systems autonomously assess, act, and learn within predefined parameters.
The implication for Integrated Risk Management (IRM) is profound. These are not just smarter alerts or faster forensics. They are machine-initiated decisions with immediate governance, compliance, and operational consequences. And that demands a new framework—one that aligns autonomous action with enterprise risk oversight.
The Coming Wave: Why AI-Fueled Cyber Crime Demands a New Layer of Risk Management
In June 2024, a ransomware attack on Synnovis—an NHS diagnostics provider—led to thousands of canceled surgeries, long-term patient harm, and yet barely registered in the headlines. A year later, an attack on Marks & Spencer, which temporarily left Percy Pig sweets and Colin the Caterpillar cakes off supermarket shelves, wiped £600 million off the company’s market cap and triggered nationwide panic.
This juxtaposition, as Misha Glenny eloquently observes in his Financial Times Weekend article, reveals something uncomfortable about both society’s perception of cyber risk and our structural ability to respond to it. But it also points to a larger and more pressing reality: AI is about to turn every cyber threat vector into a force multiplier—and the defensive tools most organizations rely on are no longer fit for purpose.
As AI matures into autonomous, agentic forms, we’re not just dealing with more attacks—we’re dealing with smarter, faster, and more scalable ones. The solution isn’t just better cybersecurity. It’s Integrated Risk Management (IRM)—and it must evolve as rapidly as the threat landscape.
Where Autonomous IRM Begins—And Where It Must Go Next
The Quiet Rise of Autonomous IRM—From the Middle Out
Autonomous IRM is no longer theoretical. AI-powered platforms are starting to deliver tangible value: agentic systems that simulate attacker behavior, validate control effectiveness, and recommend mitigation actions—often autonomously.
The June 5 announcement from Tuskira, integrating directly with ServiceNow’s Vulnerability Response and SecOps modules, is a prime example. By embedding simulation-backed scoring and posture-aware mitigation into operational workflows, Tuskira is delivering intelligence in real time.
But there’s something missing: the announcement doesn’t mention Integrated Risk Management (IRM) at all.
That silence is a signal. Tuskira operates in what Wheelhouse Advisors defines as Layer 3: Intelligence & Validation—the middle of the risk architecture. And while this layer is where automation is gaining traction, it’s also where many organizations are managing in isolation, without input from either end of the enterprise risk stack.