The RTJ Bridge - The Research Platform Created by the Publishers of The RiskTech Journal
The RTJ Bridge is an independent research platform delivering institutional-grade IRM market intelligence, vendor competitive assessments, and strategic risk technology analysis. Built by the analyst who created the Integrated Risk Management category at Gartner, The RTJ Bridge gives risk leaders, technology executives, and solution providers the same caliber of competitive intelligence that major analyst firms charge $25,000 to $50,000+ per year to access.
Subscribers to The RTJ Bridge receive full access to:
IRM50 OnWatch Vendor Assessments — Competitive analysis of leading IRM vendors as market events unfold, covering platform strategy shifts, M&A impact, earnings signals, and positioning changes.
Autonomous IRM and AI Governance Research — Original research on how agentic AI is reshaping risk management operating models, from production deployment patterns to the structural implications for vendor platforms and enterprise programs.
Analyst Firm and Market Critiques — Independent assessments of research from Gartner, Forrester, and other major analyst firms, viewed through the IRM Navigator Model to identify gaps, validate signals, and challenge conventional positioning.
Board Governance and Audit Committee Intelligence — Research on oversight effectiveness, emerging risk response gaps, audit committee workload challenges, and the disconnect between risk reporting and executive action.
M&A and Strategic Alliance Analysis — Same-week analysis of acquisitions, partnerships, and PE investment moves reshaping the IRM competitive landscape, with implications for buyers, vendors, and investors.
Regulatory, ESG, and Sustainability Risk — Research on how evolving regulatory frameworks (SEC cyber disclosure, EU CSRD/CSDDD, AI regulation) affect enterprise risk programs and technology requirements.
IRM Navigator™ Market Intelligence — Strategic previews and deep dives from the IRM Navigator Model, the only independent model built specifically to evaluate integrated risk management maturity and vendor alignment.
Cyber Risk, Insurance, and Third-Party Risk — Analysis of cyber risk quantification, insurance market dynamics, and the convergence of third-party risk management into enterprise IRM programs.
Subscribe to get access now
The RTJ Bridge is an independent IRM research platform published by Wheelhouse Advisors. Subscribers receive ongoing access to vendor competitive assessments, AI disruption analysis, M&A and partnership impact research, and IRM Navigator™ market intelligence. This is the only research platform built and led by the analyst who created the Integrated Risk Management category, a market now valued at over $61 billion and projected to reach $133 billion by 2031.
IRM50 OnWatch: The Week that Autonomous IRM Hit the Market
Three IRM50 vendors, IBM, Optro and ServiceNow, announced autonomous risk technology capability in the same news cycle, each using the word "autonomous" to describe architecturally distinct positions. Reading those positions against the IRM Navigator™ Model raises the questions the note addresses directly: What is the architectural difference between Autonomous IRM and Agentic GRC, and why does the distinction matter for buyers making platform decisions today? Where does each vendor's announced architecture sit against the five functional layers and four agentic domain bridges? And what does it mean for an organization's AI and risk governance posture when a vendor enters at the platform level versus the bridge level versus the IRM-for-AI half only?
The note also identifies two analytical patterns that will remain applicable as additional vendor announcements follow over the next eighteen to twenty-four months. The first is the evidence base of an acquisition at the time of close — what is in production at what scale, and whether the architectural claim the acquiring vendor is making matches that evidence. The second is vocabulary consistency: whether the language a vendor uses across its press release, analyst materials, and customer-facing content is the same, and what mismatches signal. The full note examines both patterns against the specific announcements from May 5 and May 6.
The Three Questions Everyone Is Asking About Agentic AI
Enterprise AI agent deployment has outrun governance by a wide margin. Ninety-one percent of organizations are deploying agentic AI. Ten percent have any form of agent governance in place. The three questions that the Okta CEO derived from 40 enterprise customer meetings — where are my agents, what can they connect to, and what can they do — are now being posed in boardrooms and investment committees with no clear answer in sight. The IRM Navigator™ Model provides the analytical structure to answer them: each question maps to a distinct risk domain, each domain requires a distinct governance response, and the full loop closes at ERM where the aggregate risk state is measured against enterprise risk appetite. The question this note answers is whether any platform architecture currently running in production can close that loop continuously — and what happens to the organizations and vendors that cannot.
The cybersecurity industry has built a rigorous answer to the second question. Access governance, privilege management, and identity threat detection are mature capabilities, and the Okta blueprint represents the most structured articulation of their extension to agent identities. But the identity security layer enforces the rules that the governance layer establishes. When those rules are absent, outdated, or misaligned with the organization's actual risk posture, identity security enforces the wrong rules with precision. The IRM50 AI Disruption Risk Index Compression Boundary describes exactly where the structural gap opens: vendors above it have platform architectures capable of accelerating toward continuous risk governance; vendors below it are structurally dependent on human-paced workflows that agents will simply outrun. This RTJ Bridge research note examines what it takes to answer the three questions at enterprise risk level — and which vendors and organizations are architecturally positioned to do it.
IRM50 OnWatch: OneTrust Deepens AI Governance as It Retreats Toward a Privacy Point Solution
OneTrust made two significant announcements in March 2026: a runtime AI guardrail enforcement launch at the Gartner Data and Analytics Summit and a formal brand refresh positioning the company as the operating model for governing data and AI at machine speed. Does embedding guardrails into AI infrastructure cross the threshold from compliance workflow automation to genuine Embedded-level IRM? Does Copilot Analytics represent a credible step toward Extended IRM, or is it a natural-language interface layered over a static reporting architecture? And does the AI-Ready Governance Platform cross-domain integration claim hold under the specific architectural test the IRM Navigator™ Model applies — or does it reposition existing compliance tooling under a broader name?
The Convercent divestiture sharpens every one of those questions. Ethics and compliance program management is a GRC solution area. What OneTrust exited was breadth within GRC itself, contracting toward a privacy and AI governance point solution at the same moment it is claiming a broader operating model identity. The IRM50 AI Disruption Risk Index identified the compliance system-of-record constraint as the structural boundary defining OneTrust's current tier placement. The full note examines whether the March 2026 announcements move that boundary — or whether the AI-Ready Governance brand is advancing a narrative that the architecture has not yet earned.