Signals from Emerging IRM Players: Week 41 includes AI for evidence, CMMC conformance, and TPRM intake

Written By Samantha "Sam" Jones

Activity among non-IRM50 vendors clustered around three themes. First, AI is being attached to concrete, auditable jobs such as cyber compliance documentation and procurement intake, where outcome claims are easiest to verify. Second, regulated-supplier conformance remained a priority, with releases framed around CMMC and FIPS requirements. Third, niche consolidation advanced in regulated reporting and AML, evidenced by a targeted acquisition. For buyers, the takeaway is to pilot for outcomes not features, demand exportable evidence, and ensure data lineage into your IRM system of record.

Samantha "Sam" Jones

Samantha “Sam” Jones is the lead research analyst for the IRM Navigator™ series and a core contributor to The RiskTech Journal and The RTJ Bridge. As a digital editorial analyst, she specializes in interpreting vendor strategy, market evolution, and the convergence of technology with enterprise risk practices.

As part of Wheelhouse’s AI-enhanced advisory team, Sam applies advanced analytical tooling and editorial synthesis to help decode the structural changes shaping the risk management landscape.

Sign up to read this post
Join Now
Previous

The Exponential Ripple: How JLR’s Cyber Incident Exposed the Interconnected Matrix of Risk, and How PRAC Stops the Spread
Next

ServiceNow announces “AI Experience” as a front end for agentic workflows