Executive frameworks for managing the technical risk associated with Generative AI and automated systems. We align organizational AI deployment with the NIST AI RMF 1.0 to ensure safety, algorithmic accountability, and regulatory compliance in the age of agentic AI.
Your TPRM program assessed the AI vendor. Security questionnaire completed. SOC 2 report reviewed. Penetration test results on file. The vendor passed. Six months later, the vendor's credit-scoring model rejects applicants over age 55 at...
Read the Guide
Your CFO signs the Section 302 certification. She attests that internal controls over financial reporting are effective and that the financial statements are materially accurate. What she does not know: the revenue recognition system now...
Read the Guide
State-level AI laws in the United States more than doubled from 49 to 131 in a single year [Stanford AI Index 2025]. Federal agencies issued 59 AI regulations in 2024, up from 25 the year...
Read the Guide
Eighty-eight percent of organizations now use AI in at least one business function [McKinsey State of AI 2025]. Among organizations planning to deploy agentic AI, only 21% report a mature model for agent governance [Deloitte...
Read the Guide
Every AI governance conversation in 2026 starts with the EU AI Act. That is the wrong starting point. Europe built a compliance machine: 113 articles, six risk tiers, penalties up to EUR 35 million. It...
Read the Guide
Legislative Update, May 2026: Governor Polis signed SB 26-189 on May 14, 2026. SB 26-189 (1) pushes the effective date from June 30, 2026 to January 1, 2027; (2) repeals the original risk-based framework (six...
Read the Guide
Colorado Update, May 2026: Governor Polis signed SB 26-189 on May 14, 2026. The effective date moves to January 1, 2027 and the risk-based framework (six obligations, rebuttable presumption, NIST AI RMF affirmative defense) is...
Read the Guide
Colorado SB 205 and Texas TRAIGA grant affirmative defenses to organizations accused of algorithmic discrimination by high-risk AI systems. Claiming the defense requires two prongs: proof of violation discovery and cure, plus documented compliance with...
Read the Guide
AI agent audit trails require five logging layers beyond traditional application logs: decision logs, tool invocation logs, delegation and authority logs, memory and context logs, and inter-agent communication logs. The EU AI Act Article 12...
Read the Guide
Agentic AI risk assessment evaluates five dimensions absent from traditional AI risk: autonomy, delegation, tool use, persistence, and multi-agent coordination. Organizations applying IT risk matrices to autonomous agents miss the categories causing the most damage....
Read the GuideOne compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.