The Restaurant at the End of the GRC Universe

Beyond the AI Hype Cycle: Complyance in the GRC Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Richa Kaul, founder and CEO of Complyance, for a conversation about one of the most crowded buzzword fields in the modern GRC universe: AI. The discussion begins with the story of Complyance, how it emerged, and what has helped it stand out in an increasingly competitive market. From there, Michael and Richa dive headfirst into the growing gap between AI marketing and AI reality. Every platform seems to have an AI strategy. Every vendor claims to have agentic AI. But what does that actually mean, and more importantly, what is it actually doing? Together they explore the difference between AI as a feature, AI as a marketing term, and AI as a genuine system of action that performs work on behalf of GRC teams. The conversation focuses on practical outcomes rather than promises, including how Complyance applies AI to third-party risk management, internal controls, evidence collection, questionnaire responses, and continuous monitoring. Along the way, Richa shares the questions organizations should be asking when evaluating AI-powered GRC solutions, how to distinguish meaningful capabilities from demonstrations and prototypes, and why the future belongs to platforms that can combine intelligence with action. The discussion closes with a look toward 2030 and how both Complyance and the broader GRC market may evolve as AI becomes more deeply embedded in governance, risk, and compliance programs.

The Restaurant at the End of the GRC Universe

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, field researcher and intergalactic GRC hitchhiker Michael Rasmussen is joined by Graeme Keith and Stefan Gershater for a conversation that is slightly unusual for the series because there is no technology vendor in sight. Instead, it’s two deeply experienced risk practitioners looking at the GRC technology market from the outside and asking a fairly uncomfortable question: Has the industry become so distracted by AI that it never properly solved the basics in the first place? The discussion explores a GRC landscape crowded with platforms, overlapping promises, and increasingly indistinguishable products. Graeme and Stefan argue that many vendors are still wrestling with foundational architectural problems while simultaneously racing to attach AI to everything in sight. Along the way, they compare the current AI wave to The Restaurant at the End of the Universe and ask whether AI will ultimately destroy the GRC technology galaxy or accelerate it. The consensus is more grounded than apocalyptic. AI is an amplifier. If your approach to risk and governance is fundamentally sound, AI may accelerate value. If your processes are broken, AI simply helps you fail faster. The conversation also dives into quantitative risk, uncertainty, machine learning, decision-making, and why so many organizations still struggle to distinguish useful technology from what Michael jokingly compares to the Wizard of Oz, where much of the magic disappears once someone pulls back the curtain. They close with practical advice for organizations trying to navigate an overcrowded and noisy market, including how to think critically about vendors, architecture, AI claims, and what truly differentiates good GRC technology from polished demos and marketing theater.

The Practical Improbability of Value: CoreStream in the GRC Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Richard Eddolls, co-founder and Platform Director of CoreStream, for a conversation about what happens when a GRC platform is built around one deceptively difficult idea—delivering real value. Richard shares the origins of CoreStream, how the company evolved from its early beginnings, and how its core DNA has stayed remarkably consistent over the years. Simplicity, flexibility, and measurable outcomes remain central to the way CoreStream approaches GRC, even as the market itself has become larger, noisier, and increasingly crowded with overlapping promises. The discussion explores why CoreStream focuses so heavily on outcomes rather than features, how configurability became one of the company’s defining strengths, and why organizations ranging from highly regulated enterprises to complex global manufacturers have gravitated toward the platform. Michael also shares a story about a major European manufacturer whose RFP process ultimately revealed something larger than a list of requirements. CoreStream stood out not just for meeting the brief, but for helping the organization think differently about where value could actually be created. Along the way, they unpack the breadth of use cases CoreStream supports, the philosophy behind its no-code approach, and how its partnership with Sannos fits into the company’s evolving AI strategy. Rather than chasing hype, the focus remains on practical applications that improve efficiency, decision-making, and organizational effectiveness. The episode closes with a look toward 2030 and what CoreStream may become as GRC continues to evolve from a compliance exercise into something more connected, adaptive, and operationally meaningful. In a galaxy full of dashboards, acronyms, and feature lists, this conversation keeps returning to a simpler question. Does the technology actually create value?

Risk Has No Borders: Aravo in the GRC Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Adelani Adesida and Dave Rusher of Aravo to explore why third-party risk has become one of the defining challenges of the modern enterprise. The conversation starts with a simple reality. The extended enterprise is the enterprise now. Organizations increasingly rely on vast networks of suppliers, vendors, contractors, distributors, and partners that stretch across jurisdictions, industries, and regulatory environments. Managing that complexity well is difficult. Managing it poorly, as Michael notes, can resemble Vogon poetry and be painful, confusing, and something no one should willingly endure. From there, they unpack Aravo’s long history in third-party risk management and what has allowed the company to stand out in a crowded market. Michael highlights four things he believes differentiate Aravo. First, experience. Second, the ability to handle both deep complexity and global scale while still supporting smaller and mid-sized organizations effectively. Third, the breadth and maturity of its domain coverage across legal, compliance, cyber, operational resilience, privacy, sustainability, health and safety, and more. And finally, the people and culture behind the platform. The discussion also explores why so many TPRM programs fail to mature, what successful implementations look like, and how Aravo approaches AI pragmatically rather than theatrically.  The episode closes with a look toward 2030 and how Aravo sees third-party risk evolving as supply chains become more interconnected, regulations become more dynamic, and AI becomes increasingly embedded in the way organizations operate.

Keeping Up with AI: Optro in the GRC Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Guru Sethupathy of Optro to explore a question many organizations are still struggling to answer. What does AI governance actually mean in practice? The conversation starts with what keeps clients up at night. Not just risk, but the pace of change. AI is moving faster than most governance models were designed to handle, leaving organizations trying to define guardrails while the technology keeps evolving underneath them. From there, Guru breaks down what good AI governance looks like beyond the buzzwords. They unpack why nearly every platform now claims to offer AI governance, and how to separate meaningful capability from surface-level features. The discussion focuses on what organizations really need, including governance models that are effective, efficient, resilient, and adaptable enough to keep up with constant change. They also explore how Optro is approaching this challenge, how its AI governance module is designed to operationalize these principles, and what organizations should expect as AI governance matures over the next several years. The episode closes with a look toward 2030 and how governance itself may need to evolve as AI becomes embedded in everyday decision-making.