From Compliance Theater to GRC Infrastructure: Why AI Breaks Traditional GRC ft Jasmine Kaur, Principal of Security & Assurance Engineering @ CoreWeave

Security & GRC Decoded

Security & GRC Decoded
From Compliance Theater to GRC Infrastructure: Why AI Breaks Traditional GRC ft Jasmine Kaur, Principal of Security & Assurance Engineering @ CoreWeave
May 05, 2026 Season 1 Episode 35
Raj Krishnamurthy

In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Jasmine Kaur, Principal of Security & Assurance Engineering at CoreWeave, to explore how AI-native infrastructure is fundamentally reshaping GRC.

Drawing from her experience at companies like SAP, Google, and now an AI hyperscaler, Jasmine explains why traditional GRC models are failing in high-velocity, ephemeral environments—and what needs to replace them. From “GRC as infrastructure” to the rise of agentic GRC, this conversation dives into how compliance must evolve from a reactive audit function into a real-time assurance capability embedded directly into systems.

Key Takeaways:

  • Traditional GRC models break in AI environments because systems are ephemeral and disappear before audits can validate them.
  • Compliance should be treated as a byproduct of strong risk modeling and control design—not the end goal.
  • GRC must evolve into an infrastructure-level capability that continuously emits assurance signals.
  • Agentic GRC is the next evolution beyond automation and CCM, enabling decision-capable systems with human oversight.
  • Future GRC teams must operate more like engineering and reliability functions rather than audit teams.

What You’ll Learn:

  • Why AI infrastructure makes traditional audits ineffective
  • What “GRC as infrastructure” actually means in practice
  • How to move from point-in-time audits to continuous assurance
  • The difference between automation, CCM, and agentic GRC
  • How to position GRC as a proactive, business-critical function

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com

Watch more episodes: https://www.compliancecow.com/podcast

Connect With Our Guest:
Jasmine Kaur | Principal of Security & Assurance Engineering | CoreWeave
Connect on LinkedIn: https://www.linkedin.com/in/jask31/

Rate, review, and share if you enjoyed the show!

Subscribe to Security & GRC Decoded wherever you get your podcasts:

Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683


Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450