Technology Risk Briefing

AI Has Changed Technology Risk Forever: Why Every Organisation Must Adapt

David Horn Season 1 Episode 9

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 6:58

Artificial Intelligence is no longer just transforming businesses—it is fundamentally changing the technology risk landscape.

Following a rare warning from the Five Eyes intelligence alliance, governments and security leaders are cautioning that AI is rapidly accelerating cyber capabilities, shrinking vulnerability remediation windows, and creating entirely new governance challenges for organisations.

In this episode of the Technology Risk Podcast, David Horn explores why AI has become the defining technology risk issue of 2026 and how it is reshaping every major risk discipline—from cybersecurity and application security to identity, cloud, third-party risk and operational resilience.

You'll learn:

🔹 Why the Five Eyes warning should concern every board and executive team
🔹 How AI agents are becoming autonomous digital workers—and a new attack surface
🔹 Why identity security is emerging as the most important control in modern organisations
🔹 How AI is accelerating vulnerability discovery and exploitation
🔹 Why cloud resilience now includes AI resilience and concentration risk
🔹 How third-party risk is evolving into ecosystem risk
🔹 Five practical actions every organisation should take to strengthen governance and resilience

Whether you're a CIO, CISO, technology leader, internal auditor, risk professional or board member, this episode provides practical insights into one of the most significant shifts in technology risk management.

Presented by David Horn
Sponsored by CauTix – Technology Risk and Control

🎧 Technology Risk BriefingEach week we cut through the headlines to explain what matters, why it matters, and what technology leaders, auditors and boards should be doing about it.

Key Risks. Real Insights. Practical Actions.

SPEAKER_00

So the question here is: has cloud risk become the new concentration risk? Cloud outages aren't new, but AI changes their impact. Increasingly, organisations rely upon a handful of providers Microsoft, Google, Amazon, OpenAI, Anthropic. These aren't simply suppliers anymore, they're becoming critical infrastructure. When organizations depend on one provider for knowledge retrieval, software development, customer support, business automation, security analysis, the outage of one provider becomes an operational resilience event. Takeaway here is that AI resilience is becoming business resilience. Traditional third-party risk looked at suppliers. Today organizations depend on ecosystems. Open source, foundation models, APIs, plugins, model providers, cloud providers, data providers. One supplier failure may affect thousands of organizations simultaneously. Modern risk management programs need visibility across entire ecosystems, not simply contractual suppliers. So what should organizations do? Where should leaders begin? I'd suggest five priorities. First, treat AI governance like cyber governance. Second, extend identity governance to AI agents. Third, review privileged access and machine identities. Fourth, update operational resilience plans to include AI providers. And finally, educate boards because AI is no longer simply transforming business, it's transforming risk. This week, every board should ask management how many AI systems are making decisions inside our organization? Who owns those systems? How are their permissions controlled? Which critical business services depend upon AI, and what happens if those AI services become unavailable tomorrow. If you're an internal auditor, this week's stories point towards three excellent audit opportunities. AI governance, machine identity management, operational resilience for AI-enabled services. These are rapidly becoming areas of regulatory interest. If you're a CISO, you should be looking at reviewing AI inventory, review privileged identities, review machine identities, review AI supplier dependencies, and review AI instant response plans. So in closing, artificial intelligence is changing every aspect of technology risk. Not just cybersecurity, not just cloud, not just identity, everything. The organizations that succeed won't necessarily be those with the most AI. They'll be those with the strongest governance, the strongest resilience, and the clearest understanding of risk. Thank you for joining me. I'm David Horn. This has been the Technology Risk Podcast sponsored by Cortix. Until next week, stay informed, stay resilient, and stay ahead of Technology Risk.