Unlocking GRC Potential with AI: A Conversation with Yair Kuznitsov, CEO of Anecdotes

By Michael Matias, CEO of Clarity and Forbes 30 Under 30 alum

The intersection of Governance, Risk, and Compliance (GRC) and artificial intelligence (AI) marks one of today’s most significant business transformations. In my recent conversation with Yair Kuznitsov, an expert in AI and GRC, it became clear that GRC’s role within enterprises has fundamentally shifted, driven by rapid AI adoption.

Kuznitsov, whose team spent the past year on rigorous AI research in the GRC domain, highlighted the critical role of proprietary data in achieving enterprise-grade accuracy. “It’s very difficult to create AI that addresses specific use cases with high accuracy without training it on highly specific and vertical datasets,” he explained. Proprietary data isn’t just helpful—it’s essential for the trust enterprises demand.

Historically, GRC was seen as a gatekeeper—slowing innovation with rigid compliance requirements. Today, however, modern GRC teams are becoming enablers of innovation. As Kuznitsov put it: “Historically, GRC was a gatekeeper slowing innovation. Today, modern GRC teams enable innovation, ensuring trust remains intact.” This shift reflects the rising complexity created by global expansion, cloud adoption, and the proliferation of SaaS tools.

The scale of risk is staggering. Gartner projects that by 2025, 85% of enterprises will operate mainly in the cloud, challenging traditional compliance frameworks. GRC functions must now assess regulations rapidly while supporting swift, secure market entry. AI is uniquely positioned to meet this demand—but only if accuracy reaches the 80–90% confidence enterprises require. That confidence, Kuznitsov emphasized, depends on training AI with proprietary, vertical datasets.

At Clarity, we’ve seen firsthand how tailored AI models dramatically strengthen cybersecurity. AI doesn’t just upgrade compliance workflows—it transforms GRC from a reactive bottleneck into a proactive driver of innovation.

Kuznitsov also underscored how traditional compliance, rooted in static documents, has become chaotic in the face of globalization and fast-paced tech adoption. AI addresses this chaos, automating assessments, policy checks, and risk monitoring at speeds previously unimaginable. Here again, the differentiator is proprietary data. By grounding AI in enterprise-specific datasets, organizations secure the accuracy needed to maintain trust. As Kuznitsov noted, “Vertical AI solutions achieve high value by providing tailored accuracy for specific enterprise use cases.”

The lesson is clear: enterprises that embrace AI-driven GRC today will not just adapt, they’ll thrive. The evolution from passive gatekeeping to active enabling is no longer optional—it’s essential. Those that ignore this transformation risk being left behind in an increasingly complex regulatory landscape.

Enterprises must urgently rethink their approach to GRC. The AI era demands dynamic, proactive, and precise compliance strategies, rooted in proprietary data and vertical AI solutions. The choice is stark: adopt AI-driven GRC to accelerate innovation and maintain trust, or remain stuck in outdated practices and growing risk.