How AI is transforming GRC: Insights from 6clicks CEO Ant Stevens

In the latest episode of the Risk Management Show, host and Global Risk Community founder, Boris Agranovich, sits down with Anthony Stevens, CEO and Co-Founder of 6clicks, to discuss his recently published book, AI and the Future of GRC.

As organizations face increasing regulatory pressures, artificial intelligence is becoming a game-changer in governance, risk, and compliance (GRC). Ant Stevens brings his deep expertise in enterprise software and AI to the conversation, shedding light on how businesses can leverage AI to navigate challenges such as data overload, outdated compliance processes, and the ethical considerations of automation.

This blog will explore some of the key questions Boris posed to Ant during the interview, diving into how AI is reshaping risk management, the opportunities it presents, and what the future of GRC could look like in an AI-driven world.

"How do you envision AI shaping GRC in the next decade?"

Boris kicked off the discussion by asking Ant about his vision for AI in GRC, especially in industries that are traditionally resistant to rapid technological adoption. In response, Ant highlighted the transformative potential of AI, emphasizing that GRC has long been seen as a "system of record"—a tool primarily for capturing and automating data related to risk and compliance requirements.

However, AI is shifting this paradigm. Ant explained that AI can fundamentally transform risk and compliance processes by reducing manual effort, enhancing user interactions through natural language processing, and leveraging intelligent agents to provide proactive insights. He envisions a future where professionals can engage with GRC platforms as seamlessly as they do with conversational AI tools like ChatGPT. More importantly, these platforms will not only respond to user queries but also anticipate and deliver critical risk intelligence based on both internal and external data sources.

"How can organizations ensure ethical AI use in GRC?"

The conversation then turned toward ethical AI integration, asking Ant about the critical steps organizations should take to build trust and transparency in AI-driven GRC systems. Ant emphasized that organizations must be deliberate in how they implement AI, ensuring that ethical considerations are at the forefront. At 6clicks, they have been particularly mindful of AI's role in GRC and recommend a few key steps for organizations looking to do the same:

• Adopting AI standards – First, he pointed out that businesses should adopt established standards like ISO 42001 to ensure independent accountability in their AI governance. He highlighted that 6clicks was the first GRC platform to achieve certification under this standard, demonstrating their commitment to ethical AI use.

• Sharing responsible AI practices – Additionally, Ant suggested that organizations should publicly disclose their AI policies, responsible use frameworks, and ethical guidelines. Transparency, he argued, builds trust and provides stakeholders with confidence in AI-driven decision-making. At 6clicks, they have a dedicated AI Charter to showcase their approach to AI governance, making it easily accessible to customers, regulators, and partners.

How AI is solving data overload and outdated GRC processes

When asked about real-world challenges and examples of how AI has helped organizations overcome issues like data overload and outdated GRC processes, Ant shared a compelling case where 6clicks helped an organization transition from managing compliance through complex spreadsheets to an AI-powered system. The company had multiple compliance requirements across different standards, all maintained in spreadsheets with multiple tabs. Their challenge was unifying these requirements into a single, streamlined control framework.

Using AI, 6clicks was able to rapidly identify similarities across various standards, automating a process that would traditionally take weeks or even months. According to Ant, this resulted in a significant increase in productivity and accuracy, estimated to be several times more efficient than manual processes. Given the increasing number of regulations worldwide, this AI-driven approach provides organizations with the agility needed to stay compliant while reducing resource strain.

Beyond compliance frameworks, Ant also highlighted AI’s role in identifying policy gaps. Many companies store policies in Word documents or PDFs, making it difficult to extract and structure critical control information. AI-powered solutions can seamlessly analyze these documents, extract controls, and map them to relevant regulatory requirements, making compliance management more efficient and effective.

Driving AI adoption in GRC: Advice for leaders

Shifting the discussion to leadership in AI transformation, Boris asked Ant for advice on how leaders can foster a culture that embraces AI while addressing employee concerns about automation. There were three points that Ant made:

• Foster continuous learning: Ant emphasized that leadership plays a crucial role in AI adoption, particularly in an era where AI technology is rapidly evolving. He advised leaders to cultivate a culture of experimentation, encouraging teams to explore AI’s potential in addressing real-world GRC challenges. By fostering an environment where AI-driven solutions can be tested without fear of failure, organizations can unlock significant value from AI integration.

• Utilize data: He also highlighted the importance of understanding and leveraging data effectively. Regardless of AI’s advancements, organizations must first identify and structure their existing data to maximize AI’s impact. By doing so, they can harness automation and machine learning models to streamline compliance processes and improve decision-making.

• Embrace change: Ant urged leaders to remain adaptable in a shifting technology landscape. AI models and large language models continue to evolve, and organizations must stay informed about emerging technologies while maintaining a clear ethical framework for AI usage. Transparency, clear governance policies, and open communication with employees can help mitigate concerns about automation and ensure responsible AI adoption.

Ultimately, Ant stressed that successful AI adoption is not just about technology but also about mindset. Leaders who embrace change, encourage innovation, and implement AI with a balanced approach to ethics and execution will position their organizations for long-term success.

The future of AI in GRC: predictive analytics and organizational integration

Boris also asked Ant to share the AI technologies and methodologies that excite him most for advancing GRC practices. He identified two things:

• Predictive analytics: Ant emphasized that the GRC industry is ripe for disruption, and AI-driven predictive analytics will be central to its evolution. By integrating vast amounts of data into GRC platforms seamlessly—without requiring extensive developer input—organizations can unlock powerful insights and automate risk management more efficiently. AI will enable predictive alerts for emerging threats and trend detection, allowing companies to proactively address risks before they escalate. 

• Integration into the wider organization: Another major innovation Ant highlighted is embedding AI-driven GRC functionalities into widely used workplace tools like Microsoft Teams, Slack, and Zoom. This integration will help create a culture of compliance and risk awareness throughout an organization by making it easier for employees to report issues, log risks, and receive timely compliance updates without needing to navigate complex GRC systems.

Ant and his team at 6clicks are actively developing these solutions, aiming to make AI-driven GRC both more accessible and more impactful for organizations worldwide.

Key takeaways

To close the conversation, Boris asked Ant to provide some key takeaways for listeners. 

Ant emphasized that organizations should expect rapid change and disruption in the GRC space, with AI-driven solutions reshaping traditional approaches. He highlighted that AI is accelerating innovation, offering more efficient and agile alternatives to legacy GRC systems. However, he also stressed that successful AI integration requires careful ethical considerations, compliance with standards like ISO 42001, and a commitment to responsible AI use.

Another crucial takeaway was the importance of partnering with forward-thinking technology providers who have a strong vision for AI in GRC. Ant noted that one of the most common questions he receives is how AI is practically transforming GRC, and at 6clicks, they have already deployed solutions that address these challenges. The platform has been running AI-driven automation for several years, allowing users to instantly identify compliance gaps, automatically generate policies and controls, easily respond to repetitive audit questions, and extract relevant data from documents, enabling organizations to stay ahead in an evolving future.

Hear the rest of Ant’s insights

To learn more from Ant Stevens about how AI is revolutionizing GRC, listen to the full podcast episode on Lisbyn or watch it below:

You can also access it on Spotify or iTunes.

For more thought-provoking discussions on emerging trends, industry challenges, and innovations, join the Global Risk Community—a hub for industry professionals sharing expertise, insights, and best practices in the evolving world of risk and compliance.