Risk Grustlers / Episode #16
All about compliance commoditization, GRC 4.0 & AI
featuring Nicholas Muy, CISO, Scrut Automation
In this episode, our CEO Aayush Ghosh Choudhury sits down with our CISO Nicholas Muy for a candid conversation on some of the most debated trends in GRC today.
With nearly two decades in security—including roles at the Department of Homeland Security, Expedia, and high-growth startups—Nicholas knows what it takes to build programs that go beyond the basics.
From AI agents to audit-ready automation, this episode is a playbook for where GRC is headed. Grab your headphones—this one’s packed with ideas to take back to your team.
“Personally, I see it less as commoditization and more as democratization.”
“Compliance gave us the time and structure to gradually build and refine our security posture.”
“Cost and effort alone aren’t reliable indicators of audit quality—especially for small to midsize companies.”
“Agentic teammates help us scale by reviewing vendors upfront, surfacing risk, and retaining context between assessments.”
Description
Nicholas Muy isn’t here to sugarcoat it: compliance is changing—and the shift is bigger than commoditization. It’s convergence.
In this episode, he explores how security and compliance are merging into unified, intelligent workflows—with AI agents playing a key role. Drawing on his vast experience in cybersecurity, Nick breaks down what agentic GRC actually looks like and how early-stage companies can embrace frameworks without being boxed in by them.
Whether you’re rethinking audits, scaling trust, or experimenting with AI teammates, this episode offers a glimpse into what’s next for GRC.
Highlights from the episode
- Is compliance becoming a commodity—or something more valuable?
- How security and compliance are converging faster than you think
- The rise of agentic AI and what it means for GRC teams
- Building adaptable, audit-ready programs that don’t drain your team