The intersection of artificial intelligence and GRC represents one of the most promising – and challenging – frontiers in enterprise technology. As organizations grapple with increasingly complex regulatory requirements and security demands, AI offers tantalizing possibilities for automation and enhanced risk management. But implementing AI in the highly risk-sensitive world of GRC requires a unique blend of technical expertise and domain understanding.
Luckily for Anecdotes, we found Yael Daihes and made her Head of AI. With over a decade of experience combining cybersecurity and artificial intelligence, Daihes brings a distinctive perspective to the challenge of revolutionizing GRC through AI. From her early days developing machine learning applications for the Israeli Defense Forces to her current role leading AI innovation at Anecdotes, she has consistently pushed the boundaries of what's possible at the intersection of AI and security.
In this in-depth conversation, we explore Daihe's vision for the future of GRC, her approach to building trustworthy AI systems, and why she believes we're at a pivotal moment in the evolution of compliance and risk management technology. Her insights reveal both the immense potential and the critical considerations in bringing AI-powered transformation to one of the enterprise's most essential functions.
Meet Yael
1. Can you tell us about your career journey and what led you to specialize in AI and machine learning?
“I’ve started my career with the Israeli Defense forces, while earning my Computer Science degree from the Hebrew University of Jerusalem. While getting my degree at the cusp of the AI revolution, we had an introduction class to machine learning and that really opened my eyes. It made so much sense, and it felt brilliant; I think I fell in love with the theory a bit and got curious. Then I went back to my Commander and asked to do a project using this really cool thing I learned in university called Machine Learning, and the rest is history.”
2. What excites you about Anecdotes' mission and its role in the GRC industry?
“A lot of companies that wish to do AI — I mean, who doesn’t? :) But what excites me the most about Anecdotes is its perfect position to truly do revolutionary AI in its field rather than a nice-to-have AI feature here and there. Anecdotes has worked tirelessly to build a platform that gathers and makes sense of unique data (GRC data) . While diving into the product, I felt I could actually make a difference with my skillset, building on top of what Anecdotes has achieved so far. It’s a data heaven in a field that has yet to be mastered by sophisticated tools (the GRC field and AI tools).”
3. How has your previous experience prepared you to lead AI initiatives in a GRC-focused organization?
“I’ve been combining cybersecurity and AI for more than a decade now, so handling this highly versatile type of data is my bread and butter. Moreover, creating innovative features for SaaS products within the cybersecurity domain isn’t an easy fit and takes experience. Not all research from academia can fit a product and serve customers, so making a state of the art tool for customers is an art on its own, which I feel I’m on the way to mastering.”
AI in the GRC Industry
4. What do you believe are the most significant opportunities for AI in transforming governance, risk, and compliance programs?
“Talking with customers, I realize that making businesses compliant is a very manual, meticulous task that can’t be outsourced to software. Rather, to truly drive a change in the GRC world, we need to create software that helps humans do these tasks with 100% accuracy — just much more efficiently and less manually. Therefore, I think the biggest opportunity here is to create software that walks side by side with GRC personnel.”
5. What challenges do you think the GRC industry faces in adopting AI, and how do you address them?
“That’s a great question. :) I smile because the answer is immediate to me. The people we try to build innovative software for GRC personnel are the people most conservative about the usage of software in their business (information security!). So convincing them to use more software that is new and less traditional is a big challenge. I feel it’s our task to be as transparent as possible in order to create that trust between them and our AI tools. We’ve been learning a lot about best practices to develop such trust. As the AI world has evolved, the psychology of interaction between humans and machines has too, and we are here to learn from these lessons and build amazing relationships between AI tools and GRC personnel.”
6. How do you ensure AI models are explainable and compliant with regulations like GDPR or CCPA in a highly regulated field like GRC?
“There are two levels: On the regulatory level, we are getting ISO 42001 certified. On the user experience level, my take is to share our AI agents “thought process” and allow the human user full understanding and control over decisions. We believe doing these things will create clarity, which builds trust. We believe that if you can understand it, you can trust it!”
{{ banner-image }}
Innovation
7. What is your vision for AI at Anecdotes, and how do you plan to differentiate Anecdotes' AI-powered solutions from competitors?
“I envision a GRC world where Anecdotes provides extra “team members” in the form of AI agents that live within our data platform. I would go as far as fully humanizing them and giving them human names. :) I think that if the software we create actually does something we thought was only achievable by humans thus far and that it would be easier intuitively to understand if you imagine it as another person in your team. For example, I imagine a GRC team member telling their boss, “Hey, I’m letting “Brian” (the AI brain) analyze this document for me and connect it to our compliance program, okay?” At the time of answering these questions, I haven’t seen any of our competitors do something of the sort.”
8. Can you share an example of a successful AI project you’ve led, including the outcomes and lessons learned?
“My favorite example that I can share (and isn’t classified) is an AI system that identifies infected computers by detecting an evasion technique of malwares called DGA (domain generation algorithm). That technique is used by malware to randomly generate a domain name to contact their CNC (command and control) based on a shared secret. I trained a neural network that detects this phenomenon in real time traffic while achieving super high accuracy and low false positive rate. At the time, my system detected and blocked autonomously about ten million domain names daily; it even led me to uncover a huge botnet and block it (a finding I got to share with the security research world at conferences and publications).”
9. What emerging AI technologies or trends do you think will have the greatest impact on GRC solutions in the coming years?
“I think LLMs are the biggest news to the GRC world because so much of the data in GRC is textual. That is also the reason we have decided to double down on that technology here at Anecdotes. The key challenge is to integrate LLMs into the GRC work processes in a manner that amplifies GRC personnel.”
Technical Expertise and Implementation
10. What approach do you take when building AI models that need to process complex, structured, and unstructured GRC data?
“Handling such diverse unstructured data as we have in the GRC world truly is a challenge. Anecdotes’ data platform already solves some of that behind the scenes, but adding AI would truly help our customers make sense of their data in an unprecedented way. On the AI side, we make sure to stay on top of state-of-the-art research in both structured and unstructured algorithms so when we develop our own solutions, we can leverage the best knowledge out there.”
Leadership & Collaboration
11. How do you collaborate with other departments, such as product development and compliance teams, to align AI initiatives with Anecdotes' goals? How do you foster innovation within your AI team while ensuring the solutions remain practical and customer-focused?
“I’ve created a framework I follow that is a combination of all of the methodologies and techniques I’ve witnessed over the years, with changes based on lessons I’ve learned. First, I followed my own framework to create an AI roadmap for the company that maximizes the business needs, and second, I work in a collaborative manner in research cycles. Essentially I’ve defined the different steps of research in a way I can communicate tasks and sync with other stakeholders, to enable a promise and a delivery. You can learn more about my framework from my talks at several conferences (Chief Women in Tech 2024, Big Data EU 2024 and Pycon 2024).”
12. What strategies do you use to communicate complex AI concepts to non-technical stakeholders, such as GRC professionals or executive teams?
The key to having a clear in-depth technical conversation is always to simplify things and give examples from the domain knowledge of the people you’re talking to. I always try to give an example close to the heart of those in the rooms to convey a complex idea in AI. I am hopeful that this manner is working and I’d advise you to ask my colleagues if they feel they understand me and the crazy AI ideas I come with. :)
Future Outlook
13. Where do you see the GRC industry in five years, and what role will AI play in its evolution?
“I think we’re going to see GRC driven by automated, streamlined processes, perhaps even protocols, rather than the manual processes we see today. I believe AI will play a crucial role in automating these GRC processes and providing real-time insights through advanced data analysis that will give an unprecedented view of GRC programs. I even imagine such processes automatically streamlined to SOC teams that will create automated mitigation (one can dream :) ). This will enable organizations to proactively manage risks and streamline compliance efforts more efficiently, ultimately improving decision-making and operational resilience.”
14. What are your long-term goals for AI at Anecdotes, and how do you plan to measure success in achieving them?
“My long-term goal is to truly revolutionize GRC work processes and make the work life of GRC professionals better. Our data platform here at Anecdotes is so powerful that I think we can truly achieve that goal. I believe success should be measured by how much deeper GRC professionals can go with their GRC programs, given we enable them with the visibility into their GRC posture and help them focus on deeper issues — not the mundane tasks. Another measurement can be the actual safety and business resilience we give organizations when their GRC programs are monitored by our platform. I imagine a GRC professional that can focus on things we couldn’t even think of beforehand that would eventually make organizations that much safer.”
Key Takeaways
What you will learn
About the author
