OpenAI’s Trusted Access for Cyber initiative marks a clear shift in direction, where AI is moving closer to the centre of how organisations defend themselves and make high-pressure decisions. For businesses across Europe, that puts real weight on the governance sitting behind these tools, says Mark Edgeworth, pictured, CEO of the cloud-based compliance automation platform Hicomply.
The core idea is that verified defenders get access to more capable AI models to identify vulnerabilities and strengthen resilience before attackers can exploit them. Particularly in finance, telecoms, energy, public services and critical infrastructure, that matters. Security teams are already stretched and anything that helps them move faster and act earlier has obvious value.
However, as more powerful AI capabilities become available, regulators and boards will want answers to who has access, what safeguards are in place, how activity is monitored and how decisions are evidenced. These are the questions you need to be ready for.
Right now, some teams are experimenting with AI tools in isolation and for others, AI is being introduced into workflows without clear risk ownership. That might feel manageable today, but it becomes very difficult to defend once scrutiny increases.
Trusted access models recognise that not every user or organisation should have equal access or capability. They also acknowledge that the same AI that helps a defender find and fix a vulnerability can, without proper oversight, create risk elsewhere. Thatโs exactly why frameworks like ISO 27001 [for information security management] and ISO 42001 [for Artificial Intelligence Management Systems, AIMS] are taking on new relevance in giving organisations a practical way to connect security controls with accountability. The real value is being able to demonstrate that your controls are understood and working as the technology evolves.
For GRC [governance risk] leaders, this is a moment to step forward. AI-enabled defence will require stronger links between security teams and the board, clearer policies and continuous monitoring of how controls are performing in practice. Governance needs to become the structure that allows your organisation to innovate with confidence.
My advice is to move early, adopt AI securely, meet regulatory expectations with confidence and show your customers and partners that resilience is embedded into how your business operates. Itโs time to prove that your controls are just as advanced as your ambitions.
