TrustCloud unveils AI-native platform to transform GRC

TrustCloud has launched a security assurance platform that connects governance, risk and compliance (GRC) with day-to-day security operations, with an emphasis on automation and continuous monitoring for chief information security officers. The Boston-based company calls the product an “AI-native Security Assurance Platform” aimed at organisations looking to replace manual GRC processes and workflow-heavy tools. It is positioned as an alternative to established products such as Archer and OneTrust, which are widely used for risk and compliance management in large enterprises. TrustCloud says enterprise security leaders struggle to produce timely, board-ready reporting when GRC work depends on tickets and manual evidence collection. It also argues that traditional approaches do not keep pace with shifting technology environments, including cloud deployments and AI adoption. “Enterprise CISOs are frustrated with legacy GRC tools-they inundate security and GRC teams with manual work, make it impossible for CISOs to confidently report status and outcomes with their Boards, and are not designed to monitor and keep up with the ever-changing digital, AI, and IT cyber risk landscape. It’s like their teams are being forced to protect a vast ocean with a paper boat,” said Sravish Sridhar, CEO and founder of TrustCloud. The platform uses continuous control monitoring and integrates data across systems. TrustCloud says it can consolidate structured and unstructured signals from cloud, on-premise and business applications into a unified store, which it describes as a “hybrid data fabric” feeding a “GRC data lake”. Product approach The product centres on what TrustCloud calls “Security Assurance”, which it describes as a shift from compliance-driven work. The company argues that assurance requires broader visibility into controls across the IT environment and more frequent assessment than periodic sampling. TrustCloud says the platform uses “Assurance AI” tied to a “Control Graph” that maps continuous control monitoring results to GRC objectives. It says this structure keeps outputs “hallucination-free” and links gaps and remediation actions to business impact. Reporting is another focus. TrustCloud argues that many security and GRC tools primarily output lists of actions as tickets, while its product produces reporting that links changes to business impact and supports budgeting and prioritisation. Customer use TrustCloud says its customers include Global 2000 organisations in highly regulated sectors, but it did not provide customer counts or name specific industries. PDS Health provided a reference customer quote. “CISOs don’t need more workflows-we need clarity,” said Nemi George, vice president of IT and chief information security officer at PDS Health. George described a data-driven operating model that draws on multiple telemetry sources. “GRC Transformation is about moving from manual processes to a data-driven understanding of our control posture and what it means for the business, powered by real-time telemetry and unstructured data feeds from our security, IT, and business applications,” George said. Claims and metrics TrustCloud made several performance and financial claims about organisations using its approach. It says “most” achieved 12-times ROI by linking compliance directly to revenue growth, cut costs by an average of USD $3 million per year, and reduced residual risk by 60% per year. The company did not provide methodology, sample size, or supporting data for those figures. It also says organisations can reduce internal audit times from 28 days to three and save an average of 63 person-days of manual work per user annually. TrustCloud attributes these outcomes to continuous control monitoring and automated evidence collection, which it says reduce time spent on periodic audits and testing. The platform is aimed at large, complex environments where GRC deployments have historically taken significant time. TrustCloud says some implementations have run beyond two years and cost millions of dollars, and it is