GRC Report Staff

Last week I argued that much of what is being marketed as agentic AI in GRC is not actually agentic. The market response was interesting because very few people challenged the core premise. Most practitioners already sense that something is off. They sit through the demonstrations and hear the language. They watch the AI summarize documents, answer questions, generate narratives, and produce recommendations. Then they leave wondering whether they just witnessed the future of GRC or a very polished presentation wrapped around capabilities that have existed in various forms for years.

For nearly six years, subscribers of Portugal's largest pay-TV providers who wanted to watch recorded television content encountered the same reality. Advertising appeared in those recordings regardless of which major operator they used. According to Portugal's Competition Authority, that was not a coincidence.

According to the Dutch Data Protection Authority (AP), more than 13,500 complaints and tips regarding possible privacy violations were submitted in 2025, a 75 percent increase from the previous year. The figures were published Monday in the regulator's 2025 Complaints Report.

More than 80% of the code merged into Anthropic's production codebase is now authored by Claude. The statistic appears almost casually in a lengthy report published this week by the Anthropic Institute. It arrives alongside benchmark results, productivity measurements, engineering data, and speculation about recursive self-improvement. Yet it is arguably the most important number in the document because it describes something that has already happened rather than something that might happen next.

Pasadena-based Western Asset Management has agreed to pay a $100 million civil penalty to settle Securities and Exchange Commission charges that it failed to detect and prevent an alleged cherry-picking scheme carried out by its former co-chief investment officer.

The first day of Risk-!n Zurich featured discussions on business continuity, enterprise risk management, internal controls, cybersecurity, climate resilience, artificial intelligence and quantum computing. On paper, it looked like a conference agenda built around a broad collection of risk disciplines. In practice, many of the presentations were wrestling with the same question. How do organizations maintain visibility into risks that are moving faster than the governance structures designed to oversee them?

A £40 million fine would have disappeared into the Treasury. Instead, £44.7 million will stay in Wales. That was the calculation behind Ofwat's decision Friday to accept a legally enforceable package of undertakings from Dŵr Cymru Welsh Water following an investigation that found serious failures in the operation of the company's wastewater network.