• AI is transforming third party risk management by relieving assessors of manual tasks and allowing them to focus on strategic decision-making.
• Mirato’s AI-powered platform automates data collection and analysis, turning SMEs into solution-focused business partners.
• Trust is critical for AI adoption, and Mirato addresses this by ensuring data privacy, accuracy, and regulatory compliance through its proprietary, closed AI system.
• A data-driven TPRM approach not only boosts internal resilience but also helps vendors improve their own risk posture, creating a ripple effect of stronger security across the ecosystem.

Over the last 10 months there have been some showstopper examples of showstopping moments when shortcomings in third party supply chains have critically impacted the business continuity of some of the world’s largest organizations.

The CrowdStrike failure last summer and the Heathrow power outage are just two standout moments among many others, the smaller scale of most of which will have meant they went largely unnoticed in global terms.

Nevertheless, any failure of a vendor system has the potential to result in far-reaching regulatory and compliance consequences for affected businesses, and this is especially true within the financial sector where the margin for error is small.

For financial institutions navigating this increasingly complex landscape of third party risk management (TPRM), the challenge often lies not in identifying risk, but in how that risk is managed.

According to Etai Hochman, co-founder and CTO of TPRM intelligence platform Mirato, much of the inefficiency stems from the traditional, manual processes that dominate assessments. “Assessors and subject matter experts are wasting their time being data administrators,” Hochman explains. “But they are so much more than that.”

At the heart of the problem is the manual effort required to read through extensive documents, navigate disparate data sources, and interpret complex dashboards.

The result is a frustrating, fragmented experience that turns highly qualified risk professionals into overwhelmed gatekeepers.

“They are the ones who are finding problems, but not the ones that offer solutions, and I think it's a lose-lose for everyone – for the subject matter experts, for the enterprises, for the vendors, for their customers,” says Hochman.

From Friction to Flow: AI’s Role in Elevating Risk Professionals

According to Hochman, AI offers a way out of this cycle, not by replacing the expertise of assessors and SMEs, but by removing the administrative weight that prevents them from operating at their full potential.

In fact, Hochman positions Mirato as the first AI-powered TPRM platform built specifically to address this challenge. “With our product, everything they need to do, everything they need to know to make the recommendation and build a mitigation plan, is in the palm of their hand,” he says.

By automating the information gathering and analysis process, Mirato enables risk professionals to focus on strategic action.

The platform synthesizes data, flags key issues, and maintains contextual awareness so that SMEs can build forward-looking mitigation plans rather than getting bogged down in the compliance minutiae of the here and now.

“They will be business partners, not problem seekers,” Hochman says. “They will come with solutions.”

Building Trust in AI-Driven Risk Frameworks

But integrating AI into critical risk functions comes with its own challenges – chief among them, trust.

Hochman is realistic about this trust challenge and the expectations financial institutions must necessarily have for AI platforms in order to protect their integrity and reduce their exposure.

“They need to trust that the quality of the results is superb, and that those results are consistent,” he says. “The data must never, never leak or be shared with other organizations.”

To address these core criteria of adoption, Mirato has embedded those expectations into its product design.

The platform offers single-tenant environments to ensure data privacy, avoids integration with public AI systems like OpenAI or ChatGPT, and applies proprietary methods to eliminate hallucinations and bias.

“We have quantitative, scientific measurements to make sure that the AI is consistently superb,” Hochman adds.

Trust, in this context, also extends to regulatory scrutiny.

“Everyone's struggling with this,” he admits. “It’s not just the scrutiny that's increasing. We should also expect the frequency [of regulatory change] to rise.”

The notion that AI, when properly deployed, can turn this challenge into a strength, is already widely accepted. But it’s not the ‘if’ that’s the problem. It’s the ‘how’.

Mirato, Hochman says, addresses this issue head on: “As soon as there is a new requirement that is well defined, we will know which of our vendors are already compliant. We won’t even need to interact with them.”

A Vision for Long-Term Resilience

For Hochman, the future of TPRM is one where programs are proactive, data-driven, and aligned with business outcomes.

“When you transform your program into a data-driven program, you can future-proof it,” he says. He believes the key to unlocking that transformation, though, lies in empowering SMEs to manage actual risk, not just manage the data that defines it.

This shift has benefits that ripple beyond the enterprise. Hochman shares stories of vendors who, through participating in AI-enabled TPRM processes, improved their own security posture – ultimately protecting the hundreds of customers they serve.

“Just by having one enterprise build a better program based on AI … that’s beautiful,” he says. “I think that’s the future that we all want to see.”