Artificial Intelligence is no longer a future concern—it’s a present-day disruptor. As vendors and partners increasingly adopt AI-enabled products and services, third-party and supply-chain risk professionals face a new challenge: managing a rapidly evolving risk landscape with limited guidance. This book delivers the clarity and structure needed to navigate that complexity.
Designed for business professionals—not just technologists—this practical guide walks readers through the full lifecycle of AI-related vendor risk, from intake to offboarding. With hands-on examples, actionable templates, and real-world use cases, it equips readers to assess and manage AI risk confidently, even in environments without dedicated IT security teams. It also explores how AI can be used within TPRM programs to enhance efficiency and accuracy.
As regulatory frameworks around AI continue to emerge and evolve, this book provides timely insight into compliance expectations and how they impact risk programs and leadership. Whether you're a seasoned risk manager or new to the field, you’ll find concise, jargon-free guidance that respects your time and delivers immediate value.
AI may be complex, but managing its risk doesn’t have to be. This book transforms confusion into clarity, helping you turn disruption into opportunity—and build a resilient, future-ready risk management program.
What You Will Learn:
How to measure risk and risk-based approaches.
Third-party risk frameworks.
How to assess the risk of AI with vendors.
Major AI risk management frameworks.
Regulatory guidance for AI--a country-by-country analysis.
Who This Book Is for:
· C-level suite: this is not designed to be overly technical but covers material enough to allow this level to be conversant in strategy and leadership needs to success.
· Director-level in Cyber and IT: this level of personnel are above the individual contributors (IC) and require the information in this book to translate the strategy goals set by C-suite and the tactics required for the ICs to implement and govern.
· GRC leaders and staff: the focus on governance in this book will assist these teams to better understand the strategy and technologies to determine the governance models needed.
· Individual Contributors: although not designed to be a technical manual for engineering staff, it does provide a Rosetta Stone for them to understand how important strategy and governance are to
Gregory Rasner (CISSP, CIPM, ITIL, CCNA) is the founder and CEO of Third Party Threat Hunting LLC, bringing his extensive expertise in third-party, supply chain, and cybersecurity risk to the market. He authored the books “Cybersecurity & Third-Party Risk: Threat Hunting” (Wiley, 2021) and “Zero Trust and Third-Party Risk” (Wiley, 2023), “Privileged Access Management: Strategies for Zero Trust in the Enterprise” (Apress, 2025), developed the internationally recognized training and certification program “Third-Party Cyber Risk Assessor” TPRCA (Third Party Risk Association, 2023) and other training programs. He is a regular keynote speaker and panelist on cybersecurity and risk management topics, also contributing to blogs, podcasts, and online articles. Greg has held leadership roles across the finance, healthcare, biotech, high-tech, and manufacturing sectors and earned his B.A. from Claremont McKenna College.
Maria Rasner (CISM, CCZK, CCSK, TAISE) – has years of extensive Identity and Access Management and Privileged Access Management experience. Maria is the co-author of the book “Privileged Access Management: Strategies for Zero Trust in the Enterprise” (Apress, 2025). She has run governance, remediation, implementation of small and large IAM and PAM programs, both on-premises and in the cloud. Her experience and certifications include cloud IAM and PAM experience in AWS and Azure cloud environments. Maria has several articles on the topic of Cloud PAM Security published in ISSA Online Journal and IDSA website. Maria has strong enthusiasm for continuous learning, always exploring new developments in AI. She has taken the Google AI Essentials training as well as Stanford University's Deep Learning Specialization course. Maria is a member of Cloud Security Alliance's AI Controls Framework Working Group responsible for the publication of AI Controls Matrix (AICM). She’s also certified in TAISE (Trusted AI Safery Expert).
