GRC & Me – “AI-Driven Governance: 2026 Insights”

Host: Jane Totaro
Guests: Matt Kunkel (CEO, LogicGate), Diego Panama (President & COO, LogicGate)
Date: February 18, 2026

Episode Overview

In this forward-looking episode, host Jane Totaro dives into GRC (Governance, Risk, and Compliance) predictions for 2026 with LogicGate’s CEO Matt Kunkel and President/COO Diego Panama. The conversation explores global regulatory trends, the expanding role of AI in GRC, human versus digital workforce dynamics, elevated expectations for enterprise GRC programs, and personal strategies for investing in professional excellence. The tone is candid, insightful, and energetic, with a focus on real-world impacts and future strategies.

Key Discussion Points & Insights

1. Introductions & Getting to Know the Guests

• [00:56] Diego shares he’s extremely competitive, played volleyball at a national level, and loves team sports (and board games—“I beat [Matt] and a bunch of others in Monopoly…”).
• [02:05] Matt reveals his interest in biohacking, inspired by Peter Attia's "Outlive", and balances his health focus with a love of wine and good food.

2. GRC Mythbusters: Regulation Trends

Myth #1: “The current geopolitical climate has led to widespread deregulation, so regulator-driven GRC programs are becoming unnecessary.”

• [03:53] Matt: “This is a big myth…[Deregulation in the US] is really targeted…around climate, around immigration, and around DEI policies… But if you look at the global landscape, Europe has actually put a lot more regulation… Dora, GDPR… the Corporate Sustainability Act… So different parts of the world have actually increased regulation.”
• [05:00] He notes that GRC programs go beyond compliance—they prove trust to customers:

  “It’s actually to build trust with your customers at the end of the day.” – Matt Kunkel ([05:41])

Myth #2: “Because AI isn’t globally regulated, companies don’t need formal AI governance or compliance programs.”

• [06:21] Diego: “Definitely false… Regulations are emerging fast… The EU AI Act, Colorado AI Act, Utah, and more… Organizations can still face legal, ethical, reputational, and operational risks from AI use and you want to be on top of it.”

• [07:25] Matt adds:

  “Putting an AI governance program in place really puts you on your front foot… You’re setting yourself up for more business success by having an AI governance policy.” – Matt Kunkel

• [08:25] Diego: Shadow IT is re-emerging in the form of unmanaged AI—a new vector for risk.

3. Blind Spots in the 2026 GRC Landscape

• [09:31] Matt: The major underestimated risk is data as it flows to third parties.

  “…A big risk is really on the supply chain side, the third party vendor side…making sure procurement, contracting, and third party risk is buttoned up…” – Matt Kunkel

• Ensuring contract terms around data access and control is essential as vendors can “hold data hostage.”

4. AI Agents, the Digital Workforce & Human Oversight

• [11:11] Diego: Humans will remain essential to GRC programs, even as AI advances:

  “We still need humans to interpret context, make judgment calls, make ethical decisions that AI alone can't fully manage. Definitely not today. And I don't think that so in the future…” – Diego Panama

• [12:44] Matt echoes:

  “All of [the CISOs, CROs]… have said, ‘I am nowhere near being okay and comfortable… of turning our third-party risk program… over to an agent to run that end to end.’”
  – Matt Kunkel

• Both agree: AI is a tool to empower humans, not replace them. The importance of “human in the loop” and granular control over AI delegation is emphasized.

5. SOC Compliance & GRC Program Maturity

• [14:32] Matt addresses “the death of SOC” and the decline of “SOC-in-a-box” check-the-box solutions:

  “If you’re at any scale… you need a much more sophisticated program built on risk… not just a check-the-box compliance solution.” – Matt Kunkel ([15:03])

• Modern GRC calls for continuous monitoring, transparency, and risk-driven programs that deliver real assurance—not just auditor-signed paper.

6. The Boardroom: Balancing Risk and Innovation

• [17:04] Diego: CISOs facing board mandates to “use AI” must practice “yes, and”—embracing innovation while maintaining security and compliance standards:

  “You don’t have to make that trade-off… You should have partners that live up to your standard when it comes to security and enterprise capabilities…” – Diego Panama ([17:35])

7. What Will Define Leading GRC Programs in 2026?

• [18:56] Matt identifies three core differentiators:
  • Open platform: Central hub for all regulatory, risk, compliance, and security data—integrating internal and third-party data sources.
  • Connected ecosystem: Unified, seamless processes and data sharing for a “single system of truth.”
  • Best-trained AI agents: “The company that has the most well-trained agents is going to be the one that wins in the market.” – Matt Kunkel ([21:34])
• Adaptability—moving at the speed of business—is critical. Successful platforms will be partner-oriented, evolving as client needs change.

8. Personal Investments & Advice

Practical, actionable takeaways for listeners:

• [22:59] Diego:
  • Physical wellness—a fan of high-tech swim goggles (“Form Goggles”: they give real-time metrics and make swimming meditative and fun).
  • Keeps a daily gratitude journal for balance.
  • Business focus: Investing in team culture—“I want to make sure our LogicGate team is the best team any one of us has been a part of.”
• [25:11] Matt:
  • Relationship building—commits to reconnecting weekly with personal and professional contacts:

    “Relationships make the world go round… One of my big goals for 26 is how do I rekindle some of the relationships that I've had…” – Matt Kunkel ([25:15])

  • Business focus: AI adoption—views AI as the most disruptive tech since the lightbulb. Emphasizes leveraging AI for both product and internal productivity.

Notable Quotes with Timestamps

• “It’s actually to build trust with your customers at the end of the day.”
  – Matt Kunkel ([05:41])

• “Putting an AI governance program in place really puts you on your front foot… You’re setting yourself up for more business success…”
  – Matt Kunkel ([07:25])

• “We still need humans to interpret context, make judgment calls, make ethical decisions that AI alone can't fully manage.”
  – Diego Panama ([11:27])

• “The company that has the most well-trained agents is going to be the one that wins in the market.”
  – Matt Kunkel ([21:34])

• “You should have partners that can enable your teams to make the most of AI while still being compliant.”
  – Diego Panama ([17:35])

• “Relationships make the world go round… One of my big goals for 26 is how do I rekindle some of the relationships that I've had…”
  – Matt Kunkel ([25:15])

Timestamps for Main Segments

• Introductions & Personality (What’s Not on LinkedIn): 00:56 – 03:04
• GRC Mythbusters: 03:04 – 09:05
• 2026 GRC Blind Spots: 09:08 – 10:29
• AI Agents & Human Roles: 10:29 – 14:06
• SOC-in-a-Box & Program Maturity: 14:06 – 16:30
• Boardroom & Balancing AI Adoption: 16:30 – 18:30
• What Sets Leading GRC Programs Apart: 18:56 – 22:21
• Closing Personal & Business Investments: 22:59 – 27:40

Memorable Moments

• Diego’s swimming goggles pitch: “If you want to get into swimming, get these form goggles. It’ll help a lot.” ([23:43])
• Matt’s relationship-building challenge: “Every week, I think about, hey, who’s someone that I haven’t talked to in six months?” ([25:27])
• Both guests agree: AI is “not just a disruptor”—it’s the biggest tech wave since the lightbulb ([27:00]).

Practical Takeaways

• Start AI governance now—don’t wait for regulation to force your hand.
• Successful GRC programs will be open, connected, and data-driven, with robust human oversight.
• The dynamic between innovation and risk is a “yes, and” equation—not a trade-off.
• Invest in relationships and personal wellness, as well as your team, to thrive in a rapidly changing industry.

For further insights, the full conversation offers more tactical tips and in-depth examples. This summary spotlights the practical strategies and forward-thinking predictions poised to shape GRC in 2026 and beyond.