Risk leaders face a pair of simultaneous disruptions: a major geopolitical crisis that choked off a critical shipping route, and frontier AI models that can expose software vulnerabilities at unprecedented scale. The shock itself is not the issue. The problem is that most companies are still in reactive mode, scrambling to respond after events unfold. Surviving in this post-pandemic risk environment-what EY calls the NAVI world, where risks are nonlinear, accelerated, volatile, and interconnected-demands a fundamentally different approach. AI's speed, scale, and analytical power make it essential for that shift. But only if companies stop automating yesterday's processes and instead build an AI-native, future-ready risk function.
Why bolting AI onto old processes falls short
Many risk teams have started with the easy wins: using AI to automate manual steps inside existing governance, risk, and compliance (GRC) platforms. The results can be real-standardized taxonomies, faster reporting, fewer manual handoffs. Yet the larger value lies in redesigning the work itself around what AI does best. "Leading companies are moving away from making AI accretive to a process, and are instead looking at using AI to fundamentally reinvent processes," said Dan Diasio, EY Global Consulting AI Leader.
That means challenging whether a particular process is still needed, then designing an AI-native replacement. For example, instead of just summarizing risk appetite statements, built-in AI can dynamically reassess appetite in real time by synthesizing internal performance data with external market signals. Instead of automating status reports, a built-in AI system can deploy multimodal scanning agents that monitor live data streams and continuously recalculate the probability of emerging threats.
The "wait-and-see" trap is closing
A survey of 1,200 risk professionals across 21 sectors found that while 70% of "Risk Strategists" believe AI will fundamentally reshape the operating model, actual adoption lags. Only traditional AI and natural language processing see widespread use. The top barrier, cited by 45% of respondents, is low prioritization of risk use cases relative to other business functions. Many leaders told interviewers they were in "wait-and-see" mode until the technology proved itself.
That stance is becoming untenable. One European automotive manufacturer has already built a proof-of-concept multi-agent system. "It identified the potential impact of a Strait of Hormuz closure on the supply of helium and its impact on our manufacturing processes-well before this topic was being explored in the media," said the company's Global Chief Risk Officer. In future crises, companies using built-in AI will have mapped cascading risks, prepared response plans, and assigned ownership ahead of time. Competitors still reacting after the fact will find the game over before it starts.
AI's own evolution demands future-ready design
The same nonlinear acceleration that defines the risk environment also defines AI itself. The 2022 launch of ChatGPT caught most businesses off guard, and new frontier models continue to emerge with unexpected capabilities. Uber's Finance Risk Management team saw that off-the-shelf automation could not keep pace, so they shifted toward in-house AI solutions that fundamentally change how information is used across the compliance lifecycle. "Rather than simply accelerating existing manual processes, we use AI to synthesize information, surface patterns, and generate insights at a scale beyond human capacity," said Adam Frank and Ramesh Raju, who lead the effort at Uber.
That choice-build versus buy-is being re-evaluated across industries as both SaaS providers and in-house teams adopt agentic AI architectures. But the bigger point is that any adoption plan must anticipate inflection points. While the timing of the next breakthrough is unpredictable, its shape is often visible in ongoing research.
Value Blueprints: a way out of the adoption doom loop
Risk functions that try to tackle data, talent, budget, and integration challenges one by one often stall. These barriers reinforce each other. Low prioritization starves investment, which deepens talent gaps, which delay data readiness, which undermines the business case. The EY.ai Value Blueprints framework addresses all these dimensions simultaneously, layering foundations-systems of record, AI-native infrastructure, intelligence, trust, redesigned processes, workforce upskilling, and new customer offerings-so that each layer compounds the value of the last. "When organizations add AI use case-by-case, value rises incrementally, then plateaus," Diasio said. "When they instead shift to a blueprint-by-blueprint approach, effort decreases with each subsequent blueprint, while value compounds exponentially."
The path forward starts with defining an AI-native vision for the risk function, then reimagining processes and workforce together as one design problem. Legacy silos-financial risk, operational risk, cyber risk-may no longer serve an environment of interconnected shocks. Workflows should be designed for continuous flows and real-time adaptation, with human judgment reserved for the strategic decisions that agents escalate. Finally, the supporting foundation of technology, data, and governance must be built as a unified system, not a collection of point solutions.
Why this matters for executives and strategy
The distinction between bullet-proofing the status quo and building resilience for strategic growth comes down to how AI is embedded. Companies that treat AI as a bolt-on will get marginal efficiency gains. Companies that reimagine risk processes around the strengths of AI-speed, massive-scale scenario simulation, and the ability to spot blind spots-will turn risk into a competitive lever. As the line between strategy and risk blurs, the executive agenda must drive a built-in, future-ready transformation that outpaces the next crisis.
Your membership also unlocks: