Back to Resources | Blogs

Governance in the Age of AI: BARR Advisory and C1 Webinar Recap

May 19, 2026 | AI

BARR Advisory CEO Brad Thies recently joined C1 CISO Will Bengtson for a candid conversation about governance and risk management in the age of artificial intelligence.

The pair opened up their conversation by speaking about recent changes in AI governance. Speaking from the compliance auditor’s perspective, Thies said organizations are finally getting out of “pilot purgatory” when it comes to implementing AI solutions.

“We’ve seen a lot of change over the past six months with our clients [in] moving from AI as more of an advisor…to more actions—making decisions on behalf of their specific workflows, which I think is great,” Thies said. “They’re actually creating a roadmap—a business strategy.”

Thies also mentioned new regulations in the U.S. and around the world governing AI use. He pointed to new laws out of Colorado as well as the EU AI Act, which aims to create a risk-based approach to AI governance by imposing stricter requirements on higher-risk AI systems.

“There’s been a lot of great regulatory change that helps give guidance,” Thies said, “but I think the most important change has been [that] businesses are putting more of a business strategy around their AI versus a bunch of pilots.”

In his current role, Bengtson leverages his more than two decades of experience in securing cloud platforms, identity systems, and developer infrastructure to lead security strategy at C1, an AI-native identity security platform. According to him, the companies that fail to leverage AI in 2026 and beyond will struggle to keep up with competitors.

“I really do think if you aren’t embracing AI and figuring out how to leverage it, you’re going to fall behind,” Bengtson said. 

The challenge for businesses is recognizing and managing the risk that comes with AI. 

“The governance programs don’t start first and then the tech comes. It’s the tech comes and the governance follows. That’s why risk management is so important,” Thies said.

“You really have to figure out from a risk perspective what you’re willing to say yes to,” Bengtson said.

“Have you thought through the risks that are in place?” Thies pressed. “Can this agent do something that cannot be undone? If the answer is yes…then it means it’s a higher risk.” Business leaders should consider what guardrails are in place to mitigate that risk, including access controls.

“If I just have an agent that’s telling me, ‘How does my day look? Don’t forget about these things in Slack,’ it doesn’t need to have access to production,” Bengtson explained.

“Think of it this way: AI is an amplifier,” Thies said, suggesting organizations focus on the basics of risk management and apply those fundamentals to their AI systems. “That would be things like…inventory, asset management, access management, risk management.”

Thies pointed to frameworks like the NIST AI Risk Management Framework and ISO 42001, which serve as “good companions…that you can include within your existing control sets to think about the nuances that AI might bring.”

Later in the webinar, Thies expressed optimism that, unlike when innovations like the cloud and mobile technology were introduced, he’s “seen a lot more cultures embrace [AI] and really want to drive good conversations, which has been great.”

“There was a lot more shadow IT happening back then,” Thies opined.

The difference today is that savvy business leaders understand and accept that their teams are using AI. To ensure it is being used safely, smart governance is key.

“If a business is not enabling folks to use AI the right way internally, through some governed path—people are figuring out how to do it around the governance path,” Bengtson said. “People are using AI whether you like it or not.”

Bengtson said he’s excited to see that real conversations around safe AI use in business are “finally happening.”

“People are understanding it’s here, it’s staying, [and] they’re figuring out the governance path,” he said. “I can’t wait to see where it is in six months.”

Watch the full webinar now on-demand, or reach out to our team to discuss mapping out a customized path to AI risk management for your organization.

Let's Talk