Managing Third-Party Risk at Scale Without Drowning in Surveys - with Carey Smith

2026-03-26 · Source: The AI in Business Podcast · Field: Business & Management — Operations & Process Management, Corporate Strategy & Leadership · Depth: Intermediate, medium

Summary

Carey Smith, former CIO of Blue Cross Blue Shield of Minnesota, discusses the critical need for enterprises to transition from static, survey-based third-party risk management to continuous, AI-enabled monitoring. This shift addresses the systemic visibility gap created by managing thousands of suppliers, which can escalate into boardroom-level risks like data breaches or compliance violations from even tier-four suppliers. Smith emphasizes that effective AI deployment for risk scoring requires "deterministic explainability" and strict data provenance to avoid "black box" issues, ensuring every action is traceable. The goal is to move beyond simple risk detection to operational resilience by automating remediation workflows, segmenting vendor scrutiny based on business materiality, and codifying pre-approved mitigation playbooks.

Key takeaway

For Directors of AI/ML or CTOs overseeing supply chain risk, your current static survey models are insufficient for 2026's complex multi-tier ecosystems. Implement AI-driven continuous monitoring with deterministic explainability to prioritize material risks and automate remediation, shifting from mere detection to proactive resilience. This approach will reduce noise and free human oversight for strategic decisions, not administrative assessments.

Key insights

Continuous, AI-enabled monitoring is essential for managing multi-tier supply chain risks at scale.

Principles

• Static surveys fail at scale.
• Visibility prevents boardroom risks.
• Explainability builds resilience.

Method

Transition from point-in-time surveys to real-time, risk-based monitoring. Ingest external threat feeds, financial signals, and cyber telemetry to dynamically update risk scores, triggering automated remediation workflows and pre-approved mitigation playbooks.

In practice

• Automate remediation workflows.
• Segment suppliers by materiality.
• Codify mitigation playbooks.

Topics

• Third-Party Risk Management
• AI-Enabled Monitoring
• Supply Chain Resilience
• Automated Remediation Workflows
• Deterministic Explainability

Best for: Director of AI/ML, CTO, Consultant

Related on AIssential

• Trusted AI Architectures for Risk and Compliance Leaders - with Dean Alms & Eric Hensley of Aravo — AI-native orchestration transforms fragmented risk data into holistic, exception-based, board-level resilience strategies.
• Learning from Change: Predictive Models for Incident Prevention in a Regulated IT Environment — Interpretable ML models can effectively predict IT incident risk from changes in regulated environments, outperforming rule-based systems.
• Using observability data to prevent incidents — Proactive reliability intelligence, enabled by rapid data access, prevents incidents by identifying risk trends before they manifest.
• From Observability to Predictive Resilience: How AI-Driven SRE Is Redefining Cloud Operations — AI-driven predictive resilience transforms SRE from reactive observability to proactive incident prevention and automated recovery.
• The Government Just Banned an AI Model. An Engineer's Perspective. — Government bans on powerful AI models create supply chain risks and disarm legitimate defenders.
• Fresh Benchmarks, Reliable Scores: Introducing Continuous Prompt Stewardship for AI Risk Evaluation — Continuous, data-driven prompt stewardship is essential for maintaining the diagnostic power and integrity of AI risk evaluation benchmarks against evolving models.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The AI in Business Podcast.