AI governance, shadow AI, ISO 42001, data breach, EU AI Act — your company is already at risk and doesn't know it. In this episode of ARQIV, we sit down with Patrick Sullivan
Patrick Sullivan is VP of Strategy & Innovation at A-LIGN — the world's #1 issuer of SOC 2 certifications and a leading auditor for over 6,400 global organizations. He is a TEDx Speaker, Forbes Technology Council member, ISO/IEC JTC1/SC42 committee member (the body that writes the AI standard), and author of the book "AI Governance and Management: A Guide to Using ISO 42001." With 25+ years in IT security and compliance, Patrick is one of the most credible voices in AI governance on the planet.
In this episode, Steve Ryan — former Amazon Sr. Product Manager with 12 years at Amazon Robotics — gets into the real numbers: AI-assisted code repositories are 40% more likely to leak credentials, deepseek and Claude Code have already been compromised by nation-state actors, and shadow AI inside your own vendor chain may already be silently exfiltrating data. Patrick breaks down exactly what ISO 42001 certification looks like, why AI governance actually speeds up innovation (not slows it down), how to audit your own AI systems, and what every employee using ChatGPT, Claude, or Gemini at work should know right now.
Whether you're a CISO, CTO, product manager, or just someone who pastes meeting notes into AI tools, this episode will change how you think about data security forever.
