AI Governance Shifts to Mandatory Practice as 83% of S&P 500 Flag AI as Material Risk
What Happened — A new report shows that AI disclosures in S&P 500 filings jumped from 12 % in 2023 to 83 % in 2025, and 70 % of enterprises now list AI in risk inventories. 63 % have adopted enterprise‑wide AI principles and 52 % have created centralized AI councils.
Why It Matters for TPRM —
- Rapid AI adoption expands the attack surface and introduces novel data‑privacy liabilities.
- Inconsistent governance creates blind spots that third‑party risk programs may overlook.
- Board‑level scrutiny of AI risk means vendors must demonstrate robust controls and transparent reporting.
Who Is Affected — All enterprise sectors (finance, healthcare, technology, retail, etc.) that rely on third‑party AI services, platforms, and data pipelines.
Recommended Actions —
- Verify that your vendors have formal AI governance frameworks (principles, councils, risk registers).
- Request evidence of AI‑specific security controls (model‑testing, data‑handling, bias mitigation).
- Align AI risk assessments with existing TPRM processes and update contractual clauses to cover AI‑related liabilities.
Technical Notes — The shift is driven by executive pressure, not a single vulnerability. Risks highlighted include cybersecurity exposure, privacy breaches, and legal liability stemming from AI model misuse or biased outcomes. Source: DataBreachToday