
Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything
From Distilled Security Podcast by Justin Leapline, Joe Wynn, and Rick Yocum
February 18, 2026 · 1h 51m · Episode 21
About this episode
The episode discusses the implications of AI risk management, including legal challenges and new standards.
In this episode of the Distilled Security Podcast, we break down three converging forces reshaping how organizations manage AI risk — and what you need to do about it now. 🔹 BIPA + AI Notetakers — A class action lawsuit exposes unauthorized biometric data collection, why a single Illinois meeting participant creates liability, the Shopify wiretapping dismissal, and the steps you should take today to audit your AI tools 🔹 GRC Engineering Meets AI — Real AI compliance tools vs. vaporware, using LLMs for policy drafting and control mapping, the hallucination accountability problem, building AI guardrails as code, and the NIST RFI on AI Agent Security (comments due March 9, 2026) 🔹 ISO 42001 Deep Dive — The first AI Management System standard, how it differs from ISO 27001, AI Impact Assessments vs. traditional risk assessments, stakeholder engagement requirements, and why certification is becoming essential for EU AI Act compliance 🥃 Spirit Review: Redbreast 12 Cask Strength https://www.redbreastwhiskey.com/en-us/whiskey-collections/redbreast-cask-strength-whiskey/ ⏱️ Timestamps 0:00 Intro & Episode Overview 2:04 BIPA & AI Notetakers 25:08 GRC Engineering Meets AI…
People in this episode
Hosts: Justin Leapline, Joe Wynn, Rick Yocum
Topics covered
- AI risk management
- biometric data collection
- GRC tools
- AI compliance
- ISO standards
- AI impact assessments
Keywords
- AI notetakers
- BIPA
- GRC engineering
- ISO 42001
- AI compliance tools
- biometric data
- policy drafting
- AI risk assessments
Mentioned in this episode
Organizations: BIPA, Shopify, NIST, ISO 42001
Products: Redbreast 12 Cask Strength
More episodes of Distilled Security Podcast
- Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI · May 14, 2026 · 1h 43m
- Episode 23: Nobody read the report · April 14, 2026 · 2h 10m
- Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About · March 9, 2026 · 1h 56m
- Episode 20 : 2026 Kickoff: Security Resolutions, Key Deadlines, and Don’t Mislead the Feds · January 26, 2026 · 1h 20m
- Episode 19: Cloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security Podcast · December 8, 2025 · 2h 12m
- Episode 18: TRISS Highlights, Cloud Chaos & SaaS Lessons Learned · November 10, 2025 · 1h 53m
Explore listener stats, chart rankings, contacts and more on the Distilled Security Podcast podcast page.