Editor’s note: This article first appeared in the November 16 issue of the Straight Talk newsletter. To subscribe and receive content like this every Sunday morning, click here.
In an era of relentless supply chain disruption, the field of risk management is no longer defended by the four walls of the enterprise. This now includes what happens beyond them, between suppliers, partners and ecosystems.
As Dave Rusher, Aravo’s chief customer officer, noted in a recent episode of the Talking Supply Chain podcast, artificial intelligence can improve this work, but it can’t own it. (Listen to the episode here)
Rusher says third-party risk management has become one of the most intense stress tests for enterprise AI.
“Every business relies on third parties, but the way each measures and manages risk is completely different,” says Rusher. Add to that unstructured data flows, evolving regulations and global fragility, and the traditional risk management playbook simply isn’t enough, he points out.
As times change, Steven Adler, partner at risk management consultancy The Edmund Group, notes that “vendor risk intelligence provides early warning of disruptions such as cyber breaches, litigation or mergers and acquisitions.” In a recent Supply Chain Management Journal ArticleAdler emphasized that supplier risks are just as important as internal risks. This line of thinking constitutes the starting point for a more strategic approach, he argued.
Thinking about risk 2.0
Rusher kicked off the podcast discussion with a key insight: It’s not a software problem, it’s a mindset problem.
“You can’t just point the finger at the AI and say, ‘My agent made this decision.’ Companies remain owners of their risks,” he warns.
Together, Rusher and Adler draw a line between automation and accountability, reminding leaders that AI can analyze risk, but humans must still take ownership. The old way of responding to disruptions and controlling what happened is no longer enough. Companies must anticipate, model and proactively design their supply chain networks to minimize their risks. Adler reinforces this point by writing that it is no longer tenable to treat supplier oversight as a static checkbox. Rather, it is intelligence that should guide action.
“Supply chains don’t just depend on what happens inside your walls, the risks (and opportunities) of your suppliers matter just as much,” he writes.
This change sets the tone for businesses. This reinforces the idea that to manage complexity, companies must integrate continuous intelligence, cross-functional alignment and strategic leadership into the process.
Talent, tools and the real starting line
When it comes to implementing network design and risk monitoring, Rusher emphasizes that tools alone will not deliver value.
“AI helps codify all this messy, unstructured information and direct it toward a common goal: identifying and resolving risks,” he says.
But to get there, you have to start with the right team. He points out that the most successful practitioners often come from planning or analysis backgrounds.
“Analysts learn technology on the job; what they need to bring is the business context,” he says.
This means understanding how factories, warehouses, contracts and flows fit into the overall supply network. This is something that software alone cannot do. In other words, AI can help you identify risks, but people need to understand their context and consequences.
Adler’s vision reinforces this theme: Good supplier risk intelligence is not just about creating dashboards, but also about translating signals into decisions. He argues that large organizations are transforming risk monitoring into “early warning” systems that trigger strategy rather than simply issuing alerts. This is a shift from monitoring to proactive decision-making.
From there, leadership plays a central role.
“The characteristic that distinguishes successful teams is a direct line to an experienced management team,” says Rusher.
Without executive sponsorship, modeling efforts may lack focus, resources, or strategic relevance. The game isn’t about building a great team, it’s about building one that is agile, aligned with strategic leadership, capable of using intelligence to shape decisions.
Increase, not autonomy
Rusher says AI frames risky work rather than replacing it.
“AI should help humans make better decisions, not replace them,” he says.
Rusher notes that while AI is ideal for synthesizing unstructured data on suppliers, contracts, audits and certificates, it still lacks the standardized context to fully automate decisions in sensitive areas. This nuance is essential because in third-party risk management you are dealing with diverse industries, variable data and high stakes.
“There’s just not enough standardization yet for AI to be able to make these calls safely,” Rusher says of autonomous agentic AI in the context of supplier risk.
Risk management professionals, by their very nature, are cautious and conservative. The idea that AI will overcome these habits is naive: it is not. But that doesn’t mean AI doesn’t have a role to play. Adler highlights how supplier risk intelligence evolves from detection to prediction. He points out that forward-looking organizations will use these systems to anticipate risks “such as cyberattacks, litigation or mergers and acquisitions.” This predictive capability sits at the intersection of human judgment and machine understanding, where AI structures the mess, humans interpret the implications, and leaders act accordingly.
According to Rusher, the idea that AI would replace human prudence is naive. “Risk professionals aren’t ready to tell the CEO that the AI didn’t see the risk,” he says. This is not to say that AI lacks value. This means its value lies in partnership, not replacement.
Moving from reactive to strategic
The final focus of the conversation is forward-looking: Risk teams must move beyond compliance and reaction to resilience and strategy. Rusher puts it this way: “Third-party risk management is not an IT project; it is an ongoing strategy. » The goal is not simply to survive disruption, but to strategically position the supply chain to take advantage.
Adler reinforces the emerging expectation that, rather than simply filling gaps, large companies will integrate supplier risk intelligence into network design, enabling scenario modeling, what-if simulations, and dynamic decision-making. In other words, risk intelligence becomes a core business capability, not a secondary process.
For supply chain leaders, the message is clear: the next wave of value lies in integrating AI and other technologies with the key human calculations that have guided third-party risk management for generations.
AI is not about removing humans from risk management, but about amplifying their foresight. “Companies always assume their risks,” Rusher says. They no longer have to do it alone.