Shaped by Cyber Experts: The AI GRC Agents Built From the Field

By: The Commugen Team

Michal Diamant, a Solution Architect at Commugen, has been instrumental in driving some of Commugen’s recent product enhancements through her direct work and insights gained from collaborating with customers. From uncovering emerging workflow gaps to shaping new features that strengthen daily security operations, Michal brings a field-driven perspective that keeps our roadmap aligned with what customers truly need. Here is our interview with her:

Q1. To start off, can you share a bit about your role and how you collaborate with customers day to day?

In my role, I work very closely with customers, spending a lot of time understanding how their security and risk teams operate in real life. Day to day, this means having ongoing conversations about their workflows, challenges, and the pressures they face when managing complex environments. My close customer proximity reveals recurring organizational patterns and pain points that impact team efficiency, often before formal requests are made.

Q2. What is a recurring customer challenge that first sparked the idea for GRC AI Agents?

One challenge that consistently arose was vendor risk validation. Customers manage large supplier ecosystems, and each supplier is assessed through different questionnaires depending on their domain and risk level. Vendors submit answers and upload certificates or compliance documents, but security teams then have to manually validate whether those documents truly support the claims being made.

When you’re dealing with a high volume of suppliers, this becomes extremely time-consuming and difficult to scale. The real pain wasn’t collecting information; it was verifying it. Customers needed a way to quickly see whether a supplier’s answers aligned with the documents they uploaded, without manually checking dates, standards, and criteria every time. This challenge arose consistently across the customers I manage and within the solution architect team, making it clear that this was a problem worth solving.This led us to create an AI evidence analysis agents that automates third-party security reviews.

Q3. How did customer insights influence the development of the TPRM AI Agent?

Customer insights were central to how we built the AI agent. Together with the product team, we took real supplier responses and documents and translated them into clear verification criteria. We defined what needed to be checked: dates, compliance requirements, and specific parameters, and sent both the documents and the criteria to an LLM for evaluation.

The AI agent scans the certificates suppliers upload, compares them against the answers they provided, and determines whether there is alignment. It then returns a clear status and score, along with a detailed explanation of any gaps it finds. For example, if a supplier claims compliance with a standard but the document says otherwise, the agent highlights exactly where the mismatch is. This approach was shaped directly by customer feedback, ensuring the output was not just automated but also understandable and actionable.

Q4. Since the launch, how have customers integrated automatic TPRM into their daily operations? What early results or reactions have stood out?

The response has been extremely positive. Everyone who’s seen the TPRM AI agent has been genuinely excited about it, especially because they immediately understand how much manual work it can remove from their daily routines. The customer who originally inspired the idea even came back with additional suggestions, which really emphasized the value of close collaboration between customers and solution architects.

One idea that emerged early on was creating additional agents that help align controls and exposures dynamically, rather than continuously opening new controls for every change. These reactions reinforced how impactful it can be when solutions are built together with customers, based on real operational needs.

Q5. What did this project teach you about building security tools that truly support IT teams in real-world environments?

On a personal level, this project deeply exposed me to the practical power of AI. These agents aren’t just theoretical; they help eliminate real, painful manual work that customers deal with every day. My goal throughout all projects I manage is to take the biggest customer challenges and find ways to remove them entirely through Commugen’s no-code platform.

This experience underscored the critical importance of deeply understanding both the customer's struggles and the technology's potential. It requires clearly defining the problem, translating it into precise technical specifications, and communicating effectively with the LLM model. These lessons instilled in me the habit of always questioning "why." Witnessing customers' live reactions, seeing them realize how significantly their daily work could be improved, was an incredibly impactful and motivating force.

Q6. Are there emerging customer needs or industry shifts that you see shaping the next wave of improvements?

Absolutely. I see many opportunities to introduce additional AI agents, especially in the area of operational risk. There’s a growing need not just to identify what’s new, but also to optimize what already exists continuously. I’m already mapping out ways AI can help improve ongoing processes, making risk management more efficient and proactive rather than reactive.

Q7. Finally, what advice would you offer security teams seeking to maximize the value of these features in their own environments?

My advice is to start by identifying where the pain really is. Ask yourselves what takes the most time, what feels unnecessarily manual, and where your teams are losing efficiency. Focus on the highest costs, whether that’s time, manpower, or complexity.

Once you clearly define your number-one problem, it becomes much easier to solve it. With the right understanding of the challenge, any skilled architect can leverage the tools available in Commvault to turn that pain point into a streamlined, scalable solution.

If you’d like to explore more stories about how real customer challenges

shape our platform and see how Commugen’s no-code automation

can look at your organization