AI and the Future of Third-Party Risk

Description

What the field looks like now, how it got here, and what you need to do about it.

This is the entry point for the "TPRM in the Age of AI" series and the one module every TPRM practitioner should take regardless of seniority. It does not assume any AI background. It starts from first principles: why the attestation model is breaking down, what four real incident case studies say about the gap between declared controls and observable evidence, and what the arrival of AI means for the profession — both the opportunity and the threat.

The module is deliberately uncomfortable in places. It names which parts of the TPRM role are most at risk. It presents the AI-on-AI problem directly: when both the vendor completing the questionnaire and the program reviewing it are using AI, the result is a fast, confident, expensive process that generates zero new information about actual security posture. It also names the structural fact that assessment volume will increase while headcount stays flat — and frames this as something to prepare for, not fear.

By the end, participants have a clear picture of what is changing, a calibrated view of what AI can and cannot do in their work, and five concrete actions to take this week and this quarter — none of which require budget approval.

• Audience: All practitioners
• Format: Live sessions over Zoom
• Length: 120 minutes
• CPE: 2 CPEs
• Prerequisites: Minimum one year of TPRM, GRC, vendor management, or related experience. No prior AI or technical background required.
• Providing Organization: Coverbase
• Instructor: Clarence Chio – Cofounder & CEO of Coverbase, Instructor at UC Berkley since 2019

____________________________________________________________

About This Series

AI and the Future of Third-Party Risk is Module 1 in a four-part series from Coverbase, "TPRM in the Age of AI." It is a four-module professional development series for TPRM practitioners at every level — from analysts who want to understand what AI is doing to their day-to-day work, to directors who need to redesign programs and make the board-level case for investment. Each module is self-contained and CPE-eligible through TPRA. They can be taken individually or as a progression.

The series was designed in response to a clear and present problem: AI tools are automating the operational layer of TPRM faster than most practitioners have had time to understand what that means for their roles, their programs, and the field. This series closes that gap — not with abstract AI theory, but with practical skill-building grounded in real incidents, real failure modes, and the regulatory pressures that are reshaping what "adequate oversight" actually means. 

Modules

1. Module 1: AI and the Future of Third-Party Risk (this)
2. Module 2: The Practitioner's Skill Stack
3. Module 3: Building and Leading the AI-Augmented Program
4. Module 4: Technical Fluency for the Modern TPRM Professional

Series Key Details

• Format: Live sessions over Zoom
• Length: 6 hours across 4 modules
• CPE Eligibility: All modules eligible upon verified completion through TPRA LMS
• Prerequisites: Minimum one year of TPRM, GRC, vendor management, or related experience. No prior AI or technical background required.
• Providing Organization: Coverbase
• Instructor: Clarence Chio – Cofounder & CEO of Coverbase, Instructor at UC Berkley since 2019

Training

Learning Objectives

• Articulate the structural limitations of attestation-based TPRM using real incident data.
• Identify which parts of their current role are most at risk of automation and which are growing in value.
• Apply the AI capability spectrum to evaluate what an AI tool in their program is likely to do well and where it will fail.
• Describe the AI-on-AI problem and explain why it requires an evidence-first response.
• Produce a five-item this-week and five-item this-quarter action plan grounded in their own program context.

Procedure

1. Enroll in the course
2. Attend live training session
3. Complete all modules within the course
4. Receive your CPE certificate

Course Content