Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything
In this episode of the Distilled Security Podcast, we break down three converging forces reshaping how organizations manage AI risk — and what you need to do about it now.
🔹 BIPA + AI Notetakers — A class action lawsuit exposes unauthorized biometric data collection, why a single Illinois meeting participant creates liability, the Shopify wiretapping dismissal, and the steps you should take today to audit your AI tools
🔹 GRC Engineering Meets AI — Real AI compliance tools vs. vaporware, using LLMs for policy drafting and control mapping, the hallucination accountability problem, building AI guardrails as code, and the NIST RFI on AI Agent Security (comments due March 9, 2026)
🔹 ISO 42001 Deep Dive — The first AI Management System standard, how it differs from ISO 27001, AI Impact Assessments vs. traditional risk assessments, stakeholder engagement requirements, and why certification is becoming essential for EU AI Act compliance
🥃 Spirit Review: Redbreast 12 Cask Strength
https://www.redbreastwhiskey.com/en-us/whiskey-collections/redbreast-cask-strength-whiskey/
⏱️ Timestamps
0:00 Intro & Episode Overview
2:04 BIPA & AI Notetakers
25:08 GRC Engineering Meets AI
1:07:15 🥃 Spirit Review: Redbreast 12 Cask Strength (Irish Whiskey)
1:11:17 ISO 42001
1:49:30 Outro & wrap-up
🎙️ Hosts
Justin Leapline – @justinleapline
Joe Wynn – @wynnjoe
Rick Yocum – @rickyocum
🌐 Connect with Us
Website: distilledsecuritypodcast.com
X: @DisSecPod
Email: hello@distilledsecuritypodcast.com
👍 Like, comment, and subscribe for weekly security and compliance insights.
🔹 BIPA + AI Notetakers — A class action lawsuit exposes unauthorized biometric data collection, why a single Illinois meeting participant creates liability, the Shopify wiretapping dismissal, and the steps you should take today to audit your AI tools
🔹 GRC Engineering Meets AI — Real AI compliance tools vs. vaporware, using LLMs for policy drafting and control mapping, the hallucination accountability problem, building AI guardrails as code, and the NIST RFI on AI Agent Security (comments due March 9, 2026)
🔹 ISO 42001 Deep Dive — The first AI Management System standard, how it differs from ISO 27001, AI Impact Assessments vs. traditional risk assessments, stakeholder engagement requirements, and why certification is becoming essential for EU AI Act compliance
🥃 Spirit Review: Redbreast 12 Cask Strength
https://www.redbreastwhiskey.com/en-us/whiskey-collections/redbreast-cask-strength-whiskey/
⏱️ Timestamps
0:00 Intro & Episode Overview
2:04 BIPA & AI Notetakers
25:08 GRC Engineering Meets AI
1:07:15 🥃 Spirit Review: Redbreast 12 Cask Strength (Irish Whiskey)
1:11:17 ISO 42001
1:49:30 Outro & wrap-up
🎙️ Hosts
Justin Leapline – @justinleapline
Joe Wynn – @wynnjoe
Rick Yocum – @rickyocum
🌐 Connect with Us
Website: distilledsecuritypodcast.com
X: @DisSecPod
Email: hello@distilledsecuritypodcast.com
👍 Like, comment, and subscribe for weekly security and compliance insights.
