Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything

In this episode of the Distilled Security Podcast, we break down three converging forces reshaping how organizations manage AI risk — and what you need to do about it now.🔹 BIPA + AI Notetakers — A class action lawsuit exposes unauthorized biometric data collection, why a single Illinois meeting participant creates liability, the Shopify wiretapping dismissal, and the steps you should take today to audit your AI tools🔹 GRC Engineering Meets AI — Real AI compliance tools vs. vaporware, using LLMs for policy drafting and control mapping, the hallucination accountability problem, building AI guardrails as code, and the NIST RFI on AI Agent Security (comments due March 9, 2026)🔹 ISO 42001 Deep Dive — The first AI Management System standard, how it differs from ISO 27001, AI Impact Assessments vs. traditional risk assessments, stakeholder engagement requirements, and why certification is becoming essential for EU AI Act compliance🥃 Spirit Review: Redbreast 12 Cask Strengthhttps://www.redbreastwhiskey.com/en-us/whiskey-collections/redbreast-cask-strength-whiskey/⏱️ Timestamps0:00 Intro & Episode Overview2:04 BIPA & AI Notetakers25:08 GRC Engineering Meets AI1:07:15 🥃 Spirit Review: Redbreast 12 Cask Strength (Irish Whiskey)1:11:17 ISO 420011:49:30 Outro & wrap-up🎙️ HostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocum🌐 Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com👍 Like, comment, and subscribe for weekly security and compliance insights.