Jyoti Wadhwa: AI Governance at Scale, Decision Risk, and the Future of the SDLC

In this episode of Risk-First: Stars of Software, Rob Moffat talks with Jyoti Wadhwa, global leader in AI governance and enterprise technology risk, and contributor to FINOS AI governance efforts.

Jyoti has spent her career helping large organisations—from Fortune 100 companies to US federal agencies—adopt emerging technologies safely, translating regulatory expectations, risk frameworks, and responsible AI principles into governance models that actually work in practice. Which makes her the perfect person to explore what governance really means when you’re operating at scale.

The conversation explores how organisations move from individual experimentation with AI tools to coordinated, enterprise-wide adoption, why governance isn’t about slowing things down but enabling decisions, and how the shift to agentic, non-deterministic systems is fundamentally changing the software development lifecycle.

Along the way, Rob and Jyoti dive into:

• Why governance is really about decision-making at scale—not documentation
• The concept of decision risk as the most important risk in AI adoption
• How organisations must bring the right stakeholders together based on use case, not hierarchy
• Why governance enables innovation rather than slowing it down
• The three major AI risk buckets: regulatory/compliance, data & privacy, and operational visibility
• How policies translate from law → organisational agreement → technical controls
• Why the SDLC is shifting from deterministic pipelines to probabilistic, agent-driven systems
• The challenge of maintaining control and auditability in AI-driven development
• Why “human in the loop” systems must account for psychological limits like vigilance decrement
• The emergence of baseline architectures and reference models for safe AI adoption
• Why inconsistent LLM usage across business units is already a real-world governance failure
• How FINOS and industry standards help create shared “baselines of good” across firms
• Why vendor risk and AI tooling sprawl are becoming major enterprise concerns
• How regulation will continue to lag innovation—but increase rapidly in response

## Links

FINOS AI Governance Framework
https://github.com/finos/ai-governance-framework
Open-source framework defining risks and controls for adopting AI in financial services.

FINOS (Fintech Open Source Foundation)
https://www.finos.org
Industry foundation enabling collaboration on open standards and governance across financial services.

NIST AI Risk Management Framework
https://www.nist.gov/itl/ai-risk-management-framework
Widely referenced framework for managing AI risk, governance, and trustworthy AI systems.

MITRE ATT&CK Framework
https://attack.mitre.org
Knowledge base of adversary tactics and techniques used for threat modelling and security analysis.