SureCloud launches Gracie AI, a virtual GRC team to fix the broken operating model

Gracie debuts as the first cross-domain agentic capability in GRC, convening AI experts across risk, compliance, audit and third-party domains on a single task

LONDON , May 8, 2026 /PRNewswire/ -- SureCloud Ltd. has two decades of experience as a leading provider of Governance, Risk, and Compliance (GRC) solutions trusted by organisations from global banks to some of the UK's largest retailers. Its latest release introduces persona-based AI agents that fill specialist positions across a GRC programme, execute against organisation's own expertise and operate within a governed architecture purpose-built for regulated functions.

The capacity problem behind compliance fatigue

GRC has been a discipline of skilled people doing manual work. That equation has now become mathematically impossible. SureCloud research finds that 49 per cent of UK enterprises struggle to keep up with five or more major regulations at once, and 57 per cent say budget constraints the hiring needed to close them.

Security risk and compliance professionals are not short of expertise. They are short of the capacity to execute every assessment, review every control, chase every document and produce every report at the pace now required.

A virtual GRC team, not another co-pilot

This is a major enhancement to SureCloud's GRC platform, moving beyond common conversational capabilities to true autonomous agents capable of executing over 200 distinct actions within the platform. Agents give teams reach, not taking jobs but allowing people to work more effectively across repetitive workloads.

SureCloud ships Personas for every role, from Risk SMEs to Privacy SMEs. Customers can invoke this virtual team for reasoning on specific tasks and then define how each agent operates within their policies and governance structures.

Skills then codify how the specific GRC activity is performed, taking the best expertise from SureCloud or their own business, and ensuring repeatable consistency.

Nick Rafferty, CEO, SureCloud, said:

"For two decades, GRC has been a discipline of skilled people doing manual work. The expertise was always there. The execution capacity never was. Gracie changes that equation by giving every person an agent counterpart that carries their workload, operates to their standard and frees them to do the work only a senior expert can do. This is the moment GRC stops being a record-keeping exercise and starts being an executable one."

SureCloud was recognised this month in three categories of the Gartner Hype Cycle for Cyber-Risk Management, 2026 and Gartner's new Innovation Insight: Cyber GRC.

Logo - https://mma.prnewswire.com/media/2975638/SureCloud_Logo.jpg