IBM’s OpenPages 9.2 pushes AI governance into workflows

IBM is pushing AI governance closer to the point of execution, not just the policy layer. With OpenPages 9.2, the company said AI can be configured directly into workflows, validations and the user experience itself, a setup that turns governance into a day-to-day operating task for the teams running risk and compliance.

The release adds six new enhancements and builds on OpenPages’ role as IBM’s AI-powered, unified GRC platform for risk, compliance and audit functions. IBM said OpenPages 9.2.0 brings new capabilities in GRC Canvas, more efficient user task experiences, and updated AI, questionnaire and administration features. IBM support also said OpenPages 9.2.X became generally available on March 27, 2026, with OpenPages as a Service and on-cloud, on-premise versions arriving on different schedules.

That shift matters because it changes who owns the work. Governance is no longer sitting in a policy binder or a quarterly review deck. It is being threaded into the systems where employees approve requests, validate actions and move work forward. For managers, that means more cross-functional handoffs between product, security, compliance and operations, and less room for vague claims that a process is “covered” without showing how the control actually runs.

For monday.com teams, the parallel is hard to miss. In its March 11 announcement, monday.com said monday agents draw on live data across departments, workflows and priorities while operating inside the same permissions, security and governance the business already trusts. The company also said external AI agents can sign up, access the platform and execute work alongside human teams, with a dedicated pathway for agents acting on behalf of people.

monday.com’s support materials now go further into administration. Enterprise admins can use an AI governance section to monitor AI across an account, set usage limits, and control access by workspace or role. The platform also has an Agent directory for viewing and deactivating agents, and its builder documentation says agents can be limited to read-only board access or given permission to edit and add data. In other words, the controls are not abstract; they are part of how the product is run.

That is the real competitive backdrop for IBM’s update. In regulated industries, buyers want to know who approved what, when it happened and what evidence exists if something goes wrong. monday.com’s Audit Log and Audit Log API are already pitched around tracking system activity, controlling exports and spotting suspicious behavior. IBM’s latest move suggests that workflow-native governance is becoming the baseline expectation, and enterprise software teams will have to build for it, not just talk about it.