Vanta last month released a report that illustrated the conflicted views that organizations have of AI, seeing the fast-evolving technology as both an effective cybersecurity tool and a growing threat and worrying whether the risks are outpacing their expertise.
In the AI-driven trust management firm’s third annual
State of Trust Report, it found that 72% of the 3,500 business and IT leaders surveyed said the security risks facing their companies have never been higher, and that 59% said that AI-fueled cyber threats are advancing faster than their security team’s ability to address them.
That said, eight in 10 said they use AI agents or are planning to deploy them this year, even though 65% said their use of agentic AI outpaces their understanding of it.
Jeremy Epling, Vanta’s chief product officer, said in a
statement at the time that “AI has completely changed the security equation. It’s creating new risks at unprecedented speed, but it’s also one of the most powerful tools we have to strengthen defenses and limit burnout for overworked security teams.”
The San Francisco-based company, like
many in the cybersecurity field, is giving security and IT teams tools to use AI to automate their security processes and gain greater visibility into their environments. This year alone, Vanta has rolled out such offerings as tools to
unify policy management using the Vanta AI Agent – which itself was
unveiled in June – and the
AI Security Assessment offering.
A 24/7 GRC Engineer
This week, Vanta – which in July
raised $150 million in Series D funding, bringing the total amount it’s secured to $504 million and growing its valuation to $4.15 billion – announced its Agentic Trust Platform, which includes a range of new products to automate workflows across such areas a compliance, risk, and security assessments, understand their environments, and anticipate what’s on the horizon.
The platform includes the next iteration of Vanta’s AI Agent – 2.0 – that acts as a ‘round-the-clock governance, risk, and compliance (GRC) engineer to understand the environment and deliver proactive guidance to ensure compliance, Organizations Center, which gives CISOs total visibility across business units, products, and geographies, and Risk Graph that takes fragmented risk data and turns it into a real-time, actionable map showing how risks connect and spread, raises important issues, and guides actions.
Meanwhile, Customer Commitments maps the obligations customers have to ensuring they have the right controls and automate and communicate every promise.
“As cyberattacks and breaches become more sophisticated, there has been a fundamental shift in how security leaders approach what trust means in the digital age,” Epling told MSSP Alert, adding that “72% of business and IT leaders say overall risk is at an all-time high, yet nearly two-thirds spend more time posturing than protecting. The challenge becomes how do we empower teams to move beyond manual, reactive work?”
He said the “workflows, automation, and AI Agent give companies a complete picture of their entire program and suggestions on how to improve it.”
Enter Vanta AI Agent 2.0
The evolution to Vanta AI Agent 2.0 moves it from automating evidence collection and streamlining policy management – capabilities that the company said saves organizations an average of four house a week – in a full GRC tool, exposing program gaps, providing proactive and personalized guidance, and taking coordinated actions when needed.
For MSSPs and MSPs, the Agentic Trust Platform enables “operational efficiency and expanded client services,” Epling said. “Ultimately, the platform will make our partners more scalable and empower them to deliver verifiable trust continuously across all their client engagements.”
The Rise of Agents
The emergence of AI agents over the past year or so only adds to the paradox that AI can be, with 79% of IT and business leaders adopting AI agents, while 65% say their uses outpaces their understanding.
“There’s risk with agents, but they also bring a lot of power and opportunity to simplify and streamline workflows,” Epling said. “More than ever, businesses need to think about what AI technology they're bringing in and how they think about their vendors. Our vision for continuous trust is critical to bridging the knowledge gap and protecting companies.”
Automating Processes
Vanta’s AI Agent 2.0 can accelerate the process for preparing for audits by automatically collecting and validating evidence, a time-consuming and error-process process. It also can automate security questionnaires by taking a first run at them, including filling in verified answers, raising gaps so they don’t slow reviews, and giving teams responses they can share to more quickly close deals.
The agent also can also streamline an organization’s oversight of their vendors, from when companies discover vendors and run due diligence on them through continuous monitoring and issuing high-priority alerts.
“Modern enterprises win or lose on trust,” Epling said, noting that with the new platform Vanta ensures that “companies bring trusted tools into the organization and offer holistic visibility into their risk posture so that teams can discover anomalies and act quickly.”
