Vanta bakes generative AI into core security and compliance product

Compliance and security vendor Vanta is the latest to roll generative AI features into a core product line, bringing large language model-powered risk management assistance and high-level guidance to the company's digital trust platform.

Vanta’s lineup of generative AI features, announced today, will include three key tools designed to simplify the work faced by security and compliance professionals. The first is an AI addition to its vendor risk management product, which should allow security teams to automatically pull information from vendor-generated reports like SOC 2 and DPA for instant analysis.

"This information is usually buried within dense documents," said Chase Lee, vice president of product for Vanta. "[This makes] reviews extremely time-consuming and labor-intensive, without a single source of truth for information."

The second new capability is questionnaire automation. Security questionnaires are required by numerous software companies, allowing them to ensure that appropriate security measures -- covering everything from physical security to the network to policy and procedure -- are in place. The information teams need to provide is often buried in compliance reports, written policies and previous questionnaire responses, which has traditionally led to a considerable amount of manual work for security teams. Using AI, however, Vanta said that responses can be generated more or less automatically, in just a few clicks.

"The accuracy of responses is crucial, and inaccurate or outdated information can lead to legal challenges for the vendors involved," noted Lee.

Finally, Vanta's updated lineup now offers automated guidance and suggestions for security and compliance frameworks like GDPR and PCI DSS. Taking advantage of the capabilities of LLMs, the system can automatically make policy suggestions and suggest testing regimens for its end users, taking another task that's generally performed manually and simplifying it.

"What used to be tedious, time-consuming manual work is now accelerated and less prone to potentially costly errors," said Jeremy Epling, the company's chief product officer.

The vendor risk management and questionnaire automation products are currently available in beta, with the compliance control features coming "soon," according to the company. All of the new AI tooling is designed to function as a core part of Vanta's existing trust and security platform, and isn't sold separately or for an add-on fee.