The IT Nerd

Vanta today unveiled a number of new products that redefine how enterprises earn and prove trust at scale. Powered by intelligent automation, Vanta’s industry-first Agentic Trust Platform helps teams understand their environment, anticipate what’s next, and automate workflows across compliance, risk, and security assessments.

According to Vanta’s 2025 State of Trust, 72% of business and IT leaders say overall risk is at an all-time high, yet nearly two-thirds spend more time posturing than protecting their organization. This highlights the need to adopt AI in ways that enhance security and decrease busywork.

Vanta’s Agentic Trust Platform brings new industry-defining capabilities including:

• Vanta AI Agent 2.0: At the intelligent core of the Vanta Agentic Trust Platform, it acts as a 24/7 GRC engineer that understands an organization’s environment – anticipating what’s next, providing proactive, personalized guidance, and keeping compliance in sync.
• Organizations Center: Organizations Center gives CISOs complete visibility across business units, products, and geographies with AI-powered scoping and audit workflows that simplify the audit process across complex enterprises.
• Risk Graph: The Vanta Risk Graph turns fragmented risk data into a real-time, actionable map that shows how organizations’ risks connect and spread, pinpoints high-impact issues, and guides action before they escalate.
• Customer Commitments: Customer Commitments maps customer obligations to the right controls and automates follow-through, ensuring every promise is tracked, met, and transparently communicated.

Vanta AI Agent 2.0 orchestrates trust workflows

Launched in July, the Vanta AI Agent saves customers an average of four hours per week by automating evidence collection and streamlining policy management.

With the launch of the Vanta AI Agent 2.0, it’s evolving into a dynamic 24/7 GRC engineer with complete program awareness and understanding. Powered by context and memory, the Vanta AI Agent 2.0 can expose program gaps, provide proactive, personalized guidance, and even take coordinated actions on critical work.

The Vanta AI Agent can now:

• Accelerate audit preparation: Automatically collects and validates evidence, eliminating one of the most time-consuming and error-prone parts of audit prep. Asking the agent to help with various elements of audit prep such as identifying updates for a new framework, drafting policies for an office expansion, or recommending privacy adjustments for EU operations generates actionable, tailored responses in seconds.
• Automate security questionnaires: Takes the first pass at questionnaires – filling in verified answers, surfacing gaps before they slow reviews, and giving teams ready-to-share responses to close deals faster.
• Review and monitor vendors: Streamlines vendor oversight from discovery and due diligence through continuous monitoring, surfacing high-priority alerts so teams can focus where it matters most.

The Vanta AI Agent 2.0 will be available in the coming months.

Enterprise-grade visibility and control

As companies grow, so does the complexity of their compliance and risk programs with new products, acquisitions and regions introducing additional compliance frameworks and siloed information. Designed for CISOs and GRC leaders, Organizations Center connects multiple Vanta organizations into a single view while maintaining separation where needed. Along with Organizations Center, new enterprise capabilities will allow businesses to:

• Define scopes across an organization: Defines scope by business unit, product line, geography, or acquisition. Vanta updates automatically as systems, personnel, or vendors change – keeping compliance current without manual effort.
• Manage auditor requests: Simplifies audit collaboration by managing auditor requests, internal reviews, and evidence evaluation directly in Vanta or through the API.
• Unify overlapping frameworks: Groups related controls into common requirements with mapped evidence, policies, and risks.

Risk Graph unifies risk management

In a connected business environment, even a single vendor vulnerability or internal misconfiguration can ripple across supply chains. According to Forrester, organizations are expanding their ecosystems of third-party relationships, creating interconnected risk exposure that traditional approaches struggle to manage.

Vanta’s Risk Graph creates a single source of truth for risks across the organization, turning disconnected alerts into a connected map that shows relationships across risks and how they spread throughout an environment. By combining signals from a company’s internal risk environment with third-party insights on vendors and flagging risks as they surface, Vanta’s Risk Graph enables teams to prioritize the highest-impact risks and trigger automated workflows from the Vanta AI Agent. The result is that teams can see not just what the risks are, but how they connect and where to act first.

The Vanta Risk Graph will be available in early 2026.

Customer Commitments keeps customer promises

Once a deal is signed, keeping up with promises made to customers is essential to maintaining trust and driving renewals. But many organizations struggle to manage these promises, especially custom obligations like breach notification SLAs or subprocessor updates. When an incident or vulnerability occurs, teams scramble to identify who they made commitments to – delaying responses and risking broken promises.

Customer Commitments is the only intelligent compliance solution that centralizes, tracks and acts on every promise an organization has made. It sends alerts if commitments are at risk, automates workflows to act on triggered commitments, maps commitments to relevant controls, and keeps customers informed through the Trust Center with verified, transparent updates.

Customer Commitments is in preview and will be available next year.

VantaCon 2025: Agentic Trust Platform

Vanta will debut and demo its Agentic Trust Platform tomorrow, November 19 at 9:30am PT at VantaCon 2025: AI is Rewriting Trust. Speakers from Anthropic, Snowflake, 1Password, Clay, Sierra, Golden State Warriors, Golden State Valkyries, Ramp, Duolingo and more will explore how AI is transforming trust, risk and compliance. To register for the livestream of the product keynote, visit https://www.vanta.com/vantacon.

Vanta today released its third annual State of Trust Report, an in-depth analysis uncovering global trends in AI, security, compliance, and trust from a survey of 3,500 IT and business leaders across the U.S., U.K., France, Germany and Australia.

Today, 72% of organizations say the security risks for their company have never been higher—a 17 point increase from 2024 when 55% said the same. As AI-driven cyber threats proliferate, organizations admit they can’t keep up, with a majority (59%) of business and IT leaders warning that AI cyber threats are advancing faster than their security team’s expertise to deal with them. In the past year, half of all organizations reported an increase in AI-generated phishing (49%), AI-powered malware (48%), and AI-driven identity theft or fraud (47%). 

On the other hand, companies leveraging AI agents to protect against AI-cyber attacks is increasing sharply, with 8 in 10 leaders currently using AI agents or planning to this year. However, AI usage doesn’t match the understanding of the technology—particularly when it comes to agents with nearly two-thirds (65%) saying their use of agentic AI outpaces their understanding of it. 

Agentic AI adoption is high, but control is low

To combat the surge of new attack vectors, security teams are trusting agentic AI with everything from decision-making to security strategy. But a lack of governance threatens to do more harm than good:

• 79% of leaders are currently or planning to use AI agents to protect against AI-cyber attacks
• 61% say they trust agentic AI to override human decision-making in certain scenarios like suspending a risky browser extension or session when a policy violation is detected 
• 71% of teams feel comfortable with agentic AI giving input on security strategy
• But AI usage doesn’t match understanding—nearly two-thirds (65%) say their use of agentic AI outpaces their grasp of it 
• A mere 48% have developed a framework for granting or limiting autonomy in AI systems

Security theater is getting in the way of real protection 
The security paradox of AI means that as customers demand more proof of security, many teams are spending more time proving security, rather than improving it.

While 8 in 10 believe improving security and compliance directly boosts customer trust, leaders say their organizations only spend half of what they should on security—dedicating 10% of IT budgets to security vs a 17% ideal. This amounts to 12 working weeks per year spent on compliance related tasks (vs 11 last year), and 9 working weeks per year on vendor security reviews and risk assessments (vs 7 last year).

As a result, 61% say they spend more time proving security rather than improving it, with 64% saying today’s security frameworks feel like ‘security theater’.

AI banishes cybersecurity team burnout
Amid growing compliance pressure, AI is both a relief valve and a reinvention tool. It’s helping overburdened teams do more with less, automating manual tasks and freeing up time for meaningful security work:

• 76% of security and compliance leaders say AI and automation tools are reducing burnout and improving day-to-day productivity
• 95% believe AI and automation have improved security team effectiveness
• 1 in 2 say that risk assessments and incident response times are faster and more accurate with AI

Vantacon 2025: How AI is rewriting trust 

On November 19, Vanta will host VantaCon 2025: How AI is Rewriting Trust, bringing together security’s brightest minds for a half-day of keynotes and panels exploring how AI is transforming trust, risk and compliance.

Speakers including Alex Stamos, CSO at Corridor & Professor at Stanford, Former Chief of Security at Facebook; Jason Clinton, CISO, Anthropic; Jason Priest, VP, Security / CISO, 1Password; Mandy Matthew Lead Security Risk Program Manager, Duolingo and Andrew Becherer, CISO, Sublime Security. 

To learn more, visit https://www.vanta.com/vantacon

Methodology
In July 2025, quantitative research conducted by Sapio Research was commissioned by Vanta to understand the challenges and opportunities businesses are facing when it comes to security and trust management. Vanta and Sapio Research co-designed the questionnaire and surveyed the behaviors and attitudes of 3,500 business and IT leaders across the U.S., UK, France, Germany and Australia. 

For consistency with prior years’ analyses, the data presented here and in the global report reflects a subset of 2,500 respondents from the U.S., U.K., and Australia. Tracking data from the 2024 State of Trust Report has also been included, sample sizes in 2024 were 1,000 in the UK and U.S. and 500 in Australia.