Vanta, the leading Agentic Trust Platform, today announced the Vanta Agent for Risk, bringing internal and third-party risk into a single, continuously updated view program for the first time. The Agent for Risk is built on the Trust Graph, Vanta’s unified data foundation spanning 400+ integrations and 1,400+ continuous tests.
The Agent for Risk and Trust Graph create a living, connected map of an organization’s controls, vendor relationships, assets and compliance obligations. The result is a risk program that stays current automatically, giving security and GRC teams the context to act faster, communicate more confidently to leadership, and get ahead of exposure before it becomes an incident.
The Agent for Risk strengthens the security posture of companies while AI reshapes the risk surface from both inside the organization and through the vendor door. As “builder culture” spreads beyond engineering, non-technical employees are deploying AI tools and integrations at record rates resulting in risk footprints expanding faster than security teams can review.
According to data from Vanta’s 16,000 customers, organizations with formalized builder roles adopt AI vendors at a 73% higher rate than those without. While 30% of those vendors are flagged as high or critical risk, enterprises are reviewing only 7% of their vendor inventory. And when a risk is surfaced, teams only remediate it 12% of the time. With builder roles growing 311% year-over-year, risks within enterprises are only going to rise.
“Risk doesn’t live in a single tool, and neither does the exposure that matters most. When a vendor with broad data access is tied to an internal control that is already drifting, a siloed system can’t see the connection,” said Jeremy Epling, Chief Product Officer, Vanta. “The Trust Graph makes that picture visible, and the Vanta Agent for Risk reasons across it continuously. This means security and compliance teams get a risk posture that reflects what is actually happening in their environment today rather than last quarter.”
The Vanta Agent for Risk: Continuous intelligence across the entire program
The Vanta Agent for Risk replaces manual reconciliation between systems by orchestrating across the Trust Graph to find, connect and prioritize risk across internal and third-party programs together. The result is a single living view that includes:
- Risk to Vendor Mapping: Vendor findings surface directly in the internal risk register so third-party exposure becomes owned, tracked and actionable.
- Risk to Asset Mapping: Risks are linked to the real assets they affect so scope and impact are immediately visible when a vendor incident or control drift occurs.
- Risk to Control Mapping: When a control drifts, risk posture updates automatically, including any vendor relationships tied to that control.
“Risk does not sleep. We cannot rely on a once-a-year annual risk assessment and say we are done. We have to assess risk continually,” said Chuck Kesler, CISO, Pendo. “The Vanta Agent for Risk provides us with a real-time vantage point of our risk profile.”
New internal risk capabilities ground prioritization in real factors
Alongside the Agent for Risk, Vanta is introducing new internal risk capabilities that give security and compliance teams real-time confidence in their risk posture versus a point-in-time snapshot:
- AI Risk Library: A purpose-built knowledge base for governing AI tools and internal AI practices, built on Vanta’s in-house GRC expertise. Security and compliance teams get a structured starting point and a pre-built register so they are not building from scratch every time a new AI vendor comes online, approved or otherwise.
- Factor-Based Inherent Scoring: Each risk is scored across financial, brand and operational impact separately so prioritization is grounded in defensible criteria. Paired with automated residual scoring, the risk posture updates continuously as controls change rather than going stale the moment it is published.
Third-Party Risk Management (TPRM) Agent updates deepen continuous third-party monitoring
The Agent for TPRM has been optimized for the entire end-to-end assessment and enables deeper continuous monitoring for organizations. Vendor posture is tracked continuously rather than refreshed at assessment cycles so changes in a vendor’s environment feed the program as they happen. When a vendor incident surfaces, teams receive evidence-backed context, asset-level detail and the ability to follow up directly, all without leaving Vanta. Paired with the Agent for Risk, security and compliance teams can now own and prioritize risk across vendors and internal controls in one place for the first time.
Vanta Delivers: Live from New York
Vanta will debut these new capabilities on June 3 during its quarterly Vanta Delivers launch event, broadcast live from New York. The event features conversations with Chuck Kesler, CISO, Pendo, Scott Bachand, CIO/CISO, Ro, and Jonathan Aluveaux, CISO, Ramp with product demos from Jeremy Epling, CPO, Vanta. To register for the livestream, visit https://www.vanta.com/webinars/vanta-delivers-live-from-new-york.
About Vanta
Vanta is the leading Agentic Trust Platform, setting the standard for how businesses earn and prove trust as AI reshapes security and compliance. Over 16,000 companies like Snowflake, GitHub, Ramp, Cursor, Golden State Warriors, and Icelandair rely on Vanta to guide, automate, and improve the GRC work that trust is built on.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260602347223/en/
Media gallery
