Trust platform company Vanta Inc. today announced new agents and automation features that allow chief information security officers to work how they actually want to with control, focus and a unified view.

The suite of new products address the need to automate and improve governance, risk and compliance or GRC workflows. It includes context-aware agents, enterprise controls to scale and tailor trust programs, and privacy automation that embeds Record of Processing Activities, inventory management and Data Protection Impact Assessments into everyday workflows.

As information technology leaders are deploying agents to fight artificial intelligence-driven cyberattacks, they are also expanding their automation expectations to compliance. Vanta argues that with compliance programs producing a constant flood of signals and noise, CISOs need context-aware agents to flag issues, suggest fixes and help execute remediation.

“We aren’t just helping companies with their audit; we’re helping them build a foundation of trust that scales as they grow,” said Chief Product Officer Jeremy Epling. “By pairing agentic AI with deep enterprise customization, we are embedding 24/7 governance, risk and compliance engineers into every security team, allowing them to shift from constant firefighting to proactive risk management.”

Vanta Agents are a collection of 24/7 GRC engineers that operate across an enterprise’s compliance program, vendor ecosystem and customer trust workflows. The agents coordinate tasks, collect and review evidence, surface material risk and accelerate resolution, all while keeping humans in the loop for final decision-making.

A compliance agent automates the entire evidence lifecycle by using full program awareness to detect policy inconsistencies and provide remediation guidance. A third-party risk management agent streamlines evidence collection with AI-generated risk analyses and summaries. And a customer trust agent uses a self-improving knowledge base to automate inbound security questionnaires by learning from past responses and routing questions to the correct owners.

On the enterprise front, Vanta is introducing new enterprise capabilities that simplify multi-business unit and multi-framework trust programs.

Launching today, new adaptive business unit scoping allows for compliance segmentation by product, region or team within a single workspace, eliminating duplicate controls and improving visibility across the organization. A complementary new Vanta control framework standardizes and reuses controls across frameworks to reduce redundancy and custom information request lists map auditor requests to the right evidence, saving weeks of manual coordination.

Vanta also today launched new privacy automation features that integrate data governance directly into the broader compliance environment and eliminate the need for fragmented, parallel systems. Sensitive data flows and high-risk activities are continuously linked to their relevant controls by centralizing records of processing management, data inventories and data protection impact assessments.

The new releases are making their debut at the company’s quarterly Vanta Delivers virtual launch event today. Vanta will also showcase the new releases at the annual RSAC conference in San Francisco March 23-26.

Image: Vanta