An in-depth look at Vanta's updates in risk management

Explore Vanta's latest updates in risk management with their introduction of the Agent for Risk and other advanced capabilities.

Vanta has launched the Vanta Agent for Risk, a new offering designed to bring together internal and third-party risk information within a continuously updated platform. It is built on Vanta’s Trust Graph, a unified data framework that includes more than 400 integrations and runs over 1,400 continuous tests.

When integrated with the Trust Graph, the Agent for Risk provides organisations with a consolidated view of controls, vendor relationships, assets, and compliance obligations. This is intended to support faster response and clearer communication for security and Governance, Risk, and Compliance (GRC) teams, enabling earlier identification and management of potential risks.

As organisations increasingly adopt AI and digital tools, the associated risk environment is also changing. According to Vanta’s data, organisations with defined builder roles have a 73% higher rate of AI vendor adoption compared to others. The data also indicates that while around 30% of these vendors are classified as high or critical risk, only about 7% of vendor inventories are actively under review, highlighting a gap in ongoing oversight.

The Vanta Agent for Risk is designed to help identify and connect different risk factors into a unified view. Its capabilities include:

  • Risk to Vendor Mapping: Links vendor-related findings to an internal risk register to support tracking of third-party exposure.
  • Risk to Asset Mapping: Shows how risks relate to specific assets, improving visibility during vendor incidents or control changes.
  • Risk to Control Mapping: Updates risk records when controls change, including those connected to vendor relationships.

Vanta also introduces additional features aimed at supporting risk prioritisation:

  • AI Risk Library: A knowledge base for managing AI tools and practices to support security and compliance work.
  • Factor-Based Inherent Scoring: Assesses risks based on factors such as financial, brand, and operational impact to support prioritisation.

The Third-Party Risk Management (TPRM) Agent update extends third-party monitoring through continuous assessment rather than periodic reviews. Changes in a vendor’s environment can automatically update the system, providing security teams with updated context for response.

The updated risk management features are scheduled to be showcased at the Vanta Delivers event, streamed live from New York on June 3.

An examination of how Atlassian’s Rovo and Teamwork Graph introduce AI-driven automation into...
UK's pragmatic approach to AI automation prioritises pre-built solutions over bespoke development,...
Supermicro expands its AI edge computing solutions with Intel's advanced technologies, aiming to...
One Identity sets new course as an independent entity, focusing on identity governance with its...
The collaboration will focus on building a scalable, cloud-native digital infrastructure to support...
A surge in AI adoption results in increased security concerns across UK and US enterprises, despite...
N-able introduces Shadow AI Visibility to monitor AI tool usage, enhancing organisational security...
Vanquis integrates Freshservice to streamline service operations, marking a development in its...