Governance, risk and compliance…oh my! SmartBrief sat down with Boris Logvinsky, vice president of products at Vanta, at RSAC 2025 to discuss Vanta’s comprehensive trust management solution and how the company leverages AI and automation to streamline compliance processes, reducing time-consuming tasks like security reviews and vendor assessments from hours to minutes.
Vanta has made a name for itself by simplifying security compliance. How does Vanta use automation and AI to streamline companies’ compliance processes?
AI and the advances in large language models in the last couple of years have provided a lot of opportunities. There are a number of workflows and products where Vanta leverages AI on a day-to-day basis. One example is in questionnaire automation and security reviews to determine security posture. Those [questionnaires] traditionally take hours, with companies having to pull from policy documents, from internal documents, with some being up to 300 questions long, if not longer. Vanta’s AI solution can reduce the process from hours to minutes.
Another way Vanta leverages AI is to help on the other side of it: vendor reviews. We’ve applied AI to help our customers be more effective and efficient at finding the real issues and really understanding what risks they’re onboarding when working with a vendor.
The third and fourth areas where we apply AI are managing a GRC program – there’s a really big opportunity in this space – and complying with new AI recognitions.
Please explain your new AI Security Assessment offering.
Vanta’s AI Security Assessment helps companies do two things:
- It helps businesses internally understand the baseline things they should be doing and thinking about. It’s a multitiered framework, so they can understand how far they need to go to be compliant and employ best practices around working with AI themselves.
- On the vendor evaluation side, how do they evaluate vendors who are also leveraging AI? What questions should they ask to ensure that their data is safe and that the vendor is operating properly? This gives them a clear idea of what will be happening with their data, which becomes even more important with training on models.
What are the main challenges and benefits of automating compliance across industries?
Certainly, the benefits of automating compliance are giving time and money back to our customers. When you think about CISOs, security teams and governance compliance teams, I think everybody’s faced with many challenges and everyone wants to do more with less. The threat vectors are growing, so the number of threats that you’re dealing with just continues to increase. I think AI has certainly contributed to that. Deep fakes, spamming and phishing campaigns used to be written poorly, but the sophistication has increased, which means that these teams are more stressed. What they really care about is what the biggest risks are to their business and what the next threat vector is that we should be thinking about. Automating compliance drives value for them, because it takes a process that used to be very manual, the process of ensuring that you’re staying compliant, collecting that evidence and sharing that evidence with the auditor. Vanta has taken a very large portion of that away, which helps companies save a ton of time and be more efficient.
I think the challenges are that the ecosystem is consistently evolving. For businesses, especially in Europe, they continue to see new regulations and annotations coming out, and they have to think about how to comply and what [the changes] mean for their business. Vanta represents a great opportunity because when we automate, we think from the perspective of “automate once and use many times” since there’s a lot of overlap between these different requirements. And so when our customers come to us, they get the benefit of that.
With the advancement of technologies like AI and machine learning, how are companies adapting their security strategies to address emerging threats?
I think that it’s very top of mind. Everyone is thinking, “What do we do with our data? How do we think about it?” Because the risk around AI isn’t just so much around what you are doing, it’s also about what your vendors are doing. So it really comes down to having a really good program around that, which is what Vanta’s AI assessment framework delivers.
How can companies ensure compliance and data protection when working with external partners?
I think that really comes back to running that vendor risk management program and thinking beyond your current security review to thinking about security on a more continuous basis. One question companies should ask: “How do I make sure that I’m monitoring and understanding breaches that have possibly happened or what other things from outside my company could impact my data?” It is not just about the third-party risk, you have to think about fourth-party risk – the whole supply chain becomes part of this effort. Vanta’s vendor risk management product helps businesses understand the issues because our products evaluate all scenarios, whether you’re a buyer or you’re a vendor. It comes down to more effectively sharing the right information and creating the right transparency between organizations so that you can have that trust.
What features has Vanta recently released that address the evolving threat landscape?
There’s a lot happening at Vanta. What we’re talking about with our customers is a unified vision around the trust management platform, which automates 30 security frameworks, including SOC 2 and ISO 27001. We really think about how we can help our customers and the market. You need something that covers your organization end-to-end. It’s a combination of the governance function, the risk tools and the automated compliance tools that are now a must, because compliance manually is just not scalable anymore. A lot of what I’m excited about is our investments in all of those areas, that’s deepening our automation, helping our customers save even more time. We will continue to invest in AI across the entire platform and give customers that end-to-end visibility so they can focus on managing risk and growing their business. Vanta really is focused on helping businesses do both of those things at the same time.
Looking ahead, how do you see the future of security compliance evolving?
I feel like [RSCA] gets bigger every year, which to me tells me that the threats are growing, and that means there’s more need for security and more need for security compliance tools to solve meaningful and foundational problems.
We talked about both the positive sides of what AI can do and what it can enable for our customers. There are also the negative parts of it, where it can be used for attacks. So I think, as an industry, we have to continue to push forward and make sure that we’re helping our customers – protect them, decrease the risk. The way that I see compliance really evolving is in this push towards automation. It’s becoming harder and harder to stay up to date if you’re doing it manually.
One takeaway that I have is that securing clients is getting even more complex, and in that complex world, you need the right tools. AI can help build the right workflows to help customers reach their next level of complexity.