Force multiply your team and monitor your entire program with Vanta’s AI-powered Trust Management Platform

As your security and compliance program matures, so does your need for visibility and control. Internally, teams need a centralized view—a single place to monitor progress, align on priorities, and collaborate across functions. But during an audit, not everything needs to be shared with your auditor. 

‍

Yet, most GRC tools aren’t built to make that distinction. They force teams to either monitor just the resources in scope for their audit—which limits visibility across their program—or potentially overshare with their auditor, leading to unnecessary complexity.

‍

With today’s edition of Vanta Delivers, we’re releasing new features to supercharge your team and help you bring more of your program into Vanta, while keeping you in control of what happens within your program and what auditors see. With the all-new Vanta AI Agent, adaptive scoping, and new audit and issue management flows, your team can move faster, stay focused, and maintain confidence at every step.

‍

Empower your GRC team with the new Vanta AI Agent

Contextual, accurate, and proactive, the all-new Vanta AI Agent connects every part of your program in Vanta. It guides you through key workflows, spots inconsistencies in your program, and can take action on your behalf. By handling the most tedious, repetitive tasks, the Vanta AI Agent empowers teams to work more efficiently, focus on what matters, and maximize their impact. 

‍

"The Vanta AI Agent complements my team's expertise by filling in knowledge gaps, helping us learn faster, and double-checking critical information—ultimately saving us 12 hours weekly. And in our organization, time is money.”

- Anne Simpson, Head of Privacy, Security, & Compliance, Databook

‍

The Vanta AI Agent can:

‍

• Automate policy onboarding and updates by extracting key policy details and suggesting mappings to relevant controls in Vanta. And when it’s time to update policies, the Agent automatically generates a summary of all changes for easy revision tracking and expedited approvals. 
• Find and fix program inconsistencies by proactively identifying mismatches between the SLAs in your policies and the continuous tests running in Vanta.
• Answer all your policy and program-related questions with a policy chatbot experience that combs through your policies and provides the information you need. You can ask it anything from, “What are the password requirements in our current security policy?” to ”Can you summarize our data retention policy?” Soon, the Agent will be able to take more actions on your behalf—like editing and drafting new policies. 
• Verify uploaded evidence on your behalf by automatically reviewing your documents and checking them against audit requirements, ensuring you have exactly what you need to satisfy auditor requests and avoid costly delays. 

‍

‍

The Vanta AI Agent builds on the foundation of Vanta AI, which already helps GRC teams accelerate security reviews by up to 81 percent, cut vendor review times in half, and instantly generate custom code snippets to remediate failing tests. 

‍

The Vanta AI Agent is in private preview and will be generally available in July. Learn more about the Vanta AI Agent here. 

‍

Adaptive scoping to monitor all of your resources while de-risking audits 

GRC teams want to manage their security program in one Trust Management tool, but they often have to restrict what they bring into that tool so they don’t share unnecessary or sensitive data with auditors. Vanta's adaptive scoping solves this by letting you precisely control what's shared for audits.

‍

You can now define, manage, and adjust the scope of assets and personnel for different frameworks. For example, you might include your entire engineering and support teams in the scope of a SOC 2 audit, but limit the scope of your PCI-DSS audit to only the employees who handle cardholder data.  You have full control over what information is shared with your auditor, regardless of whether additional assets and personnel are in Vanta. This means cleaner audits, less "noise," and fewer follow-ups.

‍

Because you control what's in scope, you can confidently monitor more resources in Vanta—even those not directly part of an audit. Vanta even automatically updates what’s in scope for each framework as your organization grows, keeping everything accurate without constant manual updates. With adaptive scoping, you get continuous, complete visibility over your entire security program, all while staying firmly in control.

‍

‍

“Adaptive scoping reduces the workload for frameworks and simplifies the overall process by giving us a view of only the items that we should be working on. Once a framework is scoped properly, it is ready to use for the next audit, bringing us that much closer to fully automated audits.”

- AJ Westmoreland, Compliance Operations Manager, AffiniPay

‍

Adaptive scoping is available to all customers on the Growth package or above.

‍

Streamline compliance reviews with guided audit flows

It can be tough to manage evidence requests, especially when each auditor comes to the table with their own request list. Vanta's new audit flows change that by creating a connected, intentional experience with information request lists (IRLs) and controlled audit views. 

‍

With information request lists, you can now upload your auditor's evidence requirements directly into Vanta, assign tasks, and track progress all in one place. Vanta automatically maps those requests to your existing controls, saving you time and reducing errors. You’ll also save time chasing down stakeholders for evidence—Vanta automates outreach with custom upload windows, due dates, and reminders to keep everything on track. 

‍

And when it’s time to share information, controlled audit views put you in the driver’s seat so you can share only the necessary population data with your auditor. You protect non-essential or sensitive data while reducing unnecessary follow-up questions that slow down your audit.

‍

‍

“The addition of evidence capture dates is incredibly valuable—I haven’t seen this functionality in other tools. Clients often ask when they should begin providing evidence for requests shared months in advance. In some cases, they can submit it right away, but in others, it’s more appropriate to wait. This feature helps us communicate timing clearly and avoid premature collection.”

- Brett Hayes, Senior Manager, CISSP, CCSK, CISA at Schellman

‍

Controlled audit views will be in preview at the end of June and information request lists will be in alpha at the end of June. 

‍

Track and resolve gaps with issue management

Many teams still rely on spreadsheets to manage security and compliance issues, which slows down resolution and makes accountability difficult.

‍

Vanta’s issue management feature gives you a centralized, purpose-built way to track and resolve issues across your security and compliance programs. You can log findings as they arise, assign owners, and follow a consistent workflow to ensure nothing slips through the cracks.

‍

It’s more than just a to-do list. With issue management, you capture the outcomes that matter—tying each issue to the relevant risks, controls, and policies for a complete picture of your program’s health. Everything is auditable, reportable, and connected so when audit season comes, you’re not scrambling: You have a clear record of what happened, how it was addressed, and who was responsible.

‍

‍

Issue management will be in preview at the end of June and available to all customers in August.

‍

Trust Management that’s built for confidence and control

From agentic workflows to adaptive scoping, Vanta helps you scale your program with precision, not complexity. 

‍

These new capabilities put you in control at every step—defining scope, managing audits, resolving gaps, and proving trust. With Vanta, your Trust Management program won’t just keep up—it will lead.

‍