New in Vanta | December 2025

This past month, the Vanta team launched new features to help you: 

‍

• Generate and edit policies in seconds with the Vanta AI Agent 
• Give each team a structured space to manage risk with multiple risk registers
• Create data inventories and easily manage ROPAs
• Capture information with vendor intake forms to accelerate assessments
• Get answers to security and compliance questions in Slack 
• Unlock greater visibility and deeper automation with new and enhanced integrations

‍

Generate and edit policies in seconds with the Vanta AI Agent 

Creating tailored policies has traditionally demanded significant time and specialized expertise. Even with templates, teams often had to research requirements, interpret frameworks, and manually customize each document. Now, the Vanta AI Agent does that work for you. Simply ask the agent to draft a policy, and it produces a complete, editable, audit-ready document in seconds, all built on your company’s information and aligned to specific frameworks. Each policy draws from Vanta’s best-in-class expertise, informed by insights from more than 20,000 audits and 14,000 customers.

‍

The agent also updates and refines policies with simple prompts. Customers can ask, “Can you resolve this contradiction?” or “Please update this policy to include X.” The agent will propose precise edits for review and then apply the final changes to one policy or cascade edits across multiple policies in your program.

Policy generation and editing is available to all customers. Learn more about the agent here. 

‍

‍

Give each team a structured space to manage risk with multiple risk registers

As organizations expand, risk management often becomes fragmented—each function tracks risks in its own spreadsheets or tools, using different definitions and levels of rigor. This makes ownership unclear, reporting reactive, and leadership visibility inconsistent. Multiple risk registers in Vanta solve this by giving every team its own structured space to manage the risks they know best, while Vanta applies a consistent scoring model and framework across all registers. Legal can focus on regulatory obligations, IT on vulnerabilities, finance on exposures, and HR on people-related risks without sacrificing standardization or a unified view of risk. This brings clarity, accountability, and proactive oversight to even the most distributed programs, ensuring risks are tracked and governed the way your business actually operates.

‍

Multiple risk registers is now available and included as part of Vanta’s Enterprise Risk Management offering. Learn more here. 

‍

‍

Create data inventories and easily manage ROPAs

Organizations today struggle to understand what data they hold, where it lives, and how it’s being used. Yet, regulators increasingly expect complete, accurate, and always-up-to-date documentation. Manual spreadsheets can’t keep pace with the complexity or change, leaving privacy teams overwhelmed and exposed. Vanta is launching a new way for privacy teams to keep inventories of their internal data and their processing activities, streamlining the complex and often manual process of identifying data within an organization, and creating and maintaining their record of processing activities (ROPAs).

‍

By leveraging the data that organizations have in Vanta already, teams can more easily develop data inventories that track the personal data in their business. They can create, export, and share ROPAs for compliance and regulatory reviews, all within the Vanta platform. This empowers privacy teams and compliance officers to significantly reduce effort, improve accuracy, and ensure adherence to global privacy regulations like GDPR and CCPA.

‍

Data inventory is now available for customers with a privacy framework (GDPR, USDP, CCPA, ISO 27701, ISO 27018). Learn more here. 

‍

‍

Capture information with vendor intake forms to accelerate assessments

Vendor assessments often begin the moment a business unit identifies a need and requests a new vendor. However, security teams rarely receive the critical context they need up front, like how the vendor will be used or what data it will handle. Without it, assessments stall, workflows become inconsistent, and the business feels unnecessary friction. 

‍

Vanta’s new vendor intake form offers guided, customizable workflows that capture the right vendor information up front to accelerate every assessment. It automatically classifies inherent risk so teams can prioritize with confidence, and gives employees a simple self-serve way to request new vendors without relying on procurement tools or engineering work. It’s a streamlined, scalable intake experience that strengthens the process, eliminates delays, and keeps everyone on the same page.

‍

The vendor intake form is available with the TPRM add-on. Learn more about third-party risk management here. 

‍

‍

Get answers to security and compliance questions in Slack 

Employees across an organization often have quick, ad-hoc questions about security and compliance, whether they’re responding to customers and prospects or seeking clarity on internal policies for their own work. For example: “Can I use my personal laptop for work?” or “What’s the policy for taking my laptop abroad?” Today, these questions surface in scattered, unstructured ways, whether it be in Slack threads, emails, or ticketing systems. This creates delays in getting accurate answers, forces SMEs to repeat the same guidance, reduces visibility into common questions, and introduces risk when employees rely on outdated information.

‍

We’ve expanded our Slack integration to solve this. Employees can now ask one-off security and compliance questions directly in Slack, and the feature automatically pulls answers from the organization’s knowledge base in Vanta. This ensures responses are accurate, consistent, and aligned to company-approved information, reducing the risk of sharing outdated information while improving efficiency for both internal employees and GRC teams alike. 

‍

This feature is now in preview and will be available to all Questionnaire Automation customers in January. Learn more here. 

‍

‍

Unlock greater visibility and deeper automation with new and enhanced integrations

Vanta has added many new integrations to the platform, and has made significant enhancements to existing integrations, all in an effort to deliver more automation and time savings to customers. Five new HRIS integrations sync account data and support automated onboarding and offboarding workflows, to simplify access reviews and support compliance requirements—7 Shifts, CyberArk, ISolved, Kenjo, and Square Payroll are now supported. In addition, Vanta has introduced 12 new user access integrations to centralize visibility into sensitive account access. Capsule, CATS, Clockwork Recruiting, Close, Copper, Insightly, Comeet, JobAdder, Jobvite, SmartRecruiters, Teamtailor, and Breezy are now supported.

‍

Vanta has delivered significant enhancements to existing integrations, unlocking greater visibility and deeper automation:

‍

• AWS Bedrock support: Vanta has added support for AWS Bedrock as a resource, pulling AI models in use into the platform for visibility. This adds a new tab on the Assets > Inventory page in Vanta showing the model(s) in use, detection and last use dates, total uses over the last 90 days, and more.
• Simplified connection flows for GCP and Microsoft Azure: Vanta has streamlined the connection setup process for GCP and Azure by adding clear guidance and recommended paths, and pre-built scripts to generate required policies and roles.

‍

These integrations are available to all Vanta customers. 

‍

Explore all our integrations or tell us about others you’d like to see.

‍

Try it for yourself!

Log in to your Vanta account to try out these new features today. If you’re not a Vanta customer and want to learn more, request a demo.

As always, we welcome your feedback. Let us know what you think by reaching out to your Customer Success Manager and stay in the loop on Vanta news on LinkedIn.

‍