Vanta 2025 in review
BlogCompany news
January 12, 2026

Vanta 2025: Looking back, looking ahead

Written by
Vanta
Reviewed by
No items found.

Accelerating security solutions for small businesses 

Tagore offers strategic services to small businesses. 

A partnership that can scale 

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Reflecting on 2025, the word we keep returning to is trust. We talk about it a lot at Vanta because it's the foundation our customers operate on.

Last year, that felt more true than ever. The bar for trust keeps rising. Regulations intensified. Threats evolved faster. Customers and investors asked harder questions. And in an era defined by AI, trust is no longer a checkpoint—it’s a continuous system that has to work every day.

That’s the mission that drives us. We want to help you earn and prove trust. Trustworthy companies move faster. They unlock growth sooner. And they spend more of their time building what they actually meant to build in the first place.

Here’s what earning and proving trust looked like for our customers and us in 2025—and what’s coming next.

What we built

The headline for us last year was the launch of our Agentic Trust Platform.

It’s the natural evolution of everything we’ve built so far. Vanta started with automated compliance, helping companies pass audits faster. That grew into trust management, connecting controls, people, vendors, and assets so customers can stay secure as they scale.

Now, the Agentic Trust Platform brings compliance, risk, and proof into one connected system, powered by intelligence and automation, that understands your security posture and helps you improve it continuously.

A major part of this evolution is the Vanta AI Agent: a context-aware, always-on partner that helps draft policies, collect evidence, answer questionnaires, and streamline reviews. With the introduction of AI Agent 2.0 in November, the Agent now has deeper program awareness, personalized recommendations, and end-to-end workflow orchestration to keep your entire trust program in sync without manual effort.

Customers felt the impact immediately:

“The Vanta AI Agent complements my team's expertise by filling in knowledge gaps, helping us learn faster, and double-checking critical information—ultimately saving us 12 hours weekly.”

—Anne Simpson, Head of Privacy, Security, and Compliance, IT, Databook

Trust today also extends far beyond internal controls, which is why we invested deeply in our risk foundation. Our acquisition of Riskey gave customers something they had been asking for: ongoing, real-time vendor monitoring instead of static, point-in-time reviews. Now, teams can see emerging vulnerabilities, leaked credentials, misconfigurations, and breach activity as it unfolds—not months later.

At VantaCon, we also introduced the Vanta Risk Graph. Instead of treating risks in isolation, Vanta Risk Graph connects signals across people, vendors, systems, assets, and controls, helping teams understand how issues relate, where they originate, and what to do next.

Early design partners have told us how transformative this connected visibility will be:

“A single, connected view of where internal and external risks intersect will help us prioritize and respond even faster.”

—Heidi Pili, GRC leader at ShipBob 

For enterprises operating across multiple business units, we launched Organizations Center—giving leaders one intelligent system of record for scoping, frameworks, and audits, while still keeping environments separated where needed.

And with Customer Commitments, teams can finally track and uphold every contractual promise they make (including breach notifications, SLAs, subprocessor updates, and more) with automated workflows so nothing slips through the cracks. As one customer said at VantaCon: It turns compliance obligations into operational clarity and customer trust.

Running Vanta on Vanta

We continue to run our entire security and compliance program in Vanta. This year, our internal security team completed another SOC 2 Type II audit, and we did the entire process inside the platform: evidence prep, auditor collaboration, and reviews.

Our auditor, Schellman, used our Information Request List portal to outline exactly what they needed, and Vanta handled the rest—automatically collecting evidence, routing reviews, and flagging anything that needed attention, all in one place. The result? Only two clarifying meetings for the entire audit—a huge time savings and proof that streamlined workflows make a big impact. 

Using our own product keeps us honest, too. Our security team partnered closely with product, engineering, and design to surface every friction point we encountered and turn those insights into improvements. Many of the workflows our customers use today were shaped directly by those lived experiences.

Internally, the numbers tell a similar story. We monitor nearly 1,000 controls with 912 automated tests across 10 frameworks, track more than 1,000 people and assets, and manage 267 vendors, all within Vanta. We were proud to achieve FedRAMP 2.0 Low Authorization and become one of the first companies to earn ISO 42001 certification for AI management systems. We also launched our AI Security Assessment to help companies measure and improve their own AI security posture.

Our customers 

We grew to more than 14,000 customers across 102 countries, from fast-growing startups like Clay and Harvey to global enterprises like Snowflake. Each one pushed us to think differently about what trust needs to look like at different stages and different scales.

We saw founders using Vanta to unlock new markets and stand up enterprise-ready security and compliance programs long before they had full security teams. We saw mid-market companies scaling their frameworks globally. And we saw large enterprises streamline the complexity that comes with thousands of employees, dozens of business units, and hundreds of vendors.

A few moments stood out:

  • Ramp showed what automation looks like when you're growing fast, as they replaced spreadsheets with systems that actually scale with the business
  • Anthropic both builds AI and uses it to run their program as they streamline policies, triage risks, and tackle massive questionnaires
  • The Golden State Warriors reminded us that trust is their homecourt advantage, and how they keep fans coming back

We’re honored to be part of those moments, and we’re grateful for every customer who shared feedback, pushed us, or partnered with us to shape Vanta this year.

Building community, not just software

One of the best parts of 2025 was connecting with so many of you, especially in person. These conversations about what’s working, what’s breaking, and what you care about shape our roadmap. 

We want to hear from you, so we did our best to show up where you were. We hosted thousands at 21 customer events across nine different cities on three continents. We also hosted get-togethers at major industry events like SXSW Sydney, Sifted London, RSAC, and Black Hat. 

And because meaningful conversations don’t only happen at events, we expanded our global footprint with new offices in London and Sydney, so our teams can be even closer to the challenges and regulations our customers face locally.

To keep the conversations going, we’ll take VantaCon on the road in 2026. This year, we’ll see you in New York, Berlin, London, and Sydney so we can continue the conversations and further build the trust community.

We’re in this for the long haul 

In 2025, we raised a $150M Series D at a $4.15B valuation. This investment allows us to go deeper on the things that matter most: AI, platform depth, and the overall customer experience of running your trust program in Vanta.

We were humbled by the recognition that followed—from making the Forbes Cloud 100 for the third consecutive year, to being named a Leader in the IDC GRC Marketscape, to continuing as the #1 rated GRC product on G2. These moments aren’t the goal, but they reaffirm that the work matters.

And the work is only getting more important. Security is becoming more complex, not less. Companies are becoming more interconnected, not less. The attack surface keeps expanding, and customer expectations keep rising.

So in 2026, our focus is straightforward: Make trust easier to manage day to day, and easier to prove when it matters. That means more connected tools, less manual work, and systems that keep up as your company changes—without requiring big budgets or headcount. 

Thank you

Last year reminds us how much trust is earned in small moments. A faster questionnaire turnaround. A clearer risk report. A vendor issue caught early. A customer saying, “This saved us a week.”

Thank you to everyone who shared feedback, challenged us, partnered with us, or tried something new we released this year. We don’t take your trust for granted, and your feedback and care drive us to keep building.

If you’re ready to see how Vanta works for your team, request a demo.

Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail
Logo of incident.io
Incident.io
Logo of Lumos
Lumos
Icepanel logo on a white background.
IcePanel
Epsilon Logo
Epsilon3
The logo for supabase.
Supabase
EasyLLama Logo
EasyLlama
Qualifi Logo
Qualifi
Logo of toku
Toku
FEATURED VANTA RESOURCE

The ultimate guide to scaling your compliance program

Learn how to scale, manage, and optimize alongside your business goals.

DOWNLOAD FOR FREE

Table of contents

No titles!

Share this article

Share this article

Related Resources

Company news
Events

Founder to Founder: The Guide to Building a Breakout Startup in the AI Age

Watch our conversation with Christina Cacioppo (CEO and Co-founder of Vanta) and Mario Gabriele (CEO and Founder of The Generalist) on what it really takes to build a breakout startup, with sharp insights and strategies for staying ahead in a market that’s shifting faster than ever.

Two logos with the words vanta and tw collision.
Company news
Blog

Vanta to attend three international conferences in June 2022

In June 2022, Vanta will attend three of the biggest tech conferences across the globe. Join us in Dublin, Amsterdam, and Toronto.

Building to $10k in arr before taking a series before a.
Company news
Events

Building to $10MM in ARR (before taking a series A)

CEO Christina Cacioppo shares 5 lessons from Vanta’s journey of achieving hyper-growth without a huge cash surplus.

Product updates
Blog

What's New in Vanta 7.30.21

New Tests Dashboard, new Vanta security awareness training (SAT), more automated security tests, & new HR integrations.

Related Resources

What is Vanta? | Vanta
Company news
Blog
What is Vanta?

With automated compliance, unified risk management, real-time proof, and an AI Agent that takes action, teams stay audit-ready and move faster.

Wiz names Vanta among its most popular integrations | Vanta
Company news
Blog
Wiz names Vanta among its most popular integrations

Vanta is recognized across four categories including most popular integration.

The Vanta 25 to Trust: Nominations are open
Company news
Blog
The Vanta 25 to Trust: Nominations are now open for 2026

The Vanta 25 to Trust: Nominations are open for 2026.

New in Vanta | February 2026
Company news
Blog
New in Vanta | February 2026

Vanta’s latest releases give teams more control over audits, automated TPRM evidence collection, and more.

New in Vanta | January 2026
Company news
Blog
New in Vanta | January 2026

Automated offboarding, smarter questionnaire automation, faster vendor reviews, and Vendor AI Answers—now generally available.

Company news
Blog
Trust at enterprise scale: Introducing Vanta’s Agentic Trust Platform

Vanta’s Agentic Trust Platform unifies risk and compliance into a single intelligent system so companies can prove trust continuously.

Company news
Blog
Introducing proactive, AI-powered risk management that breaks the cycle of reactive risk

Unify risk management with Vanta’s AI-powered Trust Management Platform—automate workflows, monitor vendors in real time, and act on risks before they impact your business.

Company news
Blog
Lessons learned from Vanta’s FedRAMP® 20x pilot program

A behind-the-scenes look at how Vanta navigated the FedRAMP 20x pilot.

Company news
Blog
Helping businesses earn and prove trust: Announcing Vanta’s $150 million Series D

Vanta’s mission is to help businesses earn and prove trust. Today we’re excited to announce we’ve raised a $150M Series D to continue building the future of trust.

Company news
Blog
Supercharging Vendor Risk Management: Vanta acquires Riskey

We're excited to announce that Vanta has acquired Riskey to improve security reviews from point-in-time snapshots to continuous, AI-powered assessments.

Vanta has been named as a Leader in the IDC MarketScape: Worldwide Governance, Risk, and Compliance Software 2025 Vendor Assessment.
Company news
Blog
Vanta is a Leader in the IDC MarketScape: Worldwide Governance, Risk, and Compliance Software Vendor Assessment, 2025

The IDC MarketScape assesses the competitive landscape, analyzing qualitative and quantitative criteria to evaluate GRC vendors.

Company news
Blog
Introducing Vanta Trust Maturity Report: Benchmark your security maturity against 11,000+ programs

We’re excited to release our first-ever Vanta Trust Maturity Report to help you benchmark your security maturity.

Get compliant and build trust—fast

Request a demo
G2 Badge Winter 2026 LeaderG2 Badge Winter 2026 Enterprise LeaderG2 Badge Milestone 'Users Love Us'