An in-depth look at Vanta's updates in risk management

Vanta has launched the Vanta Agent for Risk, a new offering designed to bring together internal and third-party risk information within a continuously updated platform. It is built on Vanta’s Trust Graph, a unified data framework that includes more than 400 integrations and runs over 1,400 continuous tests.

When integrated with the Trust Graph, the Agent for Risk provides organisations with a consolidated view of controls, vendor relationships, assets, and compliance obligations. This is intended to support faster response and clearer communication for security and Governance, Risk, and Compliance (GRC) teams, enabling earlier identification and management of potential risks.

As organisations increasingly adopt AI and digital tools, the associated risk environment is also changing. According to Vanta’s data, organisations with defined builder roles have a 73% higher rate of AI vendor adoption compared to others. The data also indicates that while around 30% of these vendors are classified as high or critical risk, only about 7% of vendor inventories are actively under review, highlighting a gap in ongoing oversight.

The Vanta Agent for Risk is designed to help identify and connect different risk factors into a unified view. Its capabilities include:

• Risk to Vendor Mapping: Links vendor-related findings to an internal risk register to support tracking of third-party exposure.
• Risk to Asset Mapping: Shows how risks relate to specific assets, improving visibility during vendor incidents or control changes.
• Risk to Control Mapping: Updates risk records when controls change, including those connected to vendor relationships.

Vanta also introduces additional features aimed at supporting risk prioritisation:

• AI Risk Library: A knowledge base for managing AI tools and practices to support security and compliance work.
• Factor-Based Inherent Scoring: Assesses risks based on factors such as financial, brand, and operational impact to support prioritisation.

The Third-Party Risk Management (TPRM) Agent update extends third-party monitoring through continuous assessment rather than periodic reviews. Changes in a vendor’s environment can automatically update the system, providing security teams with updated context for response.

The updated risk management features are scheduled to be showcased at the Vanta Delivers event, streamed live from New York on June 3.