Helping businesses earn and prove trust: Announcing Vanta’s $150 million Series D

Member Announcements
Written By Katrina Angelika

Vanta has raised a $150M Series D and is now valued at $4.15 billion.

Financing mile markers are exciting validation of what we’re building and also serve as a rare moment to reflect on the company and hone in more sharply on our mission.

Vanta’s mission is to help businesses earn and prove trust.

We believe trust is the critical ingredient to growth. Vanta transforms trust—its inputs and its outputs—from a blocker into a growth accelerator and helps over 12,000 companies scale security and GRC the way they scale software.

How it started: Compliance for builders

You’ve probably heard the line, “Nobody gets fired for buying IBM.” It’s a shorthand for how risk-averse most companies are when it comes to picking new tools and vendors.

We founded Vanta because we saw every company’s growth stifled by this attitude, and we believed that if we made it easier and faster to earn and prove trust between businesses, everyone would do better. Companies of all sizes would be more secure, data would be better protected, and people could tackle hard problems faster. 

We began by selling to startups because they have the most to gain from building trust and the fewest resources to earn it. 

Our first product has helped thousands of startups automate burdensome compliance requirements—starting with SOC 2—so they can compete in larger deals on the merits of their product. By doing so, we’ve helped ambitious companies find product-market fit faster and make their dent in the universe.

Vanta’s compliance automation has made SOC 2 easier to achieve and more universally accepted, and now SOC 2 is the baseline security expectation in B2B. We’re proud of our customers for doing more to start and grow their security programs.

We’ve continued innovating to help companies not only get compliant faster, but also set a strong security foundation from day one. Just this year we’ve shipped:

  • Compliance Roadmap to help builders understand what’s expected—and what’s next—as they work toward SOC 2 or ISO 27001

  • Policy Builder to generate audit-ready policies in minutes, not weeks

  • Vendor Discovery to surface unknown tools and continuously monitor growing vendor footprints‍

All of this helps fast-moving startups like Clay save time and money—while earning trust faster and unlocking more revenue opportunities.

“Vanta has saved us hundreds of hours and well over six figures in potential lost deals or added headcount. Vanta keeps security and compliance manageable, even for a fast-growing team like ours. There’s no better way to operationalize trust.”

- Everett Berry, GTM Engineering at Clay

How it’s going: From point in time compliance to continuous trust 

SOC 2 automation was our first move, but it was never our end game. ‍

After launching our first product, we heard repeatedly from the startups we served—and the scale-ups that were now turning to Vanta—that their customers have a growing set of security expectations beyond the standard compliance reports and certifications. They weren’t satisfied to know how things were during the audit nine months ago. They wanted to see the status of your security and compliance processes today. And they knew that company processes could change anytime, not just at audit time.

To meet this need, we expanded from automating evidence collection for compliance audits to monitoring and enforcing continuous, zero-touch verification for not only traditional compliance controls, but also a growing universe of security controls, including custom controls rooted in a specific company’s strategy and technology.

We answered customers’ demands for greater proof of trust by building Trust Centers as well as products for vendor risk management, access reviews, and risk management over the last few years. These products help shift security reviews from static, point-in-time checks to continuous, automated verification, giving teams real confidence in their trust posture—every day. 

As larger and larger companies have become Vanta customers, their GRC, CISO, and IT teams keep showing us more places they spend far too much time gathering evidence to demonstrate trust, which takes time away from their core responsibilities of earning that trust.

At their disposal are security questionnaires, endless spreadsheets, and GRC tools that do little more than organize screenshots. Yet security teams are expected to do more customer-facing, trust-building work each year while protecting the business against an evolving (and AI-fueled) threat landscape.

Vanta is now critical infrastructure in building and proving business-to-business trust:

  • 200M+ assets continuously monitored —from laptops to servers to employees—for

  • always-on security and compliance

  • 1.5M employees and 33,000 vendors managed to reduce access risk and secure third-party relationships—without the review fatigue

  • 1.7B vulnerabilities remediated within SLA, keeping customers ahead of audits and

  • security expectations

  • 10M Trust Center views—each one a potential purchase made faster with automated, self-serve security reviews

This is changing how leading businesses like Snowflake, Icelandair, Intercom, Mistral AI, and Omni Hotels build and prove trust. With Vanta:

  • Duolingo saves 12 hours per week and hundreds of thousands of dollars with AI-powered VRM

  • Atlassian enables 400+ partners to showcase trust via achieving compliance milestones and Trust Centers 

  • Ramp eliminated spreadsheets by mapping custom controls into continuously monitored frameworks

  • Writer completes vendor reviews and access audits in under 20 minutes instead of multiple hours with Vanta AI

  • Cursor gains real-time visibility into their security posture to confidently maintain compliance as they scale

Looking to the back half of the chessboard: AI-driven trust

When we founded Vanta in 2018, we wanted to launch a tool for automating security questionnaires, which are non-standardized, long, and therefore incredibly manual and taxing to fill out. But at the time, we couldn’t build a tool to reliably generate AI answers to so many one-off questions. Now with the LLM boom, we can—and we have

Today, Vanta AI can automatically draft more than 80% of your questionnaire responses, and our AI-generated answers are accepted 95% of the time, so you can complete security reviews 81% faster. 

This year, we also launched the Vanta AI Agent, your friendly robot GRC engineer that helps with everything from onboarding and updating policies to spotting inconsistencies and verifying audit evidence. You can ask the agent questions like, “What’s our password policy?” and “Does it match our password configuration in AWS?” and get instant, accurate answers. Anne Simpson at Databook says it’s already giving her team back 12 hours a week.

These launches address real pain points faced by security professionals and help GRC teams achieve greater impact with less time and effort—exactly what we’d all hoped AI-powered products could do. 

But this is just the beginning.

There’s a story in Erik Brynjolfsson’s and Andrew McAfee’s Race Against the Machine about a king who pays an inventor with grains of rice, doubling the amount on each square of a chessboard: 1 on the first, 2 on the second, 4 on the third, and so on. The point of the story is: while the pattern is evident at the start, the king only realizes the impact of what he’s agreed to (264 grains of rice will bankrupt the kingdom!) once he reaches the back half of the chessboard.

We’re just now starting to see the impact that AI will have on how organizations build, prove, and manage trust. In the not-so-distant future, Vanta will:

  • Make zero-touch security reviews a reality through the combined power of Questionnaire Automation, Trust Centers, and Vendor Risk Management— so buyers get the answers they need, backed with real-time data, before they even ask.

  • Remediate issues via natural language. Ask the Vanta AI Agent to “Update our SLA from 24 to 12 hours,” and it will rewrite your policies, assign owners, and begin collecting evidence.

  • Map contract commitments to controls, automatically extracting promises made in customer agreements and linking them to live, monitored systems to help security teams explain their work in terms executives understand.

This new funding lets us accelerate into the back half of the chessboard, helping customers save time, earn and prove trust faster, and continuously strengthen their security posture.

A heartfelt thank you

To our customers and partners, thank you for teaching us what’s most important to you. The greatest gift a builder can receive is feedback—good, bad, and ugly—from people who care enough to give it. We are lucky at Vanta to work alongside fantastic customers and partners as we build a future where trust scales with technology.

To Vanta’ns globally, past and present: thank you for trusting us with your time and careers. By helping businesses earn and prove trust, you’ve helped us make the internet more secure. I’m excited to continue on our mission by putting customers first, winning as one, biasing for action, leading with resilience, deciding with frameworks, and doing what it says with a tin. And I hope we’ll keep doing it all with a wink. If you’re interested in joining us, check out our open roles.

Written by

Christina Cacioppo

CEO & Founder

Katrina Angelika
Previous

Firm screen scraping deadline demanded, as fintechs call for certainty on CDR
Next

Member Spotlight — DoxAI Accelerates Global Expansion and Product Innovation to Meet Soaring Demand for AI-Driven Workflow Optimisation