3rd Party Risk Management
,
Governance & Risk Management
,
Risk Assessments
HyperComply’s AI Automation Reduces Vendor RFP Questionnaire Work by 92%

SecurityScorecard purchased a Canadian startup to eliminate repetitive manual work for vendors by automating security questionnaires and RFP responses using artificial intelligence.
See Also: Merging Without Mayhem: PAM Strategies that Work
The New York-based risk ratings stalwart said its acquisition of Toronto-based HyperComply will help SecurityScorecard support not only assessors but also the vendors being assessed, said co-founder and CEO Aleksandr Yampolskiy. He said HyperComply’s technology is a best-in-class solution capable of automating over 92% of questionnaire responses and drastically reducing response times.
“What we really liked about HyperComply’s technology and the company is that it completes the picture,” Yampolskiy told Information Security Media Group. “It gives you this 360 experience, where now we can also offer technology to the vendors, to suppliers. So using the HyperComply technology, we can help them use AI to fill out these questionnaires and RFPs and avoid the manual work.”
HyperComply, founded in 2019, employs between 20 and 30 people and raised $6.4 million in a September 2022 seed round led by FirstMark Capital and Golden Ventures. The company has been led since inception by Amar Chahal, who previously spent six years at remote selling vendor Vidyard (see: Bitsight, SecurityScorecard, Panorays Lead Risk Ratings Tech).
Why Third-Party Security Assessments Remain a Vexing Problem
While SecurityScorecard has long been known for helping assess and rate third-party security risks, it lacked tools to help vendors being assessed manage their own side of the security assurance process. He said HyperComply automates the process of completing repetitive and slightly varied questionnaires, a pain point that had persisted in the vendor space despite advancements on the buyer side.
“I met the two founders, Amar and Cody [Wright, CTO], just kind of happened serendipitously, and I was really excited by their vision, by their passion,” Yampolskiy said. “We thought that we shared a lot of cultural characteristics together, including the bias for action, empathy and obsession with customers, and the desire to eliminate and kill questionnaires so that you don’t have this manual paperwork.”
Despite industry-wide attempts to standardize security assessments, vendors are still inundated with slightly different questionnaires from each client, even though much of the content overlaps. HyperComply’s AI automation platform tackles this issue head-on by enabling companies to answer over 92% of questionnaire items with pre-validated content, reducing the time spent from days to minutes.
“The scale and manual work elimination translates into millions in operational savings,” Yampolskiy said. “It actually helps companies make more money because a lot of the time, these RFPs and questionnaires, they’re the last bottleneck for companies to get a business deal done.”
SecurityScorecard’s goal is to enable organizations not just to identify vendor risk, but to collaborate with vendors on remediating that risk before incidents occur, Yampolskiy said. The concept is modeled on the idea of extended detection and response, which companies like CrowdStrike applied to internal environments. He said SecurityScorecard is extending that model to the third parties and supply chains.
“We shifted and expanded into supply chain detection and response, where you don’t just detect the risks, but you proactively collaborate and communicate with your supply chain to mitigate them,” Yampolskiy said. “We’re giving these CISOs the tools to operate with their supply chain before the boom and not after the boom.”
What Sets HyperComply’s Take on Compliance Automation Apart
While there are other companies working on compliance automation, few have achieved the level of accuracy or scale of HyperComply, which combines AI automation with human-in-the-loop verification to ensure speed and accuracy. Most compliance automation tools are isolated from real-world security telemetry, but SecurityScorecard can use its massive dataset to improve and validate AI outputs.
“This positions SecurityScorecard as the only company delivering supply chain detection and response by combining continuous ratings with AI-driven compliance automation,” Yampolskiy said. “Our competitors still rely on static and manual approaches, whereas ours is continuous, automated and global.”
Despite the emergence of other vendors in the compliance automation space, Yampolskiy asserted that HyperComply stands alone in terms of accuracy and real-world effectiveness. Many competitors offer automation, Yampolskiy said, but often without access to the depth of threat intelligence and real-world data that SecurityScorecard possesses.
“Two plus two equals five between SecurityScorecard and HyperComply because we have 10 years of history that we accumulated, and that gives us a lot of possibility to use the data that we collected and further improve the AI technology,” Yampolskiy said.
HyperComply will be sold both as a standalone solution and as part of SecurityScorecard’s broad supply chain risk management platform since some organizations may want to use it purely as a questionnaire automation tool, while others will benefit from full integration into SecurityScorecard’s detection and response workflows. Average deal sizes start around $40,000, but could go into the hundreds of thousands.
“Like SecurityScorecard, it could be very affordable,” Yampolskiy said. “It’s based on just how many questionnaires you want to assess.”