Agentic AI
,
Artificial Intelligence & Machine Learning
,
Governance & Risk Management
Series D Raise Targets Security Automation, Trust Centers and Zero-Touch Reviews
A trust management platform led by a former Dropbox product head raised $150 million to expand into third-party risk, government compliance and vendor risk management.
See Also: AI vs. AI: Leveling the Defense Playing Field
San Francisco-based Vanta said the Series D funding round will help businesses earn and prove trust through continuous, AI-powered security infrastructure. The Wellington Management-led investment values Vanta at $4.15 billion, up more than 69% from the $2.45 billion valuation the company received in conjunction with its $150 million Sequoia Capital-led Series C funding round just a year ago.
“We believe trust is the critical ingredient to growth,” Vanta co-founder and CEO Christina Cacioppo wrote in a blog post. “Vanta transforms trust – its inputs and its outputs – from a blocker into a growth accelerator and helps over 12,000 companies scale security and GRC the way they scale software.”
Vanta, founded in 2018, employs more than 1,100 people and has raised $504 million since 2021. The company has been led since inception by Christina Cacioppo, who has a bachelors and masters from Stanford and spent nearly two years as the product lead for Dropbox Paper before starting Vanta (see: Cyera Gets $300M at $1.4B Valuation to Fuel Safe AI Adoption).
From SOC 2 Compliance to Continuous Trust Validation
Vanta’s initial focus was on helping startups automate SOC 2 compliance, and has since expanded from point-in-time certifications to a dynamic, always-on model of trust validation, Cacioppo said. By giving startups the tools to build credible, audit-ready security programs from day one, Cacioppo said Vanta leveled the playing field.
“We believed that if we made it easier and faster to earn and prove trust between businesses, everyone would do better,” Cacioppo wrote in the blog post. “Companies of all sizes would be more secure, data would be better protected and people could tackle hard problems faster.”
Modern security expectations demand a state of continuous verification in which trust is proven not at audit time, but all the time, she said. The Trust Centers product embodies this shift by giving customers and partners a live view of an organization’s security posture, eliminating the opacity of static reports. Customers want confidence not in how secure a company was last year, but in how secure it is today.
“We expanded from automating evidence collection for compliance audits to monitoring and enforcing continuous, zero-touch verification for not only traditional compliance controls, but also a growing universe of security controls, including custom controls rooted in a specific company’s strategy and technology,” Cacioppo wrote in the blog post.
Cacioppo said Vanta’s new AI Agent acts as an intelligent assistant that helps teams navigate compliance workflows, answer policy-related questions and even surface misalignments between documented policies and real-world configurations. It can answer nuanced, cross-system questions instantly such as whether an organization’s password policy actually aligns with system configurations in AWS, she said.
“These launches address real pain points faced by security professionals and help GRC teams achieve greater impact with less time and effort – exactly what we’d all hoped AI-powered products could do,” Cacioppo wrote in the blog post.
What’s on the Horizon for Vanta
Vanta’s deep feedback loop has led to dozens of feature launches that target real operational pain, from auto-generating audit-ready policies to mapping control frameworks that replace spreadsheets, Cacioppo said. By delivering automation that is both intelligent and context-aware, she said Vanta has become critical infrastructure for thousands of customers and not just a software vendor.
“Vanta has saved us hundreds of hours and well over six figures in potential lost deals or added headcount,” Everett Berry, GTM engineering at Clay, wrote in the Vanta blog post. “Vanta keeps security and compliance manageable, even for a fast-growing team like ours. There’s no better way to operationalize trust.”
As Vanta matures, its focus shifted toward highly regulated sectors and large enterprises with complex compliance requirements. With the introduction of support for frameworks including FedRAMP, NIST 800-53 and CMMC, Vanta is staking a claim in government and defense-adjacent markets. These are difficult sectors to enter because of the stringent controls and long sales cycles, but ones that need what Vanta has built.
“With this new funding, we’ll accelerate Vanta’s AI innovation and expansion into new areas like third-party risk and government compliance – solving more of the real, day-to-day challenges our customers face,” Cacioppo said in a statement.
Vanta’s road map includes AI agents that remediate security issues based on natural language prompts, automatically map contract commitments to controls, and link customer promises right to live systems. Cacioppo said Vanta aims to make compliance and security activities self-validating, explainable and continuously verifiable to help reframe security as a strategic enabler rather than a reactive burden.
“We’re just now starting to see the impact that AI will have on how organizations build, prove and manage trust,” Cacioppo said. “In the not-so-distant future, Vanta will make zero-touch security reviews a reality through the combined power of Questionnaire Automation, Trust Centers and Vendor Risk Management – so buyers get the answers they need, backed with real-time data, before they even ask.”