Vanta is a cybersecurity and compliance software company developing software that helps businesses manage security reviews, compliance checks, risk monitoring, audit preparation, and governance operations through automated systems. Christina Cacioppo and Erik Goldman, co-founders, created the business after recognizing how much time companies spent handling compliance work manually. Many organizations relied on spreadsheets, emails, internal documents, and disconnected reporting systems to prepare for audits and security reviews.

Security staff often spend weeks gathering evidence, updating policies, and reviewing employee access records before compliance deadlines. Vanta developed software that automates much of that work through centralized monitoring and reporting systems. The platform allows businesses to monitor security controls, employee access, device settings, encryption systems, password requirements, and company policies from one location. Early customers mainly included startups seeking SOC 2 certification before signing enterprise contracts or raising funding. Over time, the company expanded into ISO 27001, HIPAA, GDPR, FedRAMP, and other compliance standards used across healthcare, finance, cloud computing, and enterprise software operations. Vanta also added compliance automation, continuous GRC systems, personnel and access controls, risk management software, and third-party risk management tools for vendor onboarding and security reviews.

The company was founded in 2018 and is based in San Francisco.

AI Features Reduce Manual Work

Artificial intelligence now plays a larger role across Vanta’s software. The company introduced AI tools that help users complete repetitive compliance work faster and reduce administrative workloads tied to audits and reporting. Vanta AI assists businesses with compliance operations, reporting, documentation, policy management, and security reviews. The company also added AI chatbot features that answer compliance questions and assist with audit preparation. These tools pull information from company records, uploaded documents, internal systems, and security frameworks. Users no longer need to search through large files manually for every request or policy update.

Vanta also provides questionnaire automation systems that help companies respond to customer security requests more efficiently. Many businesses receive long security questionnaires from customers before contracts are approved. Vanta automates much of that process by generating responses based on existing company documentation and stored compliance records. Trust Center tools allow organizations to display compliance documentation and security information for customers and partners through centralized dashboards. The platform also supports automated audit preparation and evidence collection. Businesses can centralize customer commitments, track security obligations, manage follow-up tasks, and monitor unresolved security issues from one location. Automation also helps organizations identify security gaps, missing controls, and policy violations faster than manual review systems.

Funding Expands International Operations

Vanta grew rapidly after entering the Y Combinator startup accelerator. Major investors later backed the company through several funding rounds as demand for cybersecurity compliance software expanded across global technology sectors. The company reached a valuation of $2.45 billion during a 2024 fundraising round. Investors included Goldman Sachs, JPMorgan Chase, Atlassian, CrowdStrike, HubSpot, and Workday. Investor support reflected growing interest in cybersecurity software businesses focused on automation and enterprise compliance operations.

The company secured another major funding round in 2025. Wellington Management led a $150 million investment that raised Vanta’s valuation to more than $4 billion. International growth included new offices and infrastructure projects in Dublin, London, and Australia. These additions helped support customers handling regional compliance rules, privacy regulations, and data residency requirements. The company also acquired TrustPage and Riskey to expand security and risk monitoring operations. These acquisitions added new capabilities tied to vendor reviews, AI-powered monitoring, and automated security workflows.

Businesses Push for Faster Security Reviews

Demand for cybersecurity oversight has grown across many industries as businesses face stricter regulations, larger customer security reviews, and stronger scrutiny following major cyberattacks and data breaches. These conditions increased demand for software that helps businesses prepare for audits, monitor internal systems, track policy violations, and manage compliance documentation more efficiently. Technology companies, healthcare providers, financial firms, cloud infrastructure operators, and hospitality businesses now face more detailed security reviews from customers, regulators, and enterprise partners before contracts are approved.

Vanta’s customer list includes technology companies, software businesses, hospitality groups, and cloud infrastructure providers. Customers include Atlassian, Duolingo, Omni Hotels & Resorts, and Snowflake. Public discussion surrounding Vanta often focuses on workplace monitoring and privacy questions tied to device management and security verification systems. Some technology professionals describe the software as useful for reducing audit workloads and handling compliance documentation more efficiently. Others question device monitoring permissions and software access controls tied to corporate security policies.

Christina Cacioppo, Co-Founder & CEO, Vanta