@TrustVanta profile picture
Vanta @TrustVanta

Automate compliance, security, and trust with the #1 Agentic Trust Platform.

Joined February 2020
  • Tweets 2,005
  • Following 152
  • Followers 4,696
994 Photos and videos
Pinned Tweet
Vanta
 @TrustVanta
May 27
Vanta has been named a Leader in The @forrester Wave™: Governance, Risk, and Compliance Platforms, Q2 2026, in our first inclusion in the evaluation. We’re incredibly excited about this recognition and what we feel it says about the work our team has been building toward. In the report, Forrester recognized our continuous controls monitoring capabilities, ease of implementation, broad integrations, and embedded AI agents that perform “high-impact tasks beyond basic summarization or content generation.” We’re especially proud to be recognized in an evaluation that addresses Continuous Risk Management alongside long-established GRC vendors. To us, it reflects where security and compliance are heading: more automated, more continuous, and increasingly AI-enabled. Read the full report: vanta.com/reports/forrester-…
5
669
One forgotten token at a security vendor. Six weeks later: OpenAI, GitHub, and Microsoft were all compromised in the same cascade. That's the TeamPCP supply chain campaign from earlier this year. The attackers didn't find a sophisticated vulnerability, they found a GitHub credential that wasn't fully rotated, and worked outward from there. By the end, their worm had spread across 170 packages with 518 million cumulative downloads. This is what supply chain risk looks like now. Not one breach, one vendor, or one victim, but a cascade. And the old model of point-in-time vendor reviews and quarterly access audits wasn't built for it. Our team did a write up on what happened, what it reveals about the new blast radius, and what continuous monitoring has to do with it. bit.ly/49WVdcE
43
The fastest way to understand a problem is to build a slice of it. At Vanta, that's changed how our engineers approach design: agent chats to think out loud, quick prototypes to surface what writing misses, recorded walkthroughs for feedback, and a short doc at the end to capture what was learned. Sr. Senior engineer Yanxi Chen breaks it down in our latest Trustcraft article: bit.ly/4edU5ny
0:48
84
What happens when compliance stops being a once-a-year event? Join Vanta, @Carahsoft, and public sector experts for a conversation on #FedRAMP 20x, continuous authorization, and the shift toward real-time trust and compliance. June 18 | Register here: bit.ly/4ovYc1O
2
100
Vanta NYC reporting for duty 🫡
0:12
166
ATTN: Bay Area Security and GRC builders! 👋 Your AI vendors are a risk you haven't mapped yet. Teams are adding AI tools faster than you can assess them, and shadow AI is creating compliance blind spots most programs weren't built to catch. Join us June 25th at Vanta HQ for our Risk-athon, a hands-on workshop where you'll build AI vendor discovery, due diligence, and continuous monitoring workflows live in Vanta. Bonus: you'll come away with CPE credit! Seats are limited, register asap: bit.ly/4vDPVeq
104
10 seconds after enabling 2FA
1
120
Some people have surveys. We have the Vanta Community. 📢 💜
2
101
Another great #NYTechWeek in the books 🗽 Over the course of five events, we had the chance to connect with founders, operators, investors, and builders from across the startup ecosystem. One highlight: bringing Calm-pliance Cafe to the Lower East Side, where our CEO @christinacaci joined Anarghya Vardhana for a fireside chat and Q&A with founders. A few days, a handful of events, and countless conversations later, we're still thinking about the ideas, questions, and debates that kept popping up across the city. Same time next year, NYC? 💜
0:25
6
148
Not to sound like a risk register, but... Likelihood of us being excited about this award: High. Honored to be recognized in the Best Risk Management Solution category for this year's #SCAwardsEurope! 🏆
2
115
Somewhere out there, an internal risk team and a vendor risk team are both very confident that "everything is fine.” And they're right... if "fine" means spending countless hours debating the risk matrix, blatantly missing connections that expose your business to risk, and stewing up tension in team meetings. Newest episode of Security Theater with @yayalexisgay ⤵️
1:16
1
5
144
Connecting an LLM to your data is the easy part. In compliance and security, the cost of a wrong answer isn't a bad user experience. It's a failed audit. We wrote about what lives in the gap between a raw LLM integration and AI you can trust with your compliance program: bit.ly/4vFZkSG
2
1
9
393
We're joining our friends at @StationDC_HQ to host an afternoon for founders and security practitioners in the DC area on June 16. Panels and roundtables on building and scaling compliance programs, like SOC 2, FedRAMP, CMMC, and everything in between. Bring the questions you've been sitting on. Get the details and register to attend: bit.ly/4vyYoPM
123
Compliance shouldn't be the thing that derails your momentum. But for a lot of startups, it is. We made a series about that. Back to Basics is a new series breaking down what startups need to know about security and compliance (before it becomes a fire drill). Francesca kicks it off by answering a question many founders put off: when should you actually start thinking about compliance?
1:26
1
1
123
Vanta retweeted
Alex Konrad
 @alexrkonrad
Jun 8
"As annoying as competition is, it totally makes us better, and it's way better for the customer." @TrustVanta CEO Christina Cacioppo (@christinacaci) has gotten used to newer startups talking a big game as the new 'Vanta 2.0' Her advice for handling big-talk: send a Slack message or one-pager to your leaders breaking down what's new, what's worth watching, and what to do about it. What she won't do, she tells The Upstarts Podcast, is mention the competition by name, even when they're scandalous. "I subscribe to the 'never let them see you blink' school of thought. Maybe I have to blink somewhere else, but yeah, that's not here."
1:28
Alex Konrad
 @alexrkonrad
Jun 5
"This is not a product category." "They're not actually going to work on this." "They're going to acquihire themselves to somebody." When Christina Cacioppo (@christinacaci) first pitched her startup in 2018, investors couldn't believe anyone would want to build compliance software. Eight years later, @TrustVanta works with 16K customers from Lovable to Icelandair, earning a $4.2B valuation. Now, she faces the opposite question: With AI, can't anyone build this? How does Vanta stay ahead of a new wave of hype-y startups? "I subscribe to the 'never let them see you blink' school of thought, she tells me. On The Upstarts Podcast, Cacioppo shares how she created value in a sleepy category; how she prioritizes “infinity things” as a startup unicorn CEO; and why when it comes to good security hygiene, we could all spend more time brushing our teeth. Plus, she shares her Upstart Moment: working to re-think, and future-proof, Vanta's software business in the face of powerful AI models. This season is presented by @Rippling 🫡 CHAPTERS 00:00 Introduction 1:39 What Vanta does 5:26 Selling to other startups 9:28 How AI agents change ‘pretty much everything’ 14:06 Christina’s *real* founder origin story 16:23 Underdog fundraising and gaming VCs 18:59 The problem with startup valuations 24:08 Turning LinkedIn ‘cringe’ into customer traction 26:41 Reinventing Vanta with AI 33:43 Whether AI could clone Vanta 35:23 ‘Never let them see you blink’ 37:24 Avoiding burnout with ‘infinity things’
40:46
6
4
47
32,994
A year ago, @perk_global was a travel company. Then they acquired a bank. Overnight: six compliance frameworks, a regulated balance sheet, and a security team with a lot more ground to cover... questionnaires, audit prep, access reviews, all of it. Here's what they didn't do: hire their way out of it. 50% less time on questionnaires. 49 of 50 now resolved without the security team touching them. Equivalent of two full-time hires saved. The compliance footprint kept growing. The headcount didn't have to. Read the full study: vanta.com/customers/perk
1
6
168
To build or to buy? That’s the question. AI coding makes building tools like GRC easy. It feels free! It’s not. Writing code is only 20% of the total cost. The remaining 80% goes into owning, maintaining, and securing it over time. Even if AI does cut development time by 50%, the total cost could still end up up to 6x more expensive than buying over five years. If it isn’t core to your product, it’s probably not worth owning forever. Hear from Anarghya on how to avoid an expensive mistake: bit.ly/4sZ3KlY
0:55
6
142
Us waiting for you to complete your security training.
5
171
One thing about GRC leaders...pack enough of them into a room, give them some BonBon candy, and the conversations practically run themselves. Llamazing, honestly.🦙 Recapping some of our favorite moments from Vanta Delivers x NY Trust Tour, thanks to everyone who joined us!
0:44
6
144
A lot of AI features in B2B software are just chatboxes with a personality. They make a product feel modern without doing any real work. We call it AI sprinkle, and we don't ship it. Our SVP of Engineering, @IcchaSethi, wrote about how we build AI at Vanta--a framework we call Trustcraft. No training on customer data. Every feature dogfooded on our own compliance program first. Eval discipline that catches regressions before customers ever feel them. The bar we hold ourselves to: if a compliance team can’t stake their program on it, it doesn’t ship.🚫🚢 Link in the comments. 🔽
0:19
2
1
7
481
Read how we build AI you can actually stake your compliance program on: vanta.com/resources/how-we-b…

Trustcraft: How we build AI products at Vanta

Here’s how Vanta builds AI products customers can stake their compliance programs on—from the Trust Graph and GRC-calibrated evals to traceability, dogfooding, and the discipline to say no to AI...

vanta.com
1
153
Load more