Vanta CPO Jeremy Epling launches agentic trust platform at VantaCon to automate enterprise security and compliance
Nov 18, 2025 with Jeremy Epling
Key Points
- Vanta launches AI Agent 2.0, a built-in GRC engineer that automatically tracks policy conflicts, maps data flows into newly adopted AI tools, and surfaces remediation steps without user prompts.
- A new Risk Graph correlates internal security gaps with vendor risk, enabling enterprises to trace breach impact to specific users and revoke access immediately.
- Vanta integrates with Claude and ChatGPT via MCP servers to auto-generate compliance reports, while keeping agent findings embedded in existing workflows rather than chat-first.
Summary
Vanta is repositioning itself as an agentic trust platform, with Chief Product Officer Jeremy Epling using the company's VantaCon conference in San Francisco this week to unveil a cluster of product announcements aimed at enterprise GRC teams.
The centrepiece is AI Agent 2.0, framed as a built-in GRC engineer with persistent context and memory across an organisation's full compliance programme. The agent tracks newly adopted AI tools, maps what data flows into them, flags policy inconsistencies automatically, and surfaces remediation steps without waiting for a user query. Epling cited an example where conflicting SLA language — 24-hour critical vulnerability notification in one document, 72-hour in another — would be caught, diffed, and resolved with a single click.
Vanta is also launching a Risk Graph, a visual layer that correlates internal security gaps with third-party vendor risk. The practical use case is breach response: the graph connects a vendor breach to which internal users have access, what data was shared, and enables immediate access revocation or control changes. Epling's framing is that external attackers only see a company's perimeter, while Vanta already holds a complete internal map — a structural advantage in an environment where AI is accelerating attacker sophistication.
On UI philosophy, Epling argues against a pure chat-first paradigm. The product surfaces agent findings proactively inside existing workflows — the policies screen, the reporting dashboard — rather than requiring users to interrogate a chatbot. For deeper exploratory analysis, Vanta supports an MCP server integration with Claude and ChatGPT, allowing users to auto-generate compliance performance charts and board-ready reports.
Vanta's customer base spans YC batch graduates through Fortune 50 companies, with named enterprise customers including Snyk, Perplexity, and Synthesia. Epling acknowledged Vanta is not pursuing a full-stack security play; vulnerability scanning, for instance, will remain partner territory. The Adaptive Scoping feature and a new Organisation Centre are designed to let large enterprises track compliance progress by business unit and across multiple frameworks such as PCI simultaneously.
The AI quality concern — hallucination risk in a security context — is addressed through a dedicated team of GRC subject matter experts who tune and validate model outputs. Epling's position is that security buyers are among the most demanding AI critics, making accuracy controls a competitive differentiator rather than a checkbox.