Skip to main content

Product Updates

Vanta Release Notes

June 2026

Week of June 21, 2026

Commenting on Controls in Audit

  • Users and auditors can now leave contextual comments on individual controls directly within a Vanta audit, with threading and @mention support, giving both sides a structured place to discuss specific controls without resorting to email or Slack threads where context gets lost. Package: Professional, Enterprise (Modular)

Controls Export in Audit

  • Users and auditors can now export everything visible in the controls table directly from within a Vanta audit, giving them an easy way to plug the full control matrix into any audit report without manual copying or reformatting. Package: Professional, Enterprise (Modular)

Use Vanta's MCP Anywhere You're Already Doing Your Work

  • Users can now connect Vanta's MCP from any MCP-capable tool, not just officially supported ones, with a warning banner displayed when the redirect URL isn't one Vanta publishes and controls, so customers can use Vanta where they already work without filing a support ticket or waiting for manual allowlisting. Package: Not Applicable

AIUC-1 Early Access Pilot

  • Users committed to certifying for AIUC-1, the new security standard for AI agents, can now access the framework as an early access pilot in Vanta at no cost for the duration of the preview period. Package: Essentials, Plus, Professional

Azure DevOps Multi-Tenant Support

  • Users can now connect and manage multiple Azure DevOps organizations from the same Vanta domain, bringing Azure DevOps in line with the multi-connection baseline available across other integrations. Package: Essentials, Plus, Professional, Enterprise (Modular)

SOC 2 Guide: Vanta Agent-Generated Trust Centers

  • Users in SOC 2 Guide can now have the Vanta Agent automatically generate a Trust Center and Letter of Engagement within their first days in Vanta, with the Agent pre-filling key details like description and security contact so startups have sales collateral they can share with prospects immediately while working toward their full SOC 2. Package: Essentials, Plus

Unmanaged Renewal Line-Item Preview

  • Users on unmanaged auto-renewal plans can now see a full line-item preview of their upcoming bill directly on the billing page, including each line item, price, and term, so they know exactly what they are agreeing to before their renewal processes. Package: Essentials, Plus

New Twilio Access Integration, Powered by Integration Builder

  • Users can now connect Twilio to Vanta via OAuth to automatically import active Twilio users, enabling real-time visibility into who has access, feeding access reviews with audit-ready evidence, and eliminating manual exports, with all the benefits of the Integration Builder platform including an AI-summarized activity log, manage page, and settings page. Package: Essentials, Plus, Professional, Enterprise (Modular)

CrowdStrike CSPM Alerts and Multi-Tenant Support

  • Users can now ingest CrowdStrike Cloud Security Posture Management findings into Vanta as Security Alerts to track SLAs and produce audit-ready evidence for cloud misconfigurations, and can now also connect multiple CrowdStrike tenants to a single Vanta domain. Package: Plus, Professional, Enterprise (Modular)

Optional Reason Input When Deactivating Controls

  • Users can now enter an optional reason when deactivating a control, either individually or in bulk, with that reason saved and surfaced in a new Deactivation Reason column on the deactivated controls page and visible in control history after reactivation. Package: Essentials, Plus, Professional, Enterprise (Modular)

AI Evidence Eval Model Upgrade

  • Users now benefit from a 10% latency improvement on AI evidence evaluation and a 5% higher evidence pass rate, as Vanta has upgraded the underlying model powering document and IRL evidence checks to Gemini 3.5 Flash with fewer unnecessary nit-picks on submitted evidence. Package: Essentials, Plus, Professional, Enterprise (Modular), Customer Trust Management

Privacy Read and Write MCP Tools

  • Users can now manage their privacy data inventory and assessments directly within agentic workflows through 20 new privacy tools exposed via MCP, reducing context switching and enabling more privacy program tasks to be automated end to end. Package: Not Applicable

Agent-Led Control and Policy Program Onboarding (Early Access)

  • Users can now upload any existing control or policy file as-is and have the Vanta Agent extract controls, suggest evidence pairings for bulk review and approval, extract policy details, map policies to controls, and surface gaps, all without needing to reformat documents to match a Vanta template. Package: Essentials, Plus, Professional, Enterprise (Modular)

QAuto: Smart Answer Field Detection

  • Users in Questionnaire Automation now have the Vanta Agent automatically detect and fill every response field a questionnaire requires, across any format including documents, spreadsheets, and portals, with column selection for spreadsheet questionnaires eliminated entirely in favor of fully automated detection. Package: Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management

Alpha: Contract Gap Analysis

  • Users can now upload a draft or executed contract and run a gap analysis where the Vanta Agent reads each commitment and compares it against their GRC program including controls, policies, and knowledge base, returning results ranked by what deserves attention first with cited evidence behind every call. Package: Customer Commitments

Risk and Control Linking via REST API

  • Users can now manage risk-to-control relationships programmatically via new REST endpoints to link controls to risks, view associated controls, change link types between existing and treatment controls, and remove links. Package: Not Applicable

Custom Agents (Early Access) M1: Scheduled Prompts

  • Users can now create their own custom agents in Vanta with a simple name, prompt, and schedule, setting them to run daily, weekly, or on demand to automate recurring compliance work like risk reports, policy expiry notices, and overdue training follow-ups across the full Vanta platform without any code. Package: Essentials, Plus, Professional, Enterprise (Modular), TPRM

Trust Center: Improved Notification Default for the Trust Collaborator Role

  • Users added under the Trust Collaborator role will no longer receive Trust Center access-request email notifications by default, eliminating the notification noise that previously blocked upmarket rollouts when large teams of collaborators were added at once. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced

Week of June 14, 2026

TPRM Collaboration: Vendor + Internal Commenting

  • Users can now add comments to individual questions on an assessment questionnaire within TPRM, with two separate tracks for internal comments among Vanta users and external comments between Vanta users and vendor contacts through the Exchange, giving both sides a structured and auditable way to collaborate without leaving the platform. Package: TPRM (formerly VRM)

Risk Control Mapping Suggestions

  • Users can now ask the Vanta Agent to suggest controls that are most appropriate to mitigate and link to a given risk scenario, reducing the manual effort of sifting through all available controls to find the right ones for each risk. Package: Not Applicable

New Test Notifications

  • Users can now receive proactive notifications when new tests relevant to their domain are scheduled for rollout and when they go live, with test owners automatically alerted for tests they own and configurable company-level alerts available for unowned tests by category via email and Slack or Teams. Package: Essentials, Plus, Professional, Enterprise (Modular)

New Agentic SOC 2 Guide Module: Vendors

  • Users in SOC 2 Guide can now have the Vanta Agent guide them through their entire vendor management setup, recommending which vendors to add based on IdP and integration data, pre-assigning risk scores, providing instructions on where to find security documents, and analyzing and summarizing each vendor's security documentation with a recommended review decision. Package: Essentials, Plus

Flexible Risk Scoring: Register Score Customization

  • Users can now configure risk scoring at the individual register level instead of only globally, with a revamped Scoring settings tab that displays a heatmap grid of all risk scores, score labels and descriptions, and a unified editing experience where all changes to impact and likelihood scales and risk levels can be made and saved at once. Package: Professional, Enterprise (Modular)

Agent Slide-In Panel

  • Users now experience the Vanta Agent companion in a slide-in panel that sits alongside the page instead of floating on top of it, allowing them to see their work and interact with the Agent at the same time without the Agent obscuring content. Package: Not Applicable

Agent and MCP Support for Risk Registers

  • Users can now ask the Vanta Agent or connect via MCP to create, rename, update, and delete risk registers through natural conversation, making risk program setup and maintenance faster for organizations managing multiple registers across teams or business units. Package: Professional, Enterprise (Modular)

Framework Purchase Expansion

  • Users can now purchase GDPR, AUE8, CIS v8, and CRI frameworks directly in-app with user-selectable variants, removing the need to schedule a call or go through a manual amendment process for these frameworks. Package: Not Applicable

Week of June 7, 2026

Vanta Agent: New Entry Point in the Top Nav (GA)

  • Users now have a persistent search bar in the top navigation that serves as a direct entry point to the Vanta Agent, surfacing rotating prompt suggestions from the prompt library to show what the Agent can do and accepting free-form queries, with Command+K available as a keyboard shortcut. Package: Essentials

Frameworks and Certifications Structured Commitment Type

  • Users can now filter and sort framework and certification commitments across their entire contract base as a structured commitment type, making it easy to pull up every contract that commits to SOC 2 or owes a report on request without having to read clause by clause. Package: Customer Commitments

Privacy Agentic Writes for Privacy Data Inventory (Processor Side)

  • Users can now work with the Vanta Agent on the Privacy page to create, update, and delete processing categories and data controllers, extending the agentic write capabilities previously launched for the controller side to the processor side of the Data Inventory. Package: Not Applicable

Direct Mapping of Requests to Controls on IRL Upload

  • Users and auditors can now map requests directly to controls at the time of IRL upload, with the uploader validating Control IDs against Vanta and providing a list of valid IDs for a given framework to make uploading and error handling straightforward. Package: Professional, Enterprise (Modular)

SIG Lite Questionnaire Template in QAuto

  • Users can now access a SIG Lite questionnaire template directly within QAuto, either as the new default starter questionnaire or via the Import Questionnaire modal, allowing them to complete it once, update it periodically, and share it with requesters or publish it to their Trust Center. Package: Essentials, Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management

Risk to Control Mapping - M1

  • Users can now link existing controls directly to a risk from a new risk context section on the risk detail page, separate from the treatment plan, eliminating false gaps, remediation noise, and score distortion while giving auditors a clear path to review control evidence directly from the risk. Package: Essentials

Custom Assessment Templates in Privacy

  • Users with the Privacy Advanced SKU can now create fully custom assessment templates with free text, single-choice, and multi-choice questions, and select those templates when creating a new privacy assessment instead of being limited to Vanta's predefined templates. Package: Privacy Advanced

Splunk On-Prem Integration, Powered by Integration Builder

  • Users can now connect Splunk Enterprise (on-prem) to Vanta through the first integration built on Vanta's new Integration Builder platform, which delivers a consistent experience across every integration including a listing page with API permissions and resource schemas, an AI-summarized activity log with fix instructions, a manage page, and a settings page, all generated automatically from code. Package: Essentials, Plus, Professional, Enterprise (Modular), Access Management

Week of May 31, 2026

View Third Party Trainings Within Vanta (10% Rollout)

  • Users can now view their third party security awareness trainings directly on their Vanta training page, with Vanta automatically updating their completion status once the training is finished in the external system and surfacing messaging when external trainings are pending. Package: Essentials, Plus, Professional, Enterprise (Modular)

Customers Can Edit Metadata on Requests

  • Users can now edit request due dates, capture dates, request types, and cadence directly within an audit in Vanta, removing the need to rely on auditors for these updates and speeding up the audit workflow on the customer side. Package: Professional, Enterprise (Modular)

MCP Tool Expansion

  • Users and their AI agents can now access 28 new MCP tools to programmatically read Personnel, Group, Computer, Access, Audit, Privacy, Questionnaire Automation, and Issues data from Vanta, with these tools shared directly from the same toolset powering the Vanta Agent. Package: Essentials, Plus, Professional, Enterprise (Modular)

More Performance Improvements to Inventory and Vulnerability Pages (No Limits)

  • Users with large data sets now experience significantly faster load times on Inventory and Vulnerability pages, with Inventory pages loading in under 1 second instead of timing out, and bulk ignore and export operations completing reliably at scale. Package: Not Applicable

Add Ability to Delete Files from Risk Tasks

  • Users can now see the names of uploaded files on risk tasks and delete individual files, replacing the previous experience that only showed a file count with no way to manage or remove specific attachments. Package: Not Applicable

Risk Approval Activity Timeline

  • Users can now view a full activity timeline within the risk approval history section, showing the date each action took place and any associated comments, giving teams a clear audit trail without needing to reference external email notifications. Package: Not Applicable

Improved Notification Management

  • Users can now toggle all alerts and email digest notifications on or off at the category level from Settings, eliminating the need to click through 30+ individual toggles to manage notification preferences. Package: Essentials, Plus, Enterprise (Modular)

Trust Center: AWS Marketplace Integration

  • Users can now feature their Vanta Trust Center on their AWS Marketplace listing so buyers can access compliance documentation during the purchasing process, and can also link their Marketplace listing directly from their Trust Center to turn security credibility into a direct purchase path. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced, Customer Trust Management

Per Risk Access Management

  • Users can now assign specific viewers and managers to individual risks, giving teams precise control over who can access and update each risk, with the ability to assign these roles to Vanta Teams as well. Package: Not Applicable

May 2026

Week of May 24, 2026

Agentic SOC 2 Guide: Getting Started in Vanta

  • Users (startups on SOC 2 Guide) are now guided step-by-step through their first actions in Vanta by the Vanta Agent, which generates a tailored compliance plan, confirms their company profile, recommends key integrations to connect, and answers questions along the way, all without needing to leave the Agent experience. Package: Essentials, Plus

In-App Billing Page

  • Users can now manage billing directly within Vanta through a new native billing page that replaces the previous Stripe redirect, with invoices served directly from Netsuite as the source of truth for finance. Package: Not Applicable

Wiz Configuration Findings

  • Users who opt in can now have Wiz configuration findings ingested into Vanta and presented as SLA-trackable security findings, giving upmarket customers more ways to generate evidence and track remediation across their cloud infrastructure at the individual instance and bucket level. Package: Professional, Enterprise (Modular)

Customize Personnel Reminders

  • Users (Admins) can now send personnel reminder emails from their company's verified email domain instead of Vanta's, and customize the subject, body, and Slack message content using template variables like employee name, task name, and due date to reduce confusion and increase completion rates. Package: Custom Domain: Professional, Enterprise (Modular) | Custom Email and Slack Message: Essentials, Plus, Professional, Enterprise (Modular)

Privacy Data Inventory: Bulk Management and Permanent Table View

  • Users can now select multiple data inventory items at once and bulk edit or delete them in a permanent table view, making large cleanup workflows significantly faster to self-serve, especially after ROPA imports. Package: Not Applicable

Privacy Agentic Writes for Privacy Data Inventory (Controller Side)

  • Users can now collaborate directly with the Vanta Agent on the Privacy page to create, update, and delete processing activities in the Data Inventory, with the Agent having access to expanded context tools to perform multi-field updates in a single interaction. Package: Not Applicable

Vanta Agent Sandbox Support (10% Rollout)

  • Users can now ask the Vanta Agent to work with large files, large datasets, and multi-step analysis tasks more reliably, as the Agent can now spin up an isolated sandbox to run bash commands, execute Python scripts, and export generated files back into chat rather than passing everything through the LLM context window. Package: Essentials, Plus, Professional

Week of May 17, 2026

Sharepoint Integration for Customer Commitments

  • Users can now connect and configure Sharepoint as a contract source from the Commitments settings page, similar to how the existing Ironclad integration works, giving teams an automated path to populate their commitments inventory without relying on manual uploads. Package: Customer Commitments

BU-Scoped Program Overview Reports

  • Users with Business Unit Scoping enabled can now apply a Program Segment lens to the Program Overview report, scoping the Framework Progress, Test Remediation chart, and Audits widgets to a specific BU and framework to surface per-BU risk and progress that was previously hidden in aggregate views. Package: Professional, Enterprise (Modular)

More Flexible User Provisioning in Login & Security

  • Users (Admins) can now choose how Vanta auth users are created under Login & Security, with options for SCIM, Personnel Auto-Provisioning, or manual management, giving upmarket customers the ability to add vCISOs, consultants, or IT admins to Vanta without also tracking them as monitored personnel. Package: Essentials, Plus, Professional, TPRM (formerly VRM)

Personnel Setup Wizard

  • Users setting up Personnel for the first time are now guided through a structured wizard that helps them connect an IdP and/or HRIS, configure scope, and make informed decisions around employee account provisioning, reducing the risk of misconfiguration and reliance on Support and Solutions. Package: Essentials, Plus, Professional

Personnel Setup Settings

  • Users (Admins) now have a dedicated Personnel Settings section where they can see all connected personnel and employee data sources in one place, understand what each source controls, manage source configuration, and review provisioning and reminder settings from a single persistent surface. Package: Essentials, Plus, Professional

Week of May 10, 2026

Historical Policies Available in IRLs

  • Users can now attach historical policy versions as evidence in IRLs, with a side drawer that surfaces past versions alongside the ability to add individual policy documents or entire containers. Package: Professional, Enterprise (Modular)

Trust Center: Right to Be Forgotten (Deletion Request) for Viewers

  • Users (Trust Center admins) can now fulfill GDPR Article 17 erasure requests directly from Settings by entering a viewer's email to trigger an automated workflow that anonymizes their PII across all relevant systems, including access records, NDA metadata, update subscriptions, and event logs. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced, Customer Trust Management

TPRM Continuous Monitoring - Vendor Incidents

  • Users are now immediately notified via email when a monitored vendor experiences a confirmed or suspected security breach, and can view a structured incident detail page showing confirmation status, severity, data breach status, a summary of what happened, source evidence links, and a basic incident timeline all in one place. Package: TPRM (formerly VRM)

AI Recommendations for Access Reviews (Preview)

  • Users now receive an AI-generated recommendation (Approve, Deny, or Needs Review) for every account at the start of an access review, each surfaced with the signals behind it such as employment status, last login, and prior decisions, allowing low-risk accounts to be bulk-approved in seconds. Package: Plus, Professional, Access Management

Trust Center: Customer-Specific Access Automation with Salesforce

  • Users can now map Trust Center tag values directly to Salesforce fields so that when a customer requests access, the right documents are automatically delivered based on their Salesforce data, with no manual intervention required. Package: Professional, Customer Trust Management, Trust Center Advanced

Customer Commitments Onboarding Experience

  • Users setting up Commitments for the first time are now guided through a four-step onboarding flow with a welcome modal, a persistent progress banner, and Chameleon-powered tours pointing to the exact UI needed at each step, from uploading standard contracts to reviewing customer commitments. Package: Customer Commitments

Product Usage Events in Metronome (QAuto + XBOW)

  • Users will soon gain in-product visibility into how much of their purchased entitlement they have consumed, as Vanta now tracks QAuto and XBOW usage events in real time through Metronome as a single source of truth for usage, commitments, and entitlements. Package: Not Applicable

Automatically Deprovision Zoom and Figma Accounts During Personnel Offboarding (GA)

  • Users can now configure Vanta to automatically deactivate Zoom and Figma accounts as part of the offboarding workflow, freeing licenses and removing org access immediately upon termination while keeping data intact. Package: Plus, Professional, Access Management

Knowledge Base API

  • Users can now programmatically create, read, update, and delete Answer Library entries and resources, manage lifecycle fields like owner, tags, verification state, and expiration dates, and use LIST endpoints with filtering and pagination to power downstream automations and integrations. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management

Bulk Test Export

  • Users can now export test data in bulk from the Tests page via CSV, with a configuration modal that gives them control over exactly what gets included in the export. Package: Not Applicable

Advanced Historical Reporting Now Available in VantaGov

  • Users on VantaGov now have access to all reports including the Issues Report, powered by the same Snowflake-based reporting data pipeline available in Vanta's commercial product, with full parity on future reporting features including Vanta Agent integration. Package: VantaGov

SPRS Score for CMMC Level 2

  • Users on CMMC Level 2 can now track their Supplier Performance Risk System (SPRS) Score directly in Vanta via a new reporting widget that updates as they make progress on controls. Package: Essentials, Plus, Professional, Enterprise (Modular)

My Program (M1)

  • Users managing compliance across multiple Business Units can now access a single My Program home page that provides cross-BU and cross-framework visibility into their entire compliance program, including framework health, test remediation status, and audit activity in one location. Package: Professional, Enterprise (Modular)

Enhanced Control Data for V4G Frameworks

  • Users on NIST 800-53, NIST 800-171, FedRAMP Rev 5, and CMMC frameworks can now capture three additional fields per control including control type, implementation status, and implementation details to better demonstrate compliance to auditors. Package: Essentials, Plus, Professional, Enterprise (Modular)

Vanta Developer Docs Rebuilt for Humans and Agents

  • Users and AI agents building on Vanta now have access to a fully rebuilt developer documentation site on Mintlify, featuring an AI-native experience with a dedicated landing page, agent-friendly markdown, an AI chatbot, improved API playground, and 12+ new pages including tutorials, concept guides, and one-click AI prompts. Package: Not Applicable

Third Party Trust Center Evidence Requests

  • Users running vendor assessments in TPRM can now request access to private documents from Safebase, Secureframe, and Conveyor trust centers directly within an assessment, with a computer use agent placing the request on their behalf without requiring them to leave Vanta. Package: TPRM (formerly VRM)

Week of May 3, 2026

Automated Jira Ticket Creation for Documents (Beta)

  • Users (Admins & Editors) can now configure Vanta to automatically create a Jira issue whenever a Document needs evidence, with tickets defaulting to the Object Owner as the assignee, pre-populated with context on how to complete the work, and linked back to the document in Vanta. Package: Essentials, Plus, Professional, Enterprise (Modular)

Simplified Answer Schema for Answer Library

  • Users now benefit from a simplified Answer Library schema that consolidates the answer and explanation into a single open-text field, reducing complexity across the import/export workflow and the Knowledge Base API. Package: Essentials, Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management

Row-Level Tagging for Answer Library Imports

  • Users can now map spreadsheet columns to existing tag categories in Vanta when importing a CSV or Excel file into the Answer Library, allowing each row to carry its own tag values so imported entries are tagged correctly from the start. Package: Essentials, Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management

Auto-Renewals for 1–10 HC Customers (Global Launch)

  • Users on eligible 1–10 HC plans can now renew automatically without any manual back-and-forth, receiving a 90-day notification email and an in-app banner at 45 days, with simple in-app paths available if they want to make changes or cancel. Package: Essentials, Plus

Pre-Sync Vulnerability Filtering for AWS

  • Users can now configure a minimum severity threshold for AWS vulnerability ingestion, ensuring only vulnerabilities at or above that threshold are imported into Vanta to reduce noise and focus remediation efforts. Package: Essentials, Plus, Professional, Enterprise (Modular)

Akamai Domain Protection (Progressive Rollout)

  • Users can now connect Akamai to Vanta to monitor managed domains, their proxy status, and the configuration of key protection services like WAF, bot management, and DDoS mitigation, with automated tests that continuously verify domains stay protected. Package: Essentials, Plus, Professional, Enterprise (Modular)

Issue Snapshots with Audit Integration

  • Users can now take point-in-time snapshots of issues filtered to their needs and share those snapshots directly with an audit, giving auditors access to a stable, unchanging view of issues via the Auditor portal, export, or Auditor API. Package: Professional, Enterprise (Modular)

Expanded Automated Tests Generating Upmarket Evidence

  • Users now have access to 331 additional automated tests that generate robust evidence tables, bringing the total to 601, along with LLM-generated structured descriptions across all Vanta-built tests for clearer context on what each test does and why it matters. Package: Not Applicable

Licensed Shared Assessment Content - SIG/SIG Lite (TPRM & QAuto)

  • Users will soon be able to access standardized SIG and SIG Lite assessment templates directly within Vanta's TPRM and Questionnaire Automation products, removing the need for separate expensive licenses. Package: Questionnaire Automation, Questionnaire Automation Advanced, Trust Center, Trust Center Advanced, Customer Trust Management, TPRM

5 Integrations Now Available on VantaGov

  • Users on VantaGov can now connect five additional integrations including Intercom, CrowdStrike, Checkr, KnowBe4, and OpenAI, each validated through a standardized 10-12 test suite to ensure a consistent install experience matching Vanta's commercial product. Package: Essentials, Plus, Professional, Enterprise (Modular)

Deleting Business Units & Program Segments (Internal Redpanda Release)

  • Users (via CSMs in RedPanda) can now delete business units and remove frameworks from business units, resulting in a cleaner, more accurate setup with less UI clutter and clearer segment-scoped views across Vanta. Package: Professional

Event Logs API

  • Users can now continuously fetch Vanta event logs via a new API endpoint to quickly detect suspicious user behavior and ingest activity data into their SIEM. Package: Essentials, Plus, Professional, Enterprise (Modular)

April 2026

Week of April 26, 2026

Information Request List (IRL) GA!

  • Users at upmarket organizations can now run a fully cohesive audit in Vanta by uploading their auditor's IRL, submitting evidence manually, marking evidence for internal or auditor review, and controlling data visibility throughout the audit process, all within a single, unified workflow.

Standard Commitments

  • Users managing customer contracts can now automatically identify non-standard commitments by uploading their standard paper (e.g. MSA, DPA), letting AI extract standard terms and flag any deviations in customer contracts with a clear explanation of what differs.

Personnel People Page Quick Views and Filters

  • Users can now access one-click, persistent quick views at the top of the People page, such as "Incomplete Tasks," "Overdue," and "No Tasks Assigned" instantly filtering personnel by actionable states instead of manually scanning a dense table.

Custom Fields for Issue Management

  • Users managing issues at scale can now extend Issues with custom structured metadata fields, giving enterprise teams the flexibility to track internal processes, programs, and reporting needs without changing their underlying issue workflows.

ISO 22301 New Framework

  • Users pursuing Business Continuity Management System (BCMS) certification can now access ISO 22301 as an out-of-the-box framework in Vanta, complete with dedicated policies, procedures, tests, documents, and evidence reuse.

Vanta Agent on Top Nav Search

  • Users can now access the Vanta Agent directly from a prominent search bar in the top navigation, with rotating prompt suggestions to help surface what to ask, making the agent significantly more discoverable than the previous sparkle button entry point.

Team Ownership for Controls

  • Users can now assign a team as the owner of a control, ensuring every team member gets notified when action is needed and can configure a shared Slack channel for alerts, rather than relying on a single individual who may miss notifications.

TPRM Assessment Evidence Status

  • Users managing third-party risk assessments now have a clearer, more accurate evidence status that accounts for partial questionnaire completion and distinguishes between the number of evidence requests fulfilled vs. total required, replacing a previously confusing three-state model.

Partial Materialization Refresh: Same Fast, Less Stale

  • Users on the Tests page will now see assignment updates reflected significantly faster, as the new partial materialization refresh selectively updates only affected data rather than triggering a full page refresh, reducing the previous up-to-10-minute staleness window.

OSCAL Export for FedRAMP R5, NIST 800-53, and CMMC

  • Users on FedRAMP R5, NIST 800-53, and CMMC frameworks can now export their controls, tests, and evidence in machine-readable OSCAL format directly from Vanta to meet increasing federal government requests for OSCAL-based content.

Vanta Control Framework (Private Preview)

  • Users managing multiple overlapping compliance frameworks can now view their commitments through a single unified set of Vanta common controls, making it easier to understand how framework requirements map together and operate a security program without getting lost in a sea of redundant controls.

Week of April 19, 2026

GA Outbound Webhooks

  • Users can now receive real-time notifications from Vanta when specific events occur, such as a vendor being created, a Trust Center access request coming in, or a questionnaire status changing, enabling automated workflows without the need to manually monitor the dashboard or poll the API.

DPIA Generation with Vanta AI

  • Users completing a Data Protection Impact Assessment can now have Vanta AI generate an initial draft by pulling in relevant data from processing activities, vendors, and risk scenarios, saving significant time getting started on this complex process.

Custom Document Renewal Dates

  • Users can now set custom renewal dates on individual documents or in bulk, giving them direct control over when documents come due independent of upload dates, making it easier to align document renewals to their actual audit schedules.

SOC 2 Guide in Slack: Policy Reminders and Approving Policies

  • Users going through SOC 2 Guide can now receive Slack notifications and reminders from the Vanta Agent to review and approve their policies, meeting startup customers where they already spend their time instead of requiring them to return to the Vanta app.

QAuto: Section Context Awareness

  • Users submitting questionnaires for automation will now get more accurate AI-generated answers, as Questionnaire Automation detects and surfaces section headings to give the AI the framing it needs to correctly interpret questions in context rather than treating them in isolation.

TPRM: Next Review Date Now Available in Vendor Import

  • Users migrating their vendor risk programs into Vanta can now set the next review date directly in the vendor import, enabling automated evidence collection workflows to trigger immediately without requiring manual one-by-one updates.

Asana & ClickUp Ticket Linking + Evidence Sync for Documents

  • Users can now link existing Asana and ClickUp tasks to Vanta Documents and have attachments uploaded in those tools automatically surface as recommended evidence in Vanta, keeping task status synced across platforms without manual copy-pasting.

Enforce Policy Review

  • Users with admin access can now enable a setting that requires employees to open and review each policy before accepting it, giving mid-market and enterprise customers a more formal guarantee that policies are actually being read.

Auto Account Assignment & Creation

  • Users uploading contracts no longer need to manually assign them to accounts, as AI now automatically matches each contract to the right account, or creates a new one if none exists, dramatically reducing manual review during the contract ingestion process.

Agent-led Risk Onboarding

  • Users setting up a risk management program as part of the SOC 2 Guide can now have the Vanta Agent automatically generate personalized risk scenario recommendations based on their business context, replacing the need to manually browse and select from a lengthy risk library.

Early Access: Redesigned Portal Automation in QAuto

  • Users completing security portals through Questionnaire Automation will benefit from a fully rebuilt experience that replaces a heuristic DOM scan with a full-page AI scan and agentic section-to-section navigation, delivering broader and more consistent portal coverage.

Processor-Side of the Data Inventory (Processor ROPA)

  • Users can now track data they process on behalf of other entities under GDPR's Processor ROPA requirement, as the data inventory has been split into "Data you control" and "Data you process for others" to cover both sides of the compliance obligation.

QAuto: Object-Level Permissions for Questionnaires

  • Users in large organizations can now have questionnaire access tied directly to their ownership or approver role on individual questionnaires, giving teams granular control over visibility and editing rather than relying on broad global permissions.

Week of April 12, 2026

Vanta Agent Support for Audits

  • Users can now ask the Vanta Agent natural language questions about their audit status — such as whether their auditor has flagged anything or if there are overdue requests — without needing to manually dig through the audits product.

Controls Page Available in IRLs

  • Users in IRL audits can now access a dedicated controls page that displays all in-scope controls, control details, the control-to-request mapping, and progress tracking per control, eliminating the need to navigate into individual requests to find this information.

REST API for Contract Management

  • Users can now leverage new public REST API endpoints to upload, read, and delete contracts programmatically, enabling custom contract management workflows that reduce the manual overhead of building a complete contractual commitments inventory.

No Limits (Performance & Scaling)

  • Users across Trust Center pages and key feature areas will experience significantly faster load times and fewer timeouts, as the team resolved performance issues across 7 content types and 4 feature pages to meet SLOs at 100x peak load.

Improved Audit Workflows in IRLs

  • Users with admin roles can now enforce internal review processes in IRLs by requiring collaborators to mark requests as "internal review" before evidence reaches the auditor, giving security teams greater control over auditor communication.

Custom SLAs

  • Users can now create and edit their own SLA categories in Vanta and apply them to both custom and Vanta-built tests, providing greater flexibility to match their organization's unique remediation timelines.

Remote MCP Server Released to All Customers

  • Users across all customer accounts now have access to the Vanta remote MCP server as a public beta feature, following a private beta that demonstrated strong interest from AI-first customers.

File Attachments for the Vanta Agent

  • Users can now attach images and PDFs directly to the Vanta Agent via the paperclip icon, enabling richer context to be provided to the agent beyond plain text input.

Risk to Asset Mapping – Preview Release

  • Users can now natively link risk scenarios to integrations directly within Vanta — from the risk scenario detail page or the dedicated impacted assets tab — giving them a clearer, more complete view of which assets are affected by a given risk.

Risk Import Guidance

  • Users who indicated during onboarding that they have risks to import will now see a contextual banner on the Risks page along with a guided checklist and embedded help links on the import page, making it easier to complete the import process.

Admins Can Define Preferred Firm List for Audit Creators

  • Users with admin roles can now control which audit firms appear in the dropdown when creating an audit engagement, reducing the risk of an audit creator accidentally selecting the wrong firm.

Week of April 5, 2026

Personnel (V2) Context in the Vanta Agent

  • Users can now ask the Vanta Agent plain-language questions about their personnel compliance posture — including task completion, policy acceptance, and device status — through rebuilt V2 Personnel tools that significantly expand what the Agent can surface about people and their compliance standing.

Expanded Spreadsheet Questionnaire Support for TPRM

  • Users who rely on spreadsheet-based workflows for third-party risk assessments can now manage those questionnaires as a first-class experience alongside in-app questionnaires, eliminating the need to migrate off of familiar offline and collaborative workflows.

QAuto Context in the Vanta Agent

  • Users can now paste security questionnaire questions directly into the Vanta Agent and receive answers drawn from knowledge base resources and security questionnaires, going beyond the previous limitation of only searching policy documents.

Privacy Context in the Vanta Agent

  • Users can now ask the Vanta Agent questions about their privacy product data — including data processors, processing activities, and impact assessments — giving them visibility into their privacy posture directly through the Agent.

March 2026

Week of March 29, 2026

Auto-Renewals for 1–10 HC Customers

  • Users will experience automatic subscription renewals with zero effort required. Eligible 1-10 headcount customers on Essentials or Plus plans receive renewal notifications at 90 and 45 days, and their plan continues automatically unless they choose to make changes via a simple in-app form or cancel through a straightforward in-app flow that captures feedback for product improvements.

Vanta Plugin for Claude Code (Private Preview)

  • Users will be able to discover failing compliance tests, generate infrastructure-as-code fixes directly in their repository, and open pull requests without leaving their code editor. The plugin connects Claude Code to Vanta's MCP server with purpose-built remediation skills and commands, providing test-specific prompts and fix instructions for 500+ IaC tests across AWS, GCP, and Azure.

Extended Public Webpage Indexing for the Knowledge Base

  • Users can now add a single URL and enable "include sub-pages" to automatically index content from that page and all relevant sub-pages (one level deep), with LLM-based filtering ensuring only semantically relevant content is captured and daily re-scanning keeping the knowledge base up to date.

Auto-Tracking Commitments

  • Users now have commitments automatically added to their inventory as soon as AI finishes processing—eliminating manual review steps and getting customers to value faster while still giving them control via edit and archive actions.

Extended Public Webpage Indexing for Knowledge Base

  • Users can now add a single URL and enable "include sub-pages" to automatically index content from that page and all relevant sub-pages (one level deep), with LLM-based filtering ensuring only semantically relevant content is captured and daily re-scanning keeping the knowledge base up to date.

Version History for AI-assisted Edits in Policy Editor

  • Users can now track and recover from AI-assisted edits in the Policy Editor with automatic version history that saves every AI edit, provides summaries of changes, and allows one-click restoration of any previous version even across sessions.

Auto-Renewals for 1–10 HC Customers

  • Users (1-10 headcount customers) who want to continue on their current plan now renew automatically with zero effort, receiving 90-day and 45-day notifications, with simple in-app options to make changes or cancel if needed.

Risk Agent with Risk Program Context

  • Users can now ask questions about their risk register in plain language and get structured, real-time answers grounded in live program data—such as highest severity risks, risks without owners, and associated controls—giving program managers better visibility without digging through tables or reports.

Week of March 22, 2026

Simplifying Risk Navigation

  • Users will now see a more streamlined Risk page with less clutter, as Risk Snapshots have been moved into the “…” menu alongside a link to Risk Settings. This update simplifies navigation and helps users focus on the most relevant actions more easily.

Week of March 15, 2026

Splunk Access Integration

  • Users can automatically sync user, group, role, and access data from Splunk, enabling continuous monitoring of access controls, powered automated compliance tests, streamlined access reviews, and structured access requests.

Support for ENUM data type for custom tests

  • Users now have ENUMs available for building custom tests, further expanding the use cases that the test builder can support.

TPRM Multiple Assessments: Phase 2

  • Users can now create additional assessment types like privacy, legal, financial etc and perform multiple AI powered assessments in parallel for each of their vendors.

SOC 2 Guide for 1-10 HC Customers

  • Users benefit from a streamlined, agentic onboarding experience featuring agentic company research before first login, agentic policy creation with tailor-made policies, always-available next step recommendations, and the Vanta Agent always available for questions trained on company context, compliance data, and the full help center.

Week of March 8, 2026

Controls status for Business Units

  • Users are now able to see a breakdown of an individual BU's progress (e.g. "SOC 2 for APAC") rather than just the overall framework (e.g. "SOC 2") status.

Vendor Scoping

  • Users can manage the scope of their vendors at the framework and business unit level, allowing them to manage different vendor scopes for each audit leading to faster and more complex audit strategies.

TPRM Questionnaire Sections

  • Users can now organize questionnaires into structured sections with create, rename, duplicate, delete, and drag-and-drop reordering capabilities, with a new sidebar navigation allowing users to quickly jump between sections.

GA of Impact Assessments in the Privacy Hub

  • Users can now fill out a DPIA form within Vanta modeled after the ICO standard, link assessments to multiple processing activities, pull directly from the Vanta risk register, and utilize built-in approval workflows and customizable review cadences to ensure assessments remain up-to-date.

Vanta AI DPIA suggestions

  • Users can extract relevant information from within Vanta and use Vanta AI to suggest answers as they complete a DPIA, saving time and providing guidance for users who may not have deep experience drafting DPIAs.

TPRM Multiple Assessments: Phase 1

  • Users can now perform different types of assessments per vendor, make a single decision per vendor taking into consideration different types of evaluations, send a single evergreen exchange to vendors, and gain a clear understanding of vendor status through revamped vendor detail pages.

Removal of 10 deprecated blueprint tables from Risk

  • Users now have access to Risk views that render with modern design-system components (TableV2, FlatTable, etc), delivering a consistent UX across Risk Scenarios, Archived Risks, Risk Library, and Risk Settings.

DPIA approved in vanta automated test

  • Users benefit from a new automated test which runs periodically making use of the existing automated tests infrastructure to check if there is at least one approved DPIA.

Week of March 1, 2026

CTM: Improved custom RBAC permissions for Trust Center, Questionnaires, and Knowledge Base

  • Users can now create more granular custom roles across Trust Center, Questionnaires, and the Knowledge Base, including separating questionnaire edit vs approve permissions and avoiding unintended Knowledge Base write access.

Linear Ticket Linking & Evidence Sync for Documents

  • Users can now link existing Linear tickets directly to Vanta Documents and automatically sync attachments as recommended evidence. This enables teams to track work in Linear while maintaining visibility and audit readiness in Vanta, reducing duplicate work and improving cross-tool collaboration.

Global Settings

  • Users can now find and manage configuration more predictably because settings are being consolidated into Global Settings and standalone settings surfaces are being removed from left navigation.

Miradore MDM Integration

  • Users can now connect Miradore to continuously sync managed device inventory into Vanta, map devices to users, and evaluate device posture against controls, reducing manual inventory work and coverage gaps.

Structured Commitments

  • Users can now view contract commitments as structured, standardized fields (instead of only legal prose), making commitments filterable and comparable across customers so teams can act without reopening every contract.

Track Privacy Impact Assessments in My Work

  • Users can now see privacy impact assessment tasks in My Work, including items assigned to them and items waiting on others, making outstanding privacy work easier to track.

QAuto: Vanta Agent response approvals and questionnaire completion (public preview)

  • Users can now reduce manual review with optional automations that auto-approve unflagged agent answers and automatically complete questionnaires once all responses are approved.

Improving formatting and UX of risk emails

  • Users can now read risk emails more easily and land on the exact risk that needs action because the email formatting was cleaned up and the “Review in Vanta” button now deep-links to the individual risk, not the general risk table. [7]

February 2026

Week of February 22, 2026

System Security Plan (SSP) Generation Now Available

  • Users can now generate and manage a System Security Plan inside Vanta for FedRAMP R5, NIST 800-53, NIST 800-171, and CMMC, selecting DOCX or PDF output, downloading it, and having it stored in Vanta Documents for easier audit packages.

[Open beta] Automatically deprovision Calendly accounts during personnel offboarding

  • Users can now have Vanta automatically deprovision Calendly accounts during offboarding, reducing manual steps, and establishing the foundation for automatic deprovisioning across more integrations over time.

CTM: Bulk import for customer trust accounts

  • Users can now bulk import customers and prospects into Vanta Accounts so Trust Center automation, access controls, auto-approvals, and NDA rules can be applied at scale without recreating accounts one by one.

Trust Center: Optionally show failing control indicators

  • Users can now choose to display both passing and failing control indicators in Trust Center, improving transparency of compliance status instead of making the control list appear self-attested.

QAuto: Team assignment for questionnaire approvers

  • Users can now assign teams as questionnaire approvers in QAuto, while approval permissions still respect existing role-based access controls, and the rollout is being expanded beyond the initial cohort.

2-Resource Custom Tests

  • Users will be able to create custom tests that pull and join data from 2 different resource types, either from a single integration or across two different integrations. Data from both resource types can be used for resource scoping and for building evaluation logic to determine pass/fail, unlocking many more testing use cases that previously couldn't be addressed with single-resource tests. Additionally, users will now see enum values from received resources displayed in dropdowns when building test logic, making test authoring simpler and more intuitive.

Week of February 15, 2026

Unified Scoping POC

  • Users can now configure scope from a single scoping home page across multiple levels, and can scope AWS assets using tags, regions, and asset names, making scoping clearer and more flexible.

QAuto: Faster automatic column detection for spreadsheet questionnaires

  • Users can now skip the manual review step when Vanta detects spreadsheet columns with high confidence, which reduces hands-on validation while keeping a fallback to adjust column configuration if needed.

Configurable Privacy Policy Acceptance in Trust Center Access Requests

  • Users can now require and customize privacy policy acceptance in Trust Center access request forms. Trust Center owners can enable a toggle to mandate consent and edit the checkbox language, including adding markdown links—giving customers more control over compliance and legal requirements regardless of CRM usage.

[Open beta] Assign deprovisioning tasks to system admins in personnel offboarding

  • Users can now automatically assign deprovisioning tasks to the relevant system admins during offboarding, with Vanta auto-verifying task completion for integrated systems and enabling quick self-verification for manual systems, centralizing evidence for audit.

Inline editing in the privacy data inventory

  • Users can now edit processing activities inline on the overview page, avoiding a separate form page and making quick updates easier, including edits from within a drawer view.

Week of February 8, 2026

QAuto: Redesigned page header in response view

  • Users can now manage questionnaires more easily because the response page header was updated to a standardized header that lets them edit key metadata like due date, owner, and approver directly from the header, and it more clearly surfaces the primary action to complete the questionnaire.

VantaGov environment GA

  • Users in public sector, or selling into it, can now run Vanta in a GovCloud environment so they can meet stricter hosting and procurement requirements without exceptions, workarounds, or manual tooling.

Automated Evidence Collection for Vanta Trust Centers in TPRM

  • Users can now request private documents from vendors who use Vanta Trust Centers directly inside Vanta during a TPRM review, and once access is approved, the documents are automatically uploaded to the review as evidence, reducing the old back and forth of requesting, downloading, and re-uploading files.

Assign security awareness training from Vanta and third-party integrations (Private Preview and partial GA)

  • Users can now assign training by category from multiple sources at once, including Vanta’s training library, one or more SAT integrations, and custom training URLs, so they are no longer forced into an all-or-nothing choice when they connect an LMS integration.

AI Detects Service Accounts (GA for all GRC customers)

  • Users can now detect and classify service accounts using AI, helping them review personnel records dramatically faster and mark service accounts at much higher volume than the manual flow.

Week of February 1, 2026

Surface conflicting and duplicate content in the CTM knowledge base

  • Users can now identify and manage conflicting and duplicate content within their Customer Trust Management (CTM) knowledge base. This feature was released to nearly all QAuto customers, with temporary exclusions for domains containing more than 10,000+ answer library entries while processing latency issues are addressed. Support for these larger customers is expected within 2-3 weeks. (Available to all QAuto customers)

Enhanced Questionnaire Bulk Actions in QAuto

  • Users can now take bulk actions across multiple questionnaire questions at once, which reduces manual clicks during review and speeds up response workflows for larger vendor assessments.

Improved Evidence Upload Experience in TPRM Reviews

  • Users can now upload and manage supporting documents more seamlessly within Third-Party Risk reviews, with clearer status indicators and a more intuitive evidence workflow that reduces confusion during vendor evaluations.

Expanded Access Controls for Trust Center Content

  • Users can now configure more granular access settings for Trust Center documents, giving teams tighter control over who can view sensitive materials while still enabling secure sharing with prospects and customers.

Refined Audit Issue Status Visibility

  • Users can now more clearly see issue status changes within audit workflows, improving cross-team coordination and reducing back-and-forth during remediation tracking.

January 2026

Week of January 25, 2026

Issues Reporting

  • Users can now access a comprehensive Issues report that surfaces key metrics like issues opened vs. resolved, percent closed on time, and average time to close. The report also includes:

    • Trends by severity and status

    • Filters by owner, status, source, and audit

    • A faster reporting engine with near real-time updates

  • This makes it easier to track backlog, identify patterns, and manage remediation across teams.

[Progressive Rollout] Code Changes for All Packages

  • Users on Essentials and Plus can now access the /code-changes page, previously limited to higher-tier packages. This includes:

    • Pull request evidence ingestion via the resource fetcher

    • Two default product tests: PRs require approval by someone other than the author and must pass automated build checks

    • Support for audit evidence prep with a 200-minute estimated time savings

  • This upgrade replaces the old /changes experience, improving performance, visibility, and compliance validation.

URL Evidence in Issue Management

  • Users can now attach URLs as evidence directly to issues. This update supports teams that document remediations in external systems and streamlines evidence collection for audit.

Help Center Tools for Vanta Agent

  • The Vanta Agent now supports help center search and article retrieval. It can answer product usage questions such as:

    • How to upload an IRL

    • Where to track progress in Vanta

    • How to disable alerts or download the agent

  • This reduces support volume and brings the help experience directly into the Agent chat flow, decreasing refusal rates from 10–12% to just 3%.

Agent Memory (M1: Create and Use Memory)

  • Users can now store company-specific context in the Vanta Agent’s memory. Once saved, this context is referenced across all future interactions, enabling more personalized and consistent responses without repetitive setup.

Framework Evidence Overlap Drill-Down

  • Users can now view exactly which tests and documents overlap across frameworks and which are net new. This replaces the prior high-level percentage with:

    • A detailed, filterable breakdown

    • Previews of inactive framework items

    • Ability to scope effort and understand additional work before purchase

  • This boosts planning accuracy, reduces duplication, and increases customer trust when expanding frameworks.

[GA] TPRM Intake Form

  • Users can now publish a secure, configurable intake form for third-party risk management. Highlights include:

    • Custom and standard vendor fields

    • Evidence uploads

    • External access via secure magic links

    • Default risk assignment

  • This streamlines procurement intake, centralizes data, and closes a longstanding gap in the TPRM offering compared to competitors.

Week of January 18, 2026

AI Auto Consent & Provisioning Agents (Shadow Mode)

  • Users in the SOC 2 Studio Pilot can now benefit from AI-driven provisioning agents that run on domain creation. These agents scrape publicly available company data to auto-generate SOC 2 policies and scope relevant controls. Though currently running in shadow mode (not yet applying changes), these agents are designed to reduce setup time and tailor compliance programs instantly. Core and Core Plus domains are auto-opted into AI features and shown an informational banner upon login.

Approval Workflow for Impact Assessments

  • Users can now assign approvers and track approval status directly within the impact assessment workflow, using the same intuitive experience already available for policies. This replaces the need for external documents or spreadsheets, improving accountability and documentation.

Auto-Generated Agent Conversation Titles

  • Users will now see descriptive, auto-generated titles for their Vanta Agent conversations based on the context of the exchange. This makes it easier to identify, revisit, and manage past conversations across various workflows.

Globally Available Vanta Agent

  • Users can now access the Vanta Agent from anywhere in the platform via the top navigation. The agent is context-aware and offers relevant prompts based on the page you’re on, helping users get assistance and next steps without interrupting their workflow.

Link Existing Jira Issues to Documents

  • Users can now link existing Jira tickets to Vanta documents, improving traceability and removing the need to create duplicate tickets. This makes it easier for Program Managers to track documentation-related tasks alongside project workflows.

Personnel Tools for Vanta Agent

  • Users can now ask the Vanta Agent questions about personnel, such as task completion, security training progress, background checks, and device assignments. The agent can also return filtered personnel lists and provide policy acceptance rates, helping admins monitor compliance via natural language.

Revamped Personnel Offboarding Page UX

  • Users will see a refreshed offboarding experience with improved UI and functionality. Key updates include:

    • Enhanced visibility into accounts, roles, and vendor risk

    • Integration refresh timestamps and one-click refreshes

  • This improves clarity, supports scaling, and aligns with upcoming access deprovisioning features.

Linking Impact Assessments and Processing Activities

  • Users can now link impact assessments to processing activities and vice versa. This includes creating assessments directly from activities, navigating between linked items, and viewing link status from the impact assessments table, streamlining privacy workflows.

Scalable Product Tests

  • Users with large data volumes will benefit from redesigned product test infrastructure, which now supports paginated processing. Early results from the “No Limits” initiative show a 93% reduction in daily test failures. Previously unresponsive tests are now running reliably for over 50 affected customers.

QAuto: Answer History

  • Users will now see a full edit history for questionnaire responses, giving greater transparency into how answers have evolved over time. This includes visibility into changes made by collaborators and Vanta Agent. Key details:

    • Currently rolled out to 20% of customers, expanding to 100% by week’s end (pending no critical issues)

    • Available only for new questionnaire responses going forward

    • Approvals and assignments are not yet tracked in history but are planned for future updates

Business Unit Segmentation for Tests

  • Users can now view test results segmented by business unit, not just framework. For each test, customers can:

    • See which business units are impacted

    • View how many resources the test evaluates per unit

    • Open a segment-specific remediation view to take focused action

  • This gives larger organizations better oversight and a more intuitive compliance view across distributed teams.

History and Versioning for Impact Assessments (DPIAs)

  • Users can now version and track changes to DPIAs with new functionality that includes:

    • The ability to create a new draft from an approved assessment, enabling updates while preserving the original

    • A History tab that shows previous versions and allows users to navigate, compare, or discard drafts

  • This improves collaboration, audit tracking, and iteration on high-impact privacy documentation.

Week of January 11, 2026

AI Auto Consent & Provisioning Agents (Shadow Mode)

  • Users in the SOC 2 Studio Pilot can now benefit from AI-driven provisioning agents that run on domain creation. These agents scrape publicly available company data to auto-generate SOC 2 policies and scope relevant controls. Though currently running in shadow mode (not yet applying changes), these agents are designed to reduce setup time and tailor compliance programs instantly. Core and Core Plus domains are auto-opted into AI features and shown an informational banner upon login.

Approval Workflow for Impact Assessments

  • Users can now assign approvers and track approval status directly within the impact assessment workflow, using the same intuitive experience already available for policies. This replaces the need for external documents or spreadsheets, improving accountability and documentation.

Auto-Generated Agent Conversation Titles

  • Users will now see descriptive, auto-generated titles for their Vanta Agent conversations based on the context of the exchange. This makes it easier to identify, revisit, and manage past conversations across various workflows.

Globally Available Vanta Agent

  • Users can now access the Vanta Agent from anywhere in the platform via the top navigation. The agent is context-aware and offers relevant prompts based on the page you’re on, helping users get assistance and next steps without interrupting their workflow.

Link Existing Jira Issues to Documents

  • Users can now link existing Jira tickets to Vanta documents, improving traceability and removing the need to create duplicate tickets. This makes it easier for Program Managers to track documentation-related tasks alongside project workflows.

Personnel Tools for Vanta Agent

  • Users can now ask the Vanta Agent questions about personnel, such as task completion, security training progress, background checks, and device assignments. The agent can also return filtered personnel lists and provide policy acceptance rates, helping admins monitor compliance via natural language.

Revamped Personnel Offboarding Page UX

  • Users will see a refreshed offboarding experience with improved UI and functionality. Key updates include:

    • Enhanced visibility into accounts, roles, and vendor risk

    • Integration refresh timestamps and one-click refreshes

  • This improves clarity, supports scaling, and aligns with upcoming access deprovisioning features.

Linking Impact Assessments and Processing Activities

  • Users can now link impact assessments to processing activities and vice versa. This includes creating assessments directly from activities, navigating between linked items, and viewing link status from the impact assessments table—streamlining privacy workflows.

Scalable Product Tests

  • Users with large data volumes will benefit from redesigned product test infrastructure, which now supports paginated processing. Early results from the “No Limits” initiative show a 93% reduction in daily test failures. Previously unresponsive tests are now running reliably for over 50 affected customers.

Week of January 4, 2025

Simplified Navigation

  • Users on Essentials or Plus plans pursuing first-time compliance will now see a more focused navigation experience. Non-essential nav items are hidden initially and revealed as key milestones are completed. This progressive disclosure approach reduces cognitive load, accelerates activation, and helps users build momentum. Customers can disable this feature in settings if they prefer full platform access.

Tests QoL Improvements

  • Users will experience several quality-of-life improvements across the Tests experience:

    • Edit names and descriptions of custom tests post-creation

    • See the test author in the test details view

    • Deactivate original tests when duplicating as part of the copy flow

    • Bulk-add subscribers from the tests list view

  • These updates streamline test management and improve traceability and collaboration.

Adaptive Scoping for Business Units (Public Preview)

  • Users can now define separate framework and asset scopes by business unit within a single workspace. This new capability allows organizations with complex structures to manage distinct compliance needs without duplicating frameworks or workspaces. Segment assignments are visible across core Vanta objects, and support for business unit–level audits and evidence is planned in upcoming releases.

Basic POA&M Management

  • Users can now create issues using a new POA&M (Plan of Action & Milestones) template, enabling structured tracking of compliance gaps required by frameworks like FedRAMP, NIST 800-53, and CMMC. The update supports:

    • Structured fields for regulatory metadata

    • Backdating issue detection

    • Enhanced export functionality

  • This is part of a broader initiative to support federal agencies and regulated industries.

December 2025

Week of December 21, 2025

Improved Questionnaire Table for TPRM Security Assessments

  • Users can now clearly distinguish between AI-generated, Vendor-provided, and internal answers in the Suggested Answer column via leading icons. Additional enhancements include:

    • Optional toggles to view AI and Vendor answers in separate columns

    • Full visibility into Flagged Findings without needing to click through

    • CSV exports now include AI answer, Vendor answer, and Flagged Findings columns

  • These changes improve usability and transparency during security reviews.

Vanta Agent for TPRM Security Assessments

  • Users can now engage with an experimental Vanta Agent tailored for Security Assessments. This interface allows users to:

    • Ask follow-up questions

    • Compare vendor and AI answers

    • Analyze SOC 2 exceptions and findings

    • Query across metadata, evidence, and summaries

  • This new agent brings consistency to the “Ask Vanta AI” experience and will eventually be integrated into the main Vanta Agent based on feedback and iteration.

QAuto: Limit Ask-in-Slack to a Single Channel with Optional Auto-Reply

  • Users can now configure Ask-in-Slack to post only in one designated Slack channel, keeping security and compliance questions centralized. An optional auto-reply feature also ensures that questions posted in the channel, without using the Slack command, are captured and responded to, improving visibility and reducing manual overhead.

Week of December 14, 2025

BU Asset Pages: /computers, /access, and /vulnerabilities Now Use Segments

  • Users with multiple business units will now see segments instead of frameworks when viewing the /computers, /access, and /vulnerabilities pages. This change aligns asset visibility with business unit scoping and helps customers better understand how their resources are organized.

Automated Test for Data Inventory in Privacy Frameworks

  • Users can now rely on a new automated test that periodically evaluates the state of their data inventory. This replaces the previous document-based test, offering continuous monitoring and faster issue detection. A banner in the data inventory evidence request guides users to the new setup.

Vanta Agent Supports Issue Management Queries

  • Users can now query issue metadata directly through the Vanta Agent using natural language. The agent can surface counts, trends, ownership details, and statuses, making it easier to analyze issues without filtering, exporting, or reviewing them manually.

Deprecation of Draft Reviews in TPRM

  • Users will no longer see the “Draft” state for third-party risk management reviews. Instead, reviews will follow a simplified status model: Not Started, In Progress, and Complete. This change improves clarity and sets the stage for upcoming enhancements like support for multiple assessments.

QAuto: Quick-Add to Answer Library from a Questionnaire

  • Users can now add responses to the answer library directly while filling out a questionnaire. This makes it easier for SMEs to capture reusable answers at the moment they are written, without relying on the pending review queue. Future updates will introduce Vanta Agent-suggested knowledge base updates based on response activity.

New Vanta-Built Kolide MDM Integration

  • Users now have access to a new first-party Kolide integration built by Vanta, replacing the previous third-party version. Key improvements include:

    • Device group filtering

    • Support for Windows, Linux, and macOS devices

    • A more extensible foundation for future updates

  • This update improves device trust accuracy and gives teams more control over fleet management.

Week of December 7, 2025

Removing the MSP “Cart” Experience

  • Users managing domains via the MSP console will now see those domains provisioned directly through SFDC by Vanta sellers. This change eliminates the old “cart” experience, reduces delays in SKU availability, and ensures product access aligns with billing. As part of the update, over 1,200 domains were corrected to fix previously unpaid or misaligned entitlements.

Vanta Agent Can Edit Policies

  • Users can now ask the Vanta Agent to directly edit policies. By prompting the agent (e.g., “can you fix this contradiction for me?”), the agent will draft the edits, show proposed changes for review, and update the policy, eliminating the need to manually copy text or navigate to the Policy Builder.

BU Asset Pages: /people/people and /people/groups Use Segments

  • Users with multiple business units will now see segments instead of frameworks on the /people/people and /people/groups pages. This change improves clarity around resource scoping for organizations using Framework Scoping with multiple BUs.

QAuto/CTM AI: New Agentic Answer Pipeline

  • Users now benefit from an upgraded answer pipeline for Question Automation, replacing the legacy RAG system. This rollout improves response accuracy, context understanding, and clarity. It also sets the foundation for future enhancements like SME assignment, live data integration, and flagging answers that need human review.

Expanded Document Descriptions

  • Users will now see clearer guidance when uploading evidence, including four new components: a short description, implementation guidance, evidence collection tips, and a downloadable template (if applicable). This change helps streamline uploads across 5,000+ documents and 44 frameworks.

Performance Improvements to Inventory and Vulnerabilities Pages

  • Users will experience faster load times on key pages:

    • Vulnerabilities findings-by-asset loads 77% faster (p95: 10.13s → 2.32s)

    • Inventory page loads ~70% faster (p95: 9.52s → 2.93s)

Additional backend optimizations removed high-cost queries and improved system reliability—eliminating timeouts for many large customers.

Enterprise: Oracle OC19 and DRCC Support

  • Users can now connect Oracle’s EU Sovereign Cloud (OC19) and Dedicated Region Cloud Customer (DRCC) offerings to Vanta. This extends support for advanced Oracle deployments and makes Vanta the only GRC platform supporting these enterprise-specific OCI environments.

Audit Creation by Program Segments

  • Users with multiple business units can now create audits by program segment instead of framework. The UI now shows audit names by segment, supports filtering by business unit, and displays scope summaries on audit cards—enhancing clarity and flexibility for large organizations.

Week of November 30, 2025

Segmented Control Statuses on the Frameworks Page

  • Framework Scoping customers will now see accurate, framework-specific control statuses and evidence readiness directly on the Controls tab of the Frameworks page. Previously, users had to hover over each control to view the relevant framework status, and evidence readiness was hidden entirely. With this update, customers gain immediate clarity into their control progress for each framework, helping teams prioritize effectively and reduce confusion during audits.

Connect Microsoft Azure to Vanta in Under 5 Minutes

  • Users can now connect Azure to Vanta in less than 5 minutes, thanks to a streamlined setup experience. Improvements include smart defaults that guide users to the best connection path, and a simplified Cloud Shell script that provisions all required permissions with a single command—reducing manual steps and setup time by more than half.

Custom Note on Personnel Records

  • Users can now add free-form custom notes to personnel records, creating a permanent space for internal context such as employment status changes, test users, or duplicates. This makes personnel tracking more accurate and audit-ready without relying on external documents.

Upgraded Evidence Generation from Automated Tests

  • Users will now see a new Evidence tab across all tests, featuring:

    • A complete structured table of evaluated resources and results

    • Visibility into out-of-scope resources to explain test outcomes

    • Workpaper exports that meet auditor standards

    • Clear test criteria descriptions and a more intuitive UI with side panels
      These improvements significantly reduce audit prep time and improve trust and clarity for both customers and auditors.

Datetime Support for Custom Tests

  • Users can now use datetime values when writing custom tests. This unlocks scenarios like testing SLA timelines or verifying time-sensitive controls—previously not possible with existing data types.

Data Inventory + ROPA Management in Privacy Frameworks (GA)

  • Users can now manage a full data inventory, including importing/exporting ROPA, directly within Vanta's privacy frameworks. This helps streamline privacy compliance with built-in test coverage and data organization.

BU Asset Pages for /inventory and /code-changes

  • Users with multiple business units will now see segments (instead of frameworks) in the /inventory and /code-changes pages. If a customer only has one or fewer business units, the framework view remains unchanged to avoid unnecessary disruption.

Segmented Statuses on Frameworks Page Controls Tab

  • Users using framework scoping will now see framework-specific control statuses in the Controls tab of the Frameworks page. This ensures accuracy in evidence readiness and status reporting per framework.

November 2025

Week of November 23, 2025

Assign Vanta Teams as System Reviewers in an Access Review

  • Vanta Teams can now be designated as system reviewers during an access review. When a team is assigned, every member gains the ability to review accounts for that system and record any access changes. Notifications are sent to all team members either by email or to a selected Slack channel, creating a more coordinated and visible review process.

Issue to Policy Mapping

  • Users can now link issues directly to policies from within the Issue Management and Policies modules, completing the chain between policies, controls, risks, and issues. This gives customers a connected view of their compliance posture: when an issue appears, they can immediately identify the governing policy along with its approver and status. The linking experience follows the established control and risk mapping flow, making it intuitive to adopt. AI suggested policy mappings will be added soon.

Week of November 16, 2025

Business Units Scope Overview

  • Customers can now see changes to scope on a per-business unit basis. This affords a more streamlined process for making changes to scope and clearly seeing the updated metrics & activity.

Surfacing accounts from Access Requests in Personnel Offboarding

  • Vanta now surfaces manual accounts (i.e. those from non-integrated systems) from Access Requests in our Personnel Offboarding tool. For customers using Access Requests, this is a huge increase in visibility into who has access to what and ensuring personnel are offboarded securely and seamlessly.

Approver as an Object-Level Role (on Policies)

  • Approver is now an object-level role, live on policies, that can be assigned to Collaborators. Approvers have view & comment access and are granted approve/reject permissions when it's their turn in the approval chain.

Privacy ROPA export

  • Allows users to export their ROPA as an XLSX file during audits or investigations to help prevent penalties.

Week of November 9, 2025

Test Author Visibility for Custom Tests

  • Users will now see the name of the author who created a custom test in the test details view. This only applies to newly created custom tests going forward and will not retroactively apply to existing tests created before this feature was introduced.

TPRM Navigation

  • Users can now manage their entire vendor ecosystem from a unified view within TPRM. This redesign merges Discovery, Procurement, and Managed Vendors into one streamlined experience. It also introduces Continuous Monitoring from the Riskey acquisition, aggregates findings across vendors, and sets the foundation for expanded workflows like multi-assessments and findings management.

Approve Trust Center Access Requests in Slack

  • Users can now approve or deny Trust Center access requests directly in Slack with one-click actions. Slack notifications display all necessary context to support informed decisions without leaving the chat flow.

Vanta Agent Can Now Create Policies

  • Users can now ask the Vanta Agent to generate custom policies, such as "Draft a vendor management policy" or "Create a policy for remote work security." The agent produces a tailored, editable policy—reducing the need for manual drafting or template customization.

QAuto: Daily Reminder Digest for Questionnaire Owners and Approvers

  • Users will now receive a daily email or Slack digest summarizing questionnaires that require attention:

    • For owners: Triggered when the due date is within 7 days or past due, and status is one of: Needs column selection, In progress, or Approved

    • For approvers: Triggered under the same date logic when status is: Ready for review or In review. This helps users stay on top of deliverables and avoid missing deadlines.

Week of November 2, 2025

Connect Google Cloud Platform (GCP) to Vanta in Under 5 Minutes

  • Users can now connect Google Cloud Platform (GCP) to Vanta in under 5 minutes, thanks to a streamlined flow with smart defaults, a simplified experience, and a new Cloud Shell script that automates policy and role setup.

CTM: Allow employees to ask questions directly in Slack

  • Users can now ask security and compliance-related questions directly in Slack, powered by Vanta’s CTM knowledge base. This enables employees to get fast, accurate answers using approved company information, all within existing workflows.

New Package: Enterprise (Internally: Modular Enterprise) - Replacing Scale and the old “Enterprise GRC” packages

  • Users now have access to Vanta’s new Enterprise package (Modular Enterprise), which replaces the Scale and previous Enterprise GRC packages. It offers a core platform with modular add-ons aligned to outcomes like Risk Management, TPRM, Trust Center, and Questionnaire Automation, enabling tailored solutions based on customer maturity and needs.

Pulling Leave and Personal Emails from HRIS

  • Users with updated HRIS integrations (Bob, Personio, PayFit, Employment Hero, Rippling, Trinet) can now pull leave data and personal email addresses into Vanta’s Personnel tab. This helps pause compliance tasks during leave and ensures contact info accuracy, improving task tracking and reducing false compliance failures. A reconnection to the HRIS integration is required to access these updates.

October 2025

Week of October 26, 2025

Custom Test Creation Now Available Without Admin Access

  • Users no longer need Admin-level access to create custom tests. With this update, any user assigned a custom role that includes “View and edit” permissions for “Tests and Documents” can now create and manage custom tests making it easier to delegate test creation across teams while maintaining permission boundaries.

[Public Preview] Vanta Agent now has frameworks & control context

  • Users can now access framework and control-aware responses from the Vanta Agent (Public Preview). The agent uses additional context like framework requirements and control mappings to deliver more tailored, GRC-savvy responses across the Policies, Controls, and Frameworks pages.

CTM: Track questionnaires at the account level

  • Users can now track questionnaires at the account level in CTM. This adds visibility alongside existing Trust Center access, activity, and customer commitments—laying the foundation for ROI reporting, CRM enrichment, and future trust lifecycle automation.

Github Streamlined Connection Flow

  • Users can now connect GitHub through a simplified OAuth flow that eliminates redundant configuration steps, making it much faster to complete setup. Additional improvements are planned, including repo selection UI and modal-based flows.

Evidence eval quality enhancements: reduce false positives in analysis

  • Users will see improved accuracy in evidence admissibility checks, thanks to quality enhancements that reduce false positives by approximately 50%. The updated pipeline focuses on broader criteria for audit readiness.

Bedrock AI Model Inventory (progressive rollout)

  • Users leveraging AWS Bedrock will now see a new inventory tab that tracks AI models in use, with metadata like last use, detection date, usage frequency, and export support. This data can also be pulled into custom tests. (Progressive rollout underway)

Week of October 19, 2025

Import from ROPA

  • Users can now import data inventory directly from their ROPA spreadsheet, simplifying onboarding and making the transition from manual tracking to Vanta smoother and faster.

CRI 2.1 New Framework (Cyber Risk Institute)

  • Users can now adopt the Cyber Risk Institute (CRI) Profile v2.1 framework in Vanta, with 319 mapped controls, full support for all four impact tiers, AI-powered evidence collection, and cross-framework mapping (45% overlap with NIST CSF, 50% with SOC 2, 55% with ISO 27001).

Trust Center Layout Customization

  • Users can now fully customize their Trust Center layout with a new “Customize layout” option, enabling drag-and-drop section reordering, section visibility toggles, and live previews before publishing.

Custom fields for processing activities

  • Users can create and manage custom fields for processing activities in the Data Inventory, assign values, and view them within the ROPA dashboard for greater tracking flexibility.

QAuto: Attach supporting evidence and documentation when requested

  • Users can now attach supporting documentation to QAuto responses, either by uploading new files or linking to their knowledge base. Final exports include the questionnaire and all supporting evidence in a zip file, along with a portal-ready download guide.

FedRAMP 20x Low + Moderate New Framework

  • Users now have access to the FedRAMP 20x Low and Moderate frameworks, including full control inventories and baseline toggling. With automation coverage expanding next quarter, teams can meet PMO thresholds and accelerate submissions.

Integration & Control filters on Tests page are now multi-select

  • Users can now apply multiple filters simultaneously for both Integrations and Controls on the Tests page, allowing for more refined test views and easier navigation.

Customizable Policy Renewal

  • Users can now set customizable policy renewal cadences, including options like quarterly, monthly, or every two years—expanding flexibility beyond the default annual renewal schedule.

Performance improvements to the computers page

  • Users will experience significant performance improvements on the Computers page, with load times dropping below 4 seconds even for large environments (e.g., 80k+ computers now load in under 1 second).

Domain Inventory from Cloudflare

  • Users connected to Cloudflare will now see domain inventory in Vanta, including whether domains are proxied and protected (e.g., WAF, DDoS). Vanta also introduces three new tests for verifying Cloudflare protections and supports this data in custom tests.

Week of October 12, 2025

Vanta now has 400+ integrations in our ecosystem!!!

  • Users now benefit from Vanta’s integration ecosystem surpassing 400 integrations, enabling automated evidence collection, reduced manual effort, and continuous audit readiness across the broadest tech stack in the trust management space.

Controlled Audit View GA

  • Users can now use the Controlled Audit View (GA) to limit auditor visibility on population pages. Auditors can self-serve basic sampling data (e.g., names and hire dates) but must explicitly request sensitive fields. Customers can also set a default audit view that auditors cannot override.

Evidence Eval: Support for auto-running evaluation and URL uploads

  • Users can now evaluate evidence from URLs and benefit from automatic evidence evaluation when documents are uploaded—streamlining workflows and reducing the need for manual review steps.

Existence Custom Tests (fka Any/All)

  • Users can now create Existence Custom Tests (formerly Any/All tests), which pass when any entity meets the criteria. This allows teams to verify the existence of roles, users, or other minimum conditions without requiring full compliance from all entities.

Native Tasks in Issue Management

  • Users can now create and manage native tasks directly within Issue Management, making it easier to track resolution efforts, assign responsibility, and keep work centralized in Vanta.

Create Jira tasks from Issues

  • Users can now create Jira tasks directly from Vanta Issues, enabling streamlined cross-tool task tracking and better alignment between security and engineering workflows.

Week of October 5, 2025

Processing Activity Data Inventory Landing Page

  • Users can now access a new Processing Activity Data Inventory landing page, which includes an overview of activities, the ability to create or edit standalone activities, and cross-linked views between activities and processors for easier navigation.

Team Notification Preferences

  • Users can now manage team notifications in a new Notification Preferences section under Team Settings. Team Admins can toggle specific alerts, including team assignment, membership changes, tasks needing attention, or task completion.

Test Filters for Custom Tests

  • Users can now add filter logic to custom tests to target specific resource subsets (e.g., only production environments), keeping evaluation logic clean and relevant.

Auto Scoping for Personnel

  • Users now benefit from faster, more reliable Auto Scoping for Personnel (GA), with instant scope updates across linked assets and improved alignment between personnel and compliance coverage.

Framework Scope Overview

  • Users can now view a Framework Scope Overview that shows total and percentage of scoped systems and people, plus a log of who made changes and when enhancing shared visibility and audit readiness.

QAuto: Improved AI source citations

  • Users will see improved AI source citations in QAuto, with reference lists now showing only sources actually used in the AI-generated answer, increasing transparency and trust.

Custom Resource Types

  • Users can now add custom resource types to their evidence list, including within the evidence request workflow, allowing greater flexibility in how compliance artifacts are tracked.

Vanta MCP Server: coverage for risks, vulnerabilities, people, documents, and integrations

  • Users can now query risks, vulnerabilities, people, documents, and integrations using the Vanta MCP Server. This enables advanced AI-driven use cases like generating GRC reports, checking test failures before deployment, and verifying access controls all from within external tools.

CTM AI: External web page sources for the knowledge base

  • Users can now add external web pages as sources in the CTM knowledge base. These are indexed daily and currently support Questionnaire Automation, with plans to extend to the Trust Center and chatbot in the future.

September 2025

Week of September 28, 2025

Collaborator role for Issues Mgmt

  • Users can now assign team members as Collaborators in Issue Management. Collaborators have object-level access only to specific issues they’re assigned, enabling Admins and Editors to delegate responsibilities without granting full module access.

TPRM Questionnaire Question Reordering / Duplication

  • Users can now duplicate and reorder questions in the TPRM questionnaire builder, allowing for faster setup, easier editing, and more streamlined questionnaire workflows.

Week of September 21, 2025

Workspaces improvements

  • Users will now experience improved performance and security in Workspaces, including faster load times (P95 reduced to 2.5s), reduced data access risk through a new GraphQL Workspaces type, and a simplified Users page to reduce confusion and support overhead.

[Issue Mgmt] Ability to filter and tag issues by source

  • Users can now filter and tag issues in Issue Management by source, selecting from Internal Audit, External Audit, Incident, or Other. This new “Issue Source” field also appears in CSV exports and can be used to filter issues directly in Vanta for better tracking and reporting.

QAuto: Redesigned response experience

  • Users will see a redesigned experience in Questionnaire Automation, moving from drawer-style to inline card-style responses for easier review and bulk actions. Users can now search the answer library directly from the response panel and enjoy a more collaborative editing experience.

Moxso Security. Awareness Integration

  • Users can now connect Moxso to Vanta via a new Security Awareness Training integration that passes SAT information for easier tracking and evidence collection.

LatticeFlow Access Integration

  • Users can now integrate LatticeFlow with Vanta via a newly built access integration, enabling marketplace visibility and access monitoring.

Watchpoint Vulnerability Integration

  • Users now have access to a live vulnerability integration with Watchpoint, allowing customers to connect and monitor their security findings through Vanta.

Week of September 14, 2025

ABV integration

  • Users can now integrate ABV as a partner system in Vanta. This access integration supports mutual customers and is part of ABV’s participation in the channel program.

Vanta Exchange Secure Login

  • Users can now restrict access to specific Vanta Exchanges using domain-based secure login. External users must log in via a magic link and only individuals from specified domains (e.g., @aws.com) can gain access—improving privacy and control during security reviews.

Week of September 7, 2025

TPRM Security Review Redesign

  • Users will now experience a redesigned TPRM Security Review workflow that automatically takes them to the exact step they last completed, eliminating the need to click through multiple screens. The improved UI clearly separates completed, pending, and upcoming tasks—making reviews faster, easier, and more focused on risk assessment.

Data inventory & ROPA builder (Early Access)

  • Users in early access can now build a data inventory and generate a ROPA directly in Vanta. This feature allows customers to define their personal data processing activities and associated vendors, import existing spreadsheets, and prepare regulator-ready reports—laying the groundwork for future automation and more sophisticated privacy management.

August 2025

Week of August 31, 2025

Expanding Access: Issue Management for Editors

  • Users with the Editor role can now access and manage the Issue Management module, allowing them to create, update, and oversee issues directly. This change improves collaboration and gives teams more flexibility without needing Admin or Manager permissions.

SentinelOne Alerts Management (Public Preview)

  • Users can now view and manage SentinelOne alerts in public preview. These alerts appear in the CSPM Alerts page, allowing customers to monitor severity-based SLAs, track findings, and manage remediation efforts more effectively.

Week of August 24, 2025

Tailscale (Access)

  • Users can now connect Tailscale to Vanta, syncing user accounts hourly to monitor access and confirm deprovisioning when personnel leave. Compliance tests include checking linked Tailscale accounts and confirming proper deactivation.

Keeper Integration (Access)

  • Users can now integrate Keeper via SCIM, syncing users and groups hourly into Vanta to track account access and automate compliance evidence for offboarding and access monitoring.

Bocada integration

  • Users can now list Bocada as an integration partner via an access-only integration, kicking off our collaboration while schema-level mapping is still in development.

Compliance Roadmap Improvements for clarity & engagement

  • Users will see an improved Compliance Roadmap experience, with simplified UI, clearer task tracking, more intuitive language, and redesigned auditor steps to increase clarity and reduce friction—especially for first-time compliance customers.

Bulk mark personnel as service accounts

  • Users can now bulk-mark personnel as service accounts (or revert them back) in one click, making it easier to manage large personnel lists in the Personnel Hub.

Trust Center: Granular Subscription to Updates

  • Users can now offer granular subscription options in their Trust Center, allowing buyers to subscribe to only the updates they care about instead of receiving all content.

View-Only Access to Framework Scoping

  • Users with limited permissions can now view framework scoping settings without being able to make changes, providing visibility while maintaining access control.

[Trust Center Private Preview] More granular design customization

  • Users in the Trust Center Private Preview can now customize more design elements, including buttons, fonts, colors, and borders—enabling tighter brand alignment.

CTM: Knowledge base ownership and verification

  • Users now benefit from structured governance in the knowledge base, with ownership assignment, visibility into content health, and automated re-verification to ensure accuracy over time.

HirePass Integration

  • Users can now integrate with HirePass, thanks to their implementation of Vanta’s Background Check schema using the Connectors API.

Corrective action card to Issue Mgmt

  • Users can now document corrective actions in a dedicated card in Issue Management, making ISO-aligned records easier to maintain and improving audit readiness.

Code Changes Scoping

  • Users will now see code changes filtered by scoping and segmentation tags, aligning pull requests with parent repo scoping on the /code-changes page for more accurate audit views.

Week of August 17, 2025

Policy Library

  • Users can now manage Vanta standard policies through the new Policy Library, giving them full control to add or remove Vanta policies from their program as needed—keeping the policies page clean and aligned with GRC program maturity.

Policy management & collaboration improvements

  • Users benefit from two major policy management upgrades:

    • Direct policy linking on control drawers now includes auto-generated rationale, giving users immediate context without extra clicks.

    • Comments on policies allow teams to tag collaborators with @mentions and view a centralized comment thread—including messages from the approval process—for better cross-functional collaboration.

TPRM Continuous Monitoring Alerts

  • Users now receive TPRM Continuous Monitoring Alerts when a high-risk vendor receives a new high-severity finding. Alerts appear on the Overview and Managed Vendors pages, and can be filtered by category, severity, and vendor risk—centralizing urgent vendor insights.

Improved test formatting in Issue Mgmt (QOL release)

  • Users will now see improved formatting in Issue Management, as line breaks and paragraph spacing are preserved in long text fields—making issues clearer and easier to read.

Week of August 10, 2025

TPRM: See Vendor Subprocessors

  • Users can now view vendor subprocessors in TPRM, including available details like product names, processing purposes, and geographic locations—giving better insight into a vendor’s extended risk surface.

[GA] Trust Center Accounts + Account Workflows

  • Users can now manage Trust Center Accounts and Account Workflows (GA) to track trust engagement across accounts, manage NDAs and access per account, and monitor activity like Trust Center views and questionnaire submissions. This lays the foundation for a future “Security CRM.”

New User Control Scoping

  • Users can now complete control scoping via a new survey at the start of the compliance roadmap, or within compliance settings. Based on their answers, Vanta will automatically unmap unnecessary controls, tests, and evidence—saving time and improving program relevance.

Issue mgmt due date filter

  • Users can now filter issues by due date in Issue Management, such as upcoming deadlines (e.g., next 7 or 30 days) or past-due tasks. This powers visibility on the My Work page for better prioritization and follow-up.

Comments on Issue Mgmt

  • Users can now leave comments directly within Issue Management, allowing teams to discuss, assign ownership, and document decisions within a single issue thread—no more switching tools.

Killing the Public GraphQL API

  • Users will no longer have access to the public GraphQL API, which has now been fully deprecated as part of the EI 2 initiative. All requests are redirected to use Vanta’s REST API going forward, simplifying development and support.

Assign teams as system approvers/admins for Access Requests

  • Users can now assign Vanta teams as system approvers or admins for Access Requests, allowing any member of the assigned team to act on requests and receive email or Slack notifications.

My Work

  • Users now have access to My Work, a dedicated page showing all assigned work (including team-related items), grouped by urgency with filters like “Needs my approval.” Collaborators now land on this page by default to stay focused without needing admin help.

Week of August 3, 2025

Submit access requests on behalf of others

  • Users can now submit access requests on behalf of others, with updated flows in both the Vanta app and Slack showing who submitted the request and who it’s for—streamlining delegation and approvals.

Exporting security review question and answers in TPRM

  • Users can now export question-and-answer content from the security review flow in TPRM, making it easier to share vendor responses externally or retain them for offline review.

Vanta Agent - SLA Remediation

  • Users can rely on Vanta Agent to automatically detect and surface SLA mismatches between policies and SLA settings, offering one-click fixes with before/after views—enabling proactive remediation without manual prompts.

July 2025

Week of July 27, 2025

Auto Scoping for Personnel [Open Preview]

  • Users can now auto-scope personnel with two new features in open preview: Bulk Group Updates for streamlined configuration across employee groups, and Auto-scoping to keep devices and accounts in sync based on employee ownership.

Vanta Agent - Policy Chatbot

  • Users can now chat with the Vanta Agent directly in Policies to ask plain-English questions and receive concise, sourced answers pulled from both approved and draft policies, improving policy access and internal clarity.

Structured access levels for Access Requests

  • Users can now configure structured access levels in Access Requests, requiring requesters to specify predefined access levels and enabling approvers to review exact entitlements—creating strong audit trails and improved verification for integrated systems.

Week of July 20, 2025

Public preview: TPRM - Vendor AI Answers

  • Users can now preview AI-generated answers in the vendor portal via TPRM Vendor AI Answers (public preview), reducing manual effort by pre-filling responses once evidence is submitted.

Support file uploads in Issue Mgmt

  • Users can upload supporting files (e.g., screenshots, PDFs, docs) directly to issues in Vanta, creating a centralized and audit-ready record of issue remediation.

Vanta Agent - SLA remediation beta

  • Users can now proactively fix SLA mismatches between policies and Vanta settings with the Vanta Agent SLA Remediation beta, accessible via the new “AI insights” banner in the Policies tab.

Private Preview: Automate spreadsheet questionnaires with custom dropdown responses

  • Users in the private preview can now automate spreadsheet questionnaires with custom dropdown responses using QAuto, allowing Vanta AI to select the most relevant predefined value and apply it directly in the export.

Inline Citations for TPRM AI

  • Users now see inline citations in TPRM AI answers, clearly referencing the specific evidence and page location used to generate each response—making verification faster and easier.

Tag awareness for the Trust Center chatbot

  • Users benefit from improved accuracy in the Trust Center chatbot, which now respects applied tags to ensure it only surfaces relevant, tagged resources.

Week of July 13, 2025

Issues .csv download

  • Users can export all issues and their metadata to CSV, simplifying external analysis, audit prep, and offline tracking.

Policies REST API

  • Users can now query the status of their policies via Vanta’s REST API with two new endpoints: List policies and Get policy by ID, enabling deeper integration and automation.

Private Preview: Chatbot for Public Trust Centers

  • Users in the private preview can now enable chatbot functionality on public Trust Centers, with safeguards to ensure only publicly available information is referenced.

QAuto: Vanta Agent answering experience

  • Users now experience a more transparent AI workflow in QAuto with the introduction of the Vanta Agent answering experience, setting the stage for interactive and multi-step AI capabilities.

Week of July 6, 2025

Issue to risk mapping

  • Users can now map issues directly to risks in the Issue Management module, providing better visibility into how individual issues impact broader compliance objectives.

Control history visibility setting

  • Users on Growth+ plans can now control whether control history is visible to auditors via a new setting in the Audit Visibility section. This setting is off by default.

Access Requests Export

  • Users can now export all access requests directly from the Access Requests page for easier reporting and tracking.

QAuto: Improved automatic answer length/verbosity

  • Users benefit from improved QAuto responses thanks to a new AI classifier that determines optimal verbosity before answer generation, resulting in more reliably formatted answers.

Answer Library CSV Export

  • Users can now export their filtered Answer Library as a CSV, making it easier to generate custom reports or maintain offline backups.

Performance improvements to the Policies Page

  • Users will experience significantly faster load times on the Policies Page following recent performance improvements, supporting larger orgs with extensive user and policy data.

June 2025

Week of June 29, 2025

Adaptive Framework Scoping: Mark All In/Out by Resource Group

  • Users can now bulk mark resources in or out of scope by resource group using Adaptive Framework Scoping, simplifying setup for frameworks like PCI and ISO 27017 and enabling precise, efficient configuration across large environments.

Code Changes for Azure DevOps // Start of `/changes` deprecation

  • Users now have access to redesigned /code-changes auditor pages (beta) offering improved control, clarity, and exportability, with added support for Azure DevOps including accurate parsing of review groups for robust compliance checks.

Pen Test Import v0

  • Users can now access Penetration Tests directly from the Assets > Vulnerabilities section, streamlining visibility and laying the groundwork for enhanced pen test support and findings tracking in Q3.

Wiz Vulns and Alerts GA!

  • Users can now access Wiz Vulnerabilities and Issues as the integration enters GA, expanding availability to all customers after months of refinements and successful adoption by over 150 teams.

Week of June 22, 2025

Risk report filter expansion to all charts

  • Users can now apply owner, category, and status filters across all charts in the risk report, enabling more consistent and tailored risk insights.

QAuto: Automatically detect columns in spreadsheet questionnaires

  • Users can now leverage Vanta AI to automatically detect column types in spreadsheet questionnaires, streamlining setup and moving closer to fully automated questionnaire completion.

Week of June 15, 2025

Test SLA Customization

  • Users can customize a test’s SLA category, allowing them to adjust its priority or assign a different SLA based on their organizational needs.

Oracle Cloud GA

  • Users can now integrate with Oracle Cloud at GA, featuring new product tests, expanded support for networking components, region editing, multi-tenant configurations, and more bringing Oracle in line with other cloud integrations.

Customers can limit auditor actions

  • Users can now restrict auditor actions in Vanta with new compliance settings that prevent auditors from creating audits, modifying controls, or adding additional auditors.

Week of June 8, 2025

Test Details: Failing Entities by Segment

  • Users can now view failing test entities by segment on the Test Details page, enhancing visibility into which scoped resources are out of compliance and improving clarity across segments.

New Framework-specific Tests Table

  • Users can access a new framework-specific tests table that displays only tests relevant to a given framework, with accurate statuses and direct links from the overall tests table for streamlined navigation.

GDPR Policies now in Policy Builder

  • Users can now access GDPR-specific policies in Policy Builder, expanding the existing library with two new templates to support GDPR compliance alongside SOC 2 and ISO 27001. All templates include updated editing guidance to align with GDPR requirements.

Comment Notifications

  • Users can stay on top of collaboration with the new Comment Notifications inbox, which consolidates all relevant comment threads in one place for easier tracking and responses.

Vanta MCP Server (Public Preview)

  • Users can now interact with Vanta data using LLMs via the Vanta MCP Server (Public Preview), enabling advanced workflows like audit prep and automated remediation directly in tools like Claude Desktop or Cursor.

Redesigned AWS Integration Overview Page

  • Users will see a redesigned AWS Integration Overview Page featuring a full-page layout with tabs for overview, capabilities, prerequisites, permissions, synced resources, and automation details streamlining decision-making and aligning with the content on vanta.com.

Week of June 1, 2025

More Personal Email Support for Merge HRIS Platforms

  • Users can now track personal emails in Vanta for 17 additional Merge HRIS platforms, expanding visibility into employee data across systems.

QAuto: Adjust answer columns and re-run AI answers without starting from the beginning

  • Users can now adjust answer columns in spreadsheet questionnaires and selectively re-run AI responses for unapproved answers, preserving approved content and reflecting the latest knowledge base updates.

TPRM: Marking a question as reviewed releasing this week

  • Users can now mark TPRM questions as reviewed, locking the primary answer to track progress and ensure stability in collaborative workflows, while still seeing the latest AI and vendor responses.

May 2025

Week of May 25, 2025

Comments on Risks and Controls

  • Users can now collaborate more effectively in Vanta by adding comments and tagging teammates directly on controls and risks, just like with audits and questionnaires. Notifications are sent as comments are added to keep everyone in the loop.

Risk Filter Update

  • Users can now customize their risk register and action tracker with an updated filter experience that reduces clutter by showing key filters by default and allowing additional filters to be added as needed. This update adopts Vanta’s new filter overflow pattern for a cleaner, more flexible interface.

View and Filter Personnel by Individual Security Tasks

  • Users can now view and filter the people table by individual security tasks, making it easier to track task completion across personnel. The table can also be customized to show the most relevant columns for quick insights into task-level progress.

QAuto: Adjust verbosity at the answer level

  • Users can now adjust the verbosity of individual QAuto answers by selecting from Concise, Standard, Extensive, or AI-recommended options. This manual control improves answer customization while helping train better automatic verbosity selection over time.

TPRM: Use Links with Vanta AI

  • Users can now leverage Vanta AI to auto-populate security questionnaires by submitting a link as evidence, enabling quicker insights into a vendor’s risk posture without waiting for additional documentation.

Week of May 18, 2025

Framework Scoping for 1st Party Integrations

  • Users can now apply framework scoping to all Vanta-built integrations, ensuring that only relevant data is monitored for compliance. All future first-party integrations will support this feature, with a few exceptions that don't import resources.

Week of May 11, 2025

Unified Permission Foundation: Org-Roles Now Powered by Oso

  • Users now benefit from a more scalable and secure role-based access system as all organizational role evaluations have been migrated to Oso, a centralized authorization engine. This upgrade standardizes permission checks, boosts performance, and lays the groundwork for advanced access control features.

Week of May 4, 2025

Improved comments notification copy

  • Users will now see the domain name in the subject line of comment notification emails sent to auditors, along with the object type name included in the email body for clearer context.

Personnel in-app hub

  • Users can now access an in-app hub within the People tab that provides step-by-step guidance and interactive tours to help new admins navigate personnel setup in Vanta.

Object-level owner role on controls (aka granular user access on assigned controls)

  • Users can now be assigned as owners of specific controls using object-level roles, granting them access only to those controls and their mapped evidence for more granular permission management. This enhancement enables precise delegation and supports least privilege by allowing control owners to reassign mapped tests and documents.

AI change summaries for streamlined approvals

  • Users can now leverage Vanta AI to generate draft approval notes by comparing the latest policy draft with the last approved version, highlighting key changes for easier review. For first-time policies, Vanta AI provides a summary instead.

Introducing support for Wiz Issues in Vanta

  • Users can now view Wiz Issues directly in Vanta through a new integration for Growth+ customers, enabling unified visibility into misconfigurations and risks alongside Wiz vulnerabilities. This feature supports filtering, pagination, and centralized risk monitoring while remediation continues in Wiz.

April 2025

Week of April 27, 2025

  • Users can automate how personnel request access to systems. Vanta routes requests to the right approvers and admins, tracks status, and simplifies provisioning.

Test Management by Framework Segment

  • Users can view test status, asset counts, and history by framework segment to simplify audit prep, support scalability, and keep compliance efforts organized.

Framework Scoping: Integrations scoping

  • Users can now filter scoped out integrations and accounts from the audit view. They won’t show up in product tests, or across any audit pages, providing a seamless framework scoping experience that just works (TM).

Week of April 20, 2025

SCIM support for Teams

  • Users can sync Vanta Teams to their IdP Groups via SCIM, enabling seamless and programmatic Team management as the customer’s organization grows and changes.

Scheduled delivery of Reports

  • Users can schedule reports to be emailed daily, weekly, or monthly, with each email linking directly to the live report in Vanta for up-to-date visibility across stakeholders.

Document Quick Views

  • Users see quick views on the Documents page that filter and display relevant documents and columns based on the actions they need to take.

Add messages to streamline policy approvals

  • Users have the ability to drop messages to their designated approvers so they can make a more efficient and informed approval decision.

Improvements to Control History

  • Users now see a detailed control history that logs changes to key fields and allows optional “reason for change” notes when tests or documents are unmapped.

TPRM: Questionnaire Library

  • Users can create questionnaires by choosing from a curated library built by Vanta SMEs, then customize them as needed—including options for general vendors and AI-specific use cases.

Week of April 14, 2025

SCIM support for Teams

  • Users can sync Vanta Teams to their IdP Groups via SCIM, enabling seamless and programmatic Team management as the customer’s organization grows and changes.

AI Control Mapping for Policies

  • If you are using Vanta's default template stack or bringing in your custom policies, you can use Vanta AI to help you map security controls back to the policy

Collaborator Role

  • The collaborator role is now available for object-level assignments and more granular access control within Vanta

Week of April 7, 2025

Compliance Roadmap

  • The test metric allows customers to easily assess their program's progress by providing the key metrics they need, all in one seamless location

Week of March 31, 2025

Report Center Metrics: Test Breakdown by Status

  • The test metric allows customers to easily assess their program's progress by providing the key metrics they need, all in one seamless location

March 2025

Week of March 24, 2025

Custom Metadata Fields: Vendor Risk Management

  • Users can now flexibly track any and all data they need to know about the vendor. They can choose from the following field types: text, date, number, and picklist.

Week of March 17, 2025

New Standard Vendor Fields: Vendor Risk Management

  • TPRM has two new standard fields: contract amount and vendor headquarters.

Preserving security reviews when merging vendors: Vendor Risk Management

  • When a user merges two vendors, they can preserve the security reviews, evidence, and findings from both vendors, ensuring they don't lose any of the due diligence they've done.

Week of March 10, 2025

Vanta Branded Engagement Letters

  • Customers activating their Trust Centers for the first time will find a resource document already created for them, affirming their engagement with Vanta and ongoing compliance efforts.

Week of March 03, 2025

Advanced tagging for Questionnaire Automation and Trust Center (GA)

Internal audit tag

  • Customers can select an audit type when creating an audit engagement in Vanta.

Team ownership for tests & documents

  • Customers can now create and assign Teams as owners of tests and documents.

Vendor Risk Management Slack notifications

  • Users receive Slack notifications when questionnaires are submitted and are notified when all evidence is available, and the security review is ready for analysis.

Trust Center: Hide full access requests

  • Trust Center admins now have the option to disable "Full access" on their public Trust Center

February 2025

Week of February 24, 2025

Merge.dev Multi-Tenancy Support

  • Vanta's new Merge.dev Multi-Tenancy Support enables seamless management of multiple instances of the same integration

Framework Scoping for MDMs

  • Customers can now scope JumpCloud resources by framework

Questionnaire Automation: Delete individual rows after import

  • After adding a questionnaire, customers can select response rows and delete them.

Vendor Risk Management

  • Vendor AI answers will be organized in bullet points

  • Users can choose to move a vendor from Discovery into Procurement, following the funnel and typical workflow of our users

Week of February 17, 2025

Framework scoping for Azure and GCP Organization Sub-accounts

  • Users can now scope individual accounts within organizations for GCP and Azure.

Framework scoping for GitHub Organizations & Projects

  • Users now have control over which frameworks they include their GitHub organizations and project assets in.

Framework scoping for AWS Organization Sub-accounts

  • With AWS organization sub-account scoping, users now have more granular control over their assets.

Week of February 10, 2025

Approval workflow for questionnaires

  • An approval workflow can now be facilitated within Questionnaire Automation. This workflow allows an approver to be assigned and notified when the questionnaire is ready for review with a new set of statuses to track and communicate each step of the process clearly.

Week of February 3, 2025

Bulk Reminders for the People Page

  • Admins can now send a bulk one-time reminder to specific people by selecting them on the People Page table. The admin can also select whether to send these reminders over Slack, email, or both (the reminder will default to their current personnel notification settings).

January 2025

Week of January 28, 2025

Sensitivity Flag on Documents Table

  • There is a new column in the documents table to indicate if a document is "sensitive"

Streamlined control mapping for policies

  • We’ve added an “Add Controls” button directly on the Policy details page

Transition flagged evidence back into "ready for audit"

  • Users can transition flagged evidence back into ready-for-audit; this lets them know that a piece of evidence is ready for another review, eliminating the need for back and forth between auditors and customers.

Week of January 20, 2025

Customers can filter their evidence list by 'auditor-created evidence.'

  • Users can filter evidence to view evidence created by the auditor

View-only permissions enabled in custom role-based access control

  • For each permission in a custom RBAC role, the admin can choose from “no access,” “view-only,” or “view and edit.”

Show risk ID when mapping risk scenarios to a control

  • When a user maps a risk to a control, they will be able to see the risk ID along with other pertinent information about the risk.

Week of January 6, 2025

New Documents page experience

  • Users are now prompted to add all relevant files to satisfy the document evidence request and mark it as complete before the document status changes to OK.