Vanta Release Notes
June 2026
Week of June 21, 2026
Commenting on Controls in Audit
Users and auditors can now leave contextual comments on individual controls directly within a Vanta audit, with threading and @mention support, giving both sides a structured place to discuss specific controls without resorting to email or Slack threads where context gets lost. Package: Professional, Enterprise (Modular)
Controls Export in Audit
Users and auditors can now export everything visible in the controls table directly from within a Vanta audit, giving them an easy way to plug the full control matrix into any audit report without manual copying or reformatting. Package: Professional, Enterprise (Modular)
Use Vanta's MCP Anywhere You're Already Doing Your Work
Users can now connect Vanta's MCP from any MCP-capable tool, not just officially supported ones, with a warning banner displayed when the redirect URL isn't one Vanta publishes and controls, so customers can use Vanta where they already work without filing a support ticket or waiting for manual allowlisting. Package: Not Applicable
AIUC-1 Early Access Pilot
Users committed to certifying for AIUC-1, the new security standard for AI agents, can now access the framework as an early access pilot in Vanta at no cost for the duration of the preview period. Package: Essentials, Plus, Professional
Azure DevOps Multi-Tenant Support
Users can now connect and manage multiple Azure DevOps organizations from the same Vanta domain, bringing Azure DevOps in line with the multi-connection baseline available across other integrations. Package: Essentials, Plus, Professional, Enterprise (Modular)
SOC 2 Guide: Vanta Agent-Generated Trust Centers
Users in SOC 2 Guide can now have the Vanta Agent automatically generate a Trust Center and Letter of Engagement within their first days in Vanta, with the Agent pre-filling key details like description and security contact so startups have sales collateral they can share with prospects immediately while working toward their full SOC 2. Package: Essentials, Plus
Unmanaged Renewal Line-Item Preview
Users on unmanaged auto-renewal plans can now see a full line-item preview of their upcoming bill directly on the billing page, including each line item, price, and term, so they know exactly what they are agreeing to before their renewal processes. Package: Essentials, Plus
New Twilio Access Integration, Powered by Integration Builder
Users can now connect Twilio to Vanta via OAuth to automatically import active Twilio users, enabling real-time visibility into who has access, feeding access reviews with audit-ready evidence, and eliminating manual exports, with all the benefits of the Integration Builder platform including an AI-summarized activity log, manage page, and settings page. Package: Essentials, Plus, Professional, Enterprise (Modular)
CrowdStrike CSPM Alerts and Multi-Tenant Support
Users can now ingest CrowdStrike Cloud Security Posture Management findings into Vanta as Security Alerts to track SLAs and produce audit-ready evidence for cloud misconfigurations, and can now also connect multiple CrowdStrike tenants to a single Vanta domain. Package: Plus, Professional, Enterprise (Modular)
Optional Reason Input When Deactivating Controls
Users can now enter an optional reason when deactivating a control, either individually or in bulk, with that reason saved and surfaced in a new Deactivation Reason column on the deactivated controls page and visible in control history after reactivation. Package: Essentials, Plus, Professional, Enterprise (Modular)
AI Evidence Eval Model Upgrade
Users now benefit from a 10% latency improvement on AI evidence evaluation and a 5% higher evidence pass rate, as Vanta has upgraded the underlying model powering document and IRL evidence checks to Gemini 3.5 Flash with fewer unnecessary nit-picks on submitted evidence. Package: Essentials, Plus, Professional, Enterprise (Modular), Customer Trust Management
Privacy Read and Write MCP Tools
Users can now manage their privacy data inventory and assessments directly within agentic workflows through 20 new privacy tools exposed via MCP, reducing context switching and enabling more privacy program tasks to be automated end to end. Package: Not Applicable
Agent-Led Control and Policy Program Onboarding (Early Access)
Users can now upload any existing control or policy file as-is and have the Vanta Agent extract controls, suggest evidence pairings for bulk review and approval, extract policy details, map policies to controls, and surface gaps, all without needing to reformat documents to match a Vanta template. Package: Essentials, Plus, Professional, Enterprise (Modular)
QAuto: Smart Answer Field Detection
Users in Questionnaire Automation now have the Vanta Agent automatically detect and fill every response field a questionnaire requires, across any format including documents, spreadsheets, and portals, with column selection for spreadsheet questionnaires eliminated entirely in favor of fully automated detection. Package: Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management
Alpha: Contract Gap Analysis
Users can now upload a draft or executed contract and run a gap analysis where the Vanta Agent reads each commitment and compares it against their GRC program including controls, policies, and knowledge base, returning results ranked by what deserves attention first with cited evidence behind every call. Package: Customer Commitments
Risk and Control Linking via REST API
Users can now manage risk-to-control relationships programmatically via new REST endpoints to link controls to risks, view associated controls, change link types between existing and treatment controls, and remove links. Package: Not Applicable
Custom Agents (Early Access) M1: Scheduled Prompts
Users can now create their own custom agents in Vanta with a simple name, prompt, and schedule, setting them to run daily, weekly, or on demand to automate recurring compliance work like risk reports, policy expiry notices, and overdue training follow-ups across the full Vanta platform without any code. Package: Essentials, Plus, Professional, Enterprise (Modular), TPRM
Trust Center: Improved Notification Default for the Trust Collaborator Role
Users added under the Trust Collaborator role will no longer receive Trust Center access-request email notifications by default, eliminating the notification noise that previously blocked upmarket rollouts when large teams of collaborators were added at once. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced
Week of June 14, 2026
TPRM Collaboration: Vendor + Internal Commenting
Users can now add comments to individual questions on an assessment questionnaire within TPRM, with two separate tracks for internal comments among Vanta users and external comments between Vanta users and vendor contacts through the Exchange, giving both sides a structured and auditable way to collaborate without leaving the platform. Package: TPRM (formerly VRM)
Risk Control Mapping Suggestions
Users can now ask the Vanta Agent to suggest controls that are most appropriate to mitigate and link to a given risk scenario, reducing the manual effort of sifting through all available controls to find the right ones for each risk. Package: Not Applicable
New Test Notifications
Users can now receive proactive notifications when new tests relevant to their domain are scheduled for rollout and when they go live, with test owners automatically alerted for tests they own and configurable company-level alerts available for unowned tests by category via email and Slack or Teams. Package: Essentials, Plus, Professional, Enterprise (Modular)
New Agentic SOC 2 Guide Module: Vendors
Users in SOC 2 Guide can now have the Vanta Agent guide them through their entire vendor management setup, recommending which vendors to add based on IdP and integration data, pre-assigning risk scores, providing instructions on where to find security documents, and analyzing and summarizing each vendor's security documentation with a recommended review decision. Package: Essentials, Plus
Flexible Risk Scoring: Register Score Customization
Users can now configure risk scoring at the individual register level instead of only globally, with a revamped Scoring settings tab that displays a heatmap grid of all risk scores, score labels and descriptions, and a unified editing experience where all changes to impact and likelihood scales and risk levels can be made and saved at once. Package: Professional, Enterprise (Modular)
Agent Slide-In Panel
Users now experience the Vanta Agent companion in a slide-in panel that sits alongside the page instead of floating on top of it, allowing them to see their work and interact with the Agent at the same time without the Agent obscuring content. Package: Not Applicable
Agent and MCP Support for Risk Registers
Users can now ask the Vanta Agent or connect via MCP to create, rename, update, and delete risk registers through natural conversation, making risk program setup and maintenance faster for organizations managing multiple registers across teams or business units. Package: Professional, Enterprise (Modular)
Framework Purchase Expansion
Users can now purchase GDPR, AUE8, CIS v8, and CRI frameworks directly in-app with user-selectable variants, removing the need to schedule a call or go through a manual amendment process for these frameworks. Package: Not Applicable
Week of June 7, 2026
Vanta Agent: New Entry Point in the Top Nav (GA)
Users now have a persistent search bar in the top navigation that serves as a direct entry point to the Vanta Agent, surfacing rotating prompt suggestions from the prompt library to show what the Agent can do and accepting free-form queries, with Command+K available as a keyboard shortcut. Package: Essentials
Frameworks and Certifications Structured Commitment Type
Users can now filter and sort framework and certification commitments across their entire contract base as a structured commitment type, making it easy to pull up every contract that commits to SOC 2 or owes a report on request without having to read clause by clause. Package: Customer Commitments
Privacy Agentic Writes for Privacy Data Inventory (Processor Side)
Users can now work with the Vanta Agent on the Privacy page to create, update, and delete processing categories and data controllers, extending the agentic write capabilities previously launched for the controller side to the processor side of the Data Inventory. Package: Not Applicable
Direct Mapping of Requests to Controls on IRL Upload
Users and auditors can now map requests directly to controls at the time of IRL upload, with the uploader validating Control IDs against Vanta and providing a list of valid IDs for a given framework to make uploading and error handling straightforward. Package: Professional, Enterprise (Modular)
SIG Lite Questionnaire Template in QAuto
Users can now access a SIG Lite questionnaire template directly within QAuto, either as the new default starter questionnaire or via the Import Questionnaire modal, allowing them to complete it once, update it periodically, and share it with requesters or publish it to their Trust Center. Package: Essentials, Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management
Risk to Control Mapping - M1
Users can now link existing controls directly to a risk from a new risk context section on the risk detail page, separate from the treatment plan, eliminating false gaps, remediation noise, and score distortion while giving auditors a clear path to review control evidence directly from the risk. Package: Essentials
Custom Assessment Templates in Privacy
Users with the Privacy Advanced SKU can now create fully custom assessment templates with free text, single-choice, and multi-choice questions, and select those templates when creating a new privacy assessment instead of being limited to Vanta's predefined templates. Package: Privacy Advanced
Splunk On-Prem Integration, Powered by Integration Builder
Users can now connect Splunk Enterprise (on-prem) to Vanta through the first integration built on Vanta's new Integration Builder platform, which delivers a consistent experience across every integration including a listing page with API permissions and resource schemas, an AI-summarized activity log with fix instructions, a manage page, and a settings page, all generated automatically from code. Package: Essentials, Plus, Professional, Enterprise (Modular), Access Management
Week of May 31, 2026
View Third Party Trainings Within Vanta (10% Rollout)
Users can now view their third party security awareness trainings directly on their Vanta training page, with Vanta automatically updating their completion status once the training is finished in the external system and surfacing messaging when external trainings are pending. Package: Essentials, Plus, Professional, Enterprise (Modular)
Customers Can Edit Metadata on Requests
Users can now edit request due dates, capture dates, request types, and cadence directly within an audit in Vanta, removing the need to rely on auditors for these updates and speeding up the audit workflow on the customer side. Package: Professional, Enterprise (Modular)
MCP Tool Expansion
Users and their AI agents can now access 28 new MCP tools to programmatically read Personnel, Group, Computer, Access, Audit, Privacy, Questionnaire Automation, and Issues data from Vanta, with these tools shared directly from the same toolset powering the Vanta Agent. Package: Essentials, Plus, Professional, Enterprise (Modular)
More Performance Improvements to Inventory and Vulnerability Pages (No Limits)
Users with large data sets now experience significantly faster load times on Inventory and Vulnerability pages, with Inventory pages loading in under 1 second instead of timing out, and bulk ignore and export operations completing reliably at scale. Package: Not Applicable
Add Ability to Delete Files from Risk Tasks
Users can now see the names of uploaded files on risk tasks and delete individual files, replacing the previous experience that only showed a file count with no way to manage or remove specific attachments. Package: Not Applicable
Risk Approval Activity Timeline
Users can now view a full activity timeline within the risk approval history section, showing the date each action took place and any associated comments, giving teams a clear audit trail without needing to reference external email notifications. Package: Not Applicable
Improved Notification Management
Users can now toggle all alerts and email digest notifications on or off at the category level from Settings, eliminating the need to click through 30+ individual toggles to manage notification preferences. Package: Essentials, Plus, Enterprise (Modular)
Trust Center: AWS Marketplace Integration
Users can now feature their Vanta Trust Center on their AWS Marketplace listing so buyers can access compliance documentation during the purchasing process, and can also link their Marketplace listing directly from their Trust Center to turn security credibility into a direct purchase path. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced, Customer Trust Management
Per Risk Access Management
Users can now assign specific viewers and managers to individual risks, giving teams precise control over who can access and update each risk, with the ability to assign these roles to Vanta Teams as well. Package: Not Applicable
May 2026
Week of May 24, 2026
Agentic SOC 2 Guide: Getting Started in Vanta
Users (startups on SOC 2 Guide) are now guided step-by-step through their first actions in Vanta by the Vanta Agent, which generates a tailored compliance plan, confirms their company profile, recommends key integrations to connect, and answers questions along the way, all without needing to leave the Agent experience. Package: Essentials, Plus
In-App Billing Page
Users can now manage billing directly within Vanta through a new native billing page that replaces the previous Stripe redirect, with invoices served directly from Netsuite as the source of truth for finance. Package: Not Applicable
Wiz Configuration Findings
Users who opt in can now have Wiz configuration findings ingested into Vanta and presented as SLA-trackable security findings, giving upmarket customers more ways to generate evidence and track remediation across their cloud infrastructure at the individual instance and bucket level. Package: Professional, Enterprise (Modular)
Customize Personnel Reminders
Users (Admins) can now send personnel reminder emails from their company's verified email domain instead of Vanta's, and customize the subject, body, and Slack message content using template variables like employee name, task name, and due date to reduce confusion and increase completion rates. Package: Custom Domain: Professional, Enterprise (Modular) | Custom Email and Slack Message: Essentials, Plus, Professional, Enterprise (Modular)
Privacy Data Inventory: Bulk Management and Permanent Table View
Users can now select multiple data inventory items at once and bulk edit or delete them in a permanent table view, making large cleanup workflows significantly faster to self-serve, especially after ROPA imports. Package: Not Applicable
Privacy Agentic Writes for Privacy Data Inventory (Controller Side)
Users can now collaborate directly with the Vanta Agent on the Privacy page to create, update, and delete processing activities in the Data Inventory, with the Agent having access to expanded context tools to perform multi-field updates in a single interaction. Package: Not Applicable
Vanta Agent Sandbox Support (10% Rollout)
Users can now ask the Vanta Agent to work with large files, large datasets, and multi-step analysis tasks more reliably, as the Agent can now spin up an isolated sandbox to run bash commands, execute Python scripts, and export generated files back into chat rather than passing everything through the LLM context window. Package: Essentials, Plus, Professional
Week of May 17, 2026
Sharepoint Integration for Customer Commitments
Users can now connect and configure Sharepoint as a contract source from the Commitments settings page, similar to how the existing Ironclad integration works, giving teams an automated path to populate their commitments inventory without relying on manual uploads. Package: Customer Commitments
BU-Scoped Program Overview Reports
Users with Business Unit Scoping enabled can now apply a Program Segment lens to the Program Overview report, scoping the Framework Progress, Test Remediation chart, and Audits widgets to a specific BU and framework to surface per-BU risk and progress that was previously hidden in aggregate views. Package: Professional, Enterprise (Modular)
More Flexible User Provisioning in Login & Security
Users (Admins) can now choose how Vanta auth users are created under Login & Security, with options for SCIM, Personnel Auto-Provisioning, or manual management, giving upmarket customers the ability to add vCISOs, consultants, or IT admins to Vanta without also tracking them as monitored personnel. Package: Essentials, Plus, Professional, TPRM (formerly VRM)
Personnel Setup Wizard
Users setting up Personnel for the first time are now guided through a structured wizard that helps them connect an IdP and/or HRIS, configure scope, and make informed decisions around employee account provisioning, reducing the risk of misconfiguration and reliance on Support and Solutions. Package: Essentials, Plus, Professional
Personnel Setup Settings
Users (Admins) now have a dedicated Personnel Settings section where they can see all connected personnel and employee data sources in one place, understand what each source controls, manage source configuration, and review provisioning and reminder settings from a single persistent surface. Package: Essentials, Plus, Professional
Week of May 10, 2026
Historical Policies Available in IRLs
Users can now attach historical policy versions as evidence in IRLs, with a side drawer that surfaces past versions alongside the ability to add individual policy documents or entire containers. Package: Professional, Enterprise (Modular)
Trust Center: Right to Be Forgotten (Deletion Request) for Viewers
Users (Trust Center admins) can now fulfill GDPR Article 17 erasure requests directly from Settings by entering a viewer's email to trigger an automated workflow that anonymizes their PII across all relevant systems, including access records, NDA metadata, update subscriptions, and event logs. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced, Customer Trust Management
TPRM Continuous Monitoring - Vendor Incidents
Users are now immediately notified via email when a monitored vendor experiences a confirmed or suspected security breach, and can view a structured incident detail page showing confirmation status, severity, data breach status, a summary of what happened, source evidence links, and a basic incident timeline all in one place. Package: TPRM (formerly VRM)
AI Recommendations for Access Reviews (Preview)
Users now receive an AI-generated recommendation (Approve, Deny, or Needs Review) for every account at the start of an access review, each surfaced with the signals behind it such as employment status, last login, and prior decisions, allowing low-risk accounts to be bulk-approved in seconds. Package: Plus, Professional, Access Management
Trust Center: Customer-Specific Access Automation with Salesforce
Users can now map Trust Center tag values directly to Salesforce fields so that when a customer requests access, the right documents are automatically delivered based on their Salesforce data, with no manual intervention required. Package: Professional, Customer Trust Management, Trust Center Advanced
Customer Commitments Onboarding Experience
Users setting up Commitments for the first time are now guided through a four-step onboarding flow with a welcome modal, a persistent progress banner, and Chameleon-powered tours pointing to the exact UI needed at each step, from uploading standard contracts to reviewing customer commitments. Package: Customer Commitments
Product Usage Events in Metronome (QAuto + XBOW)
Users will soon gain in-product visibility into how much of their purchased entitlement they have consumed, as Vanta now tracks QAuto and XBOW usage events in real time through Metronome as a single source of truth for usage, commitments, and entitlements. Package: Not Applicable
Automatically Deprovision Zoom and Figma Accounts During Personnel Offboarding (GA)
Users can now configure Vanta to automatically deactivate Zoom and Figma accounts as part of the offboarding workflow, freeing licenses and removing org access immediately upon termination while keeping data intact. Package: Plus, Professional, Access Management
Knowledge Base API
Users can now programmatically create, read, update, and delete Answer Library entries and resources, manage lifecycle fields like owner, tags, verification state, and expiration dates, and use LIST endpoints with filtering and pagination to power downstream automations and integrations. Package: Essentials, Plus, Professional, Trust Center, Trust Center Advanced, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management
Bulk Test Export
Users can now export test data in bulk from the Tests page via CSV, with a configuration modal that gives them control over exactly what gets included in the export. Package: Not Applicable
Advanced Historical Reporting Now Available in VantaGov
Users on VantaGov now have access to all reports including the Issues Report, powered by the same Snowflake-based reporting data pipeline available in Vanta's commercial product, with full parity on future reporting features including Vanta Agent integration. Package: VantaGov
SPRS Score for CMMC Level 2
Users on CMMC Level 2 can now track their Supplier Performance Risk System (SPRS) Score directly in Vanta via a new reporting widget that updates as they make progress on controls. Package: Essentials, Plus, Professional, Enterprise (Modular)
My Program (M1)
Users managing compliance across multiple Business Units can now access a single My Program home page that provides cross-BU and cross-framework visibility into their entire compliance program, including framework health, test remediation status, and audit activity in one location. Package: Professional, Enterprise (Modular)
Enhanced Control Data for V4G Frameworks
Users on NIST 800-53, NIST 800-171, FedRAMP Rev 5, and CMMC frameworks can now capture three additional fields per control including control type, implementation status, and implementation details to better demonstrate compliance to auditors. Package: Essentials, Plus, Professional, Enterprise (Modular)
Vanta Developer Docs Rebuilt for Humans and Agents
Users and AI agents building on Vanta now have access to a fully rebuilt developer documentation site on Mintlify, featuring an AI-native experience with a dedicated landing page, agent-friendly markdown, an AI chatbot, improved API playground, and 12+ new pages including tutorials, concept guides, and one-click AI prompts. Package: Not Applicable
Third Party Trust Center Evidence Requests
Users running vendor assessments in TPRM can now request access to private documents from Safebase, Secureframe, and Conveyor trust centers directly within an assessment, with a computer use agent placing the request on their behalf without requiring them to leave Vanta. Package: TPRM (formerly VRM)
Week of May 3, 2026
Automated Jira Ticket Creation for Documents (Beta)
Users (Admins & Editors) can now configure Vanta to automatically create a Jira issue whenever a Document needs evidence, with tickets defaulting to the Object Owner as the assignee, pre-populated with context on how to complete the work, and linked back to the document in Vanta. Package: Essentials, Plus, Professional, Enterprise (Modular)
Simplified Answer Schema for Answer Library
Users now benefit from a simplified Answer Library schema that consolidates the answer and explanation into a single open-text field, reducing complexity across the import/export workflow and the Knowledge Base API. Package: Essentials, Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management
Row-Level Tagging for Answer Library Imports
Users can now map spreadsheet columns to existing tag categories in Vanta when importing a CSV or Excel file into the Answer Library, allowing each row to carry its own tag values so imported entries are tagged correctly from the start. Package: Essentials, Plus, Professional, Questionnaire Automation, Questionnaire Automation Advanced, Customer Trust Management
Auto-Renewals for 1–10 HC Customers (Global Launch)
Users on eligible 1–10 HC plans can now renew automatically without any manual back-and-forth, receiving a 90-day notification email and an in-app banner at 45 days, with simple in-app paths available if they want to make changes or cancel. Package: Essentials, Plus
Pre-Sync Vulnerability Filtering for AWS
Users can now configure a minimum severity threshold for AWS vulnerability ingestion, ensuring only vulnerabilities at or above that threshold are imported into Vanta to reduce noise and focus remediation efforts. Package: Essentials, Plus, Professional, Enterprise (Modular)
Akamai Domain Protection (Progressive Rollout)
Users can now connect Akamai to Vanta to monitor managed domains, their proxy status, and the configuration of key protection services like WAF, bot management, and DDoS mitigation, with automated tests that continuously verify domains stay protected. Package: Essentials, Plus, Professional, Enterprise (Modular)
Issue Snapshots with Audit Integration
Users can now take point-in-time snapshots of issues filtered to their needs and share those snapshots directly with an audit, giving auditors access to a stable, unchanging view of issues via the Auditor portal, export, or Auditor API. Package: Professional, Enterprise (Modular)
Expanded Automated Tests Generating Upmarket Evidence
Users now have access to 331 additional automated tests that generate robust evidence tables, bringing the total to 601, along with LLM-generated structured descriptions across all Vanta-built tests for clearer context on what each test does and why it matters. Package: Not Applicable
Licensed Shared Assessment Content - SIG/SIG Lite (TPRM & QAuto)
Users will soon be able to access standardized SIG and SIG Lite assessment templates directly within Vanta's TPRM and Questionnaire Automation products, removing the need for separate expensive licenses. Package: Questionnaire Automation, Questionnaire Automation Advanced, Trust Center, Trust Center Advanced, Customer Trust Management, TPRM
5 Integrations Now Available on VantaGov
Users on VantaGov can now connect five additional integrations including Intercom, CrowdStrike, Checkr, KnowBe4, and OpenAI, each validated through a standardized 10-12 test suite to ensure a consistent install experience matching Vanta's commercial product. Package: Essentials, Plus, Professional, Enterprise (Modular)
Deleting Business Units & Program Segments (Internal Redpanda Release)
Users (via CSMs in RedPanda) can now delete business units and remove frameworks from business units, resulting in a cleaner, more accurate setup with less UI clutter and clearer segment-scoped views across Vanta. Package: Professional
Event Logs API
Users can now continuously fetch Vanta event logs via a new API endpoint to quickly detect suspicious user behavior and ingest activity data into their SIEM. Package: Essentials, Plus, Professional, Enterprise (Modular)
April 2026
Week of April 26, 2026
Information Request List (IRL) GA!
Users at upmarket organizations can now run a fully cohesive audit in Vanta by uploading their auditor's IRL, submitting evidence manually, marking evidence for internal or auditor review, and controlling data visibility throughout the audit process, all within a single, unified workflow.
Standard Commitments
Users managing customer contracts can now automatically identify non-standard commitments by uploading their standard paper (e.g. MSA, DPA), letting AI extract standard terms and flag any deviations in customer contracts with a clear explanation of what differs.
Personnel People Page Quick Views and Filters
Users can now access one-click, persistent quick views at the top of the People page, such as "Incomplete Tasks," "Overdue," and "No Tasks Assigned" instantly filtering personnel by actionable states instead of manually scanning a dense table.
Custom Fields for Issue Management
Users managing issues at scale can now extend Issues with custom structured metadata fields, giving enterprise teams the flexibility to track internal processes, programs, and reporting needs without changing their underlying issue workflows.
ISO 22301 New Framework
Users pursuing Business Continuity Management System (BCMS) certification can now access ISO 22301 as an out-of-the-box framework in Vanta, complete with dedicated policies, procedures, tests, documents, and evidence reuse.
Vanta Agent on Top Nav Search
Users can now access the Vanta Agent directly from a prominent search bar in the top navigation, with rotating prompt suggestions to help surface what to ask, making the agent significantly more discoverable than the previous sparkle button entry point.
Team Ownership for Controls
Users can now assign a team as the owner of a control, ensuring every team member gets notified when action is needed and can configure a shared Slack channel for alerts, rather than relying on a single individual who may miss notifications.
TPRM Assessment Evidence Status
Users managing third-party risk assessments now have a clearer, more accurate evidence status that accounts for partial questionnaire completion and distinguishes between the number of evidence requests fulfilled vs. total required, replacing a previously confusing three-state model.
Partial Materialization Refresh: Same Fast, Less Stale
Users on the Tests page will now see assignment updates reflected significantly faster, as the new partial materialization refresh selectively updates only affected data rather than triggering a full page refresh, reducing the previous up-to-10-minute staleness window.
OSCAL Export for FedRAMP R5, NIST 800-53, and CMMC
Users on FedRAMP R5, NIST 800-53, and CMMC frameworks can now export their controls, tests, and evidence in machine-readable OSCAL format directly from Vanta to meet increasing federal government requests for OSCAL-based content.
Vanta Control Framework (Private Preview)
Users managing multiple overlapping compliance frameworks can now view their commitments through a single unified set of Vanta common controls, making it easier to understand how framework requirements map together and operate a security program without getting lost in a sea of redundant controls.
Week of April 19, 2026
GA Outbound Webhooks
Users can now receive real-time notifications from Vanta when specific events occur, such as a vendor being created, a Trust Center access request coming in, or a questionnaire status changing, enabling automated workflows without the need to manually monitor the dashboard or poll the API.
DPIA Generation with Vanta AI
Users completing a Data Protection Impact Assessment can now have Vanta AI generate an initial draft by pulling in relevant data from processing activities, vendors, and risk scenarios, saving significant time getting started on this complex process.
Custom Document Renewal Dates
Users can now set custom renewal dates on individual documents or in bulk, giving them direct control over when documents come due independent of upload dates, making it easier to align document renewals to their actual audit schedules.
SOC 2 Guide in Slack: Policy Reminders and Approving Policies
Users going through SOC 2 Guide can now receive Slack notifications and reminders from the Vanta Agent to review and approve their policies, meeting startup customers where they already spend their time instead of requiring them to return to the Vanta app.
QAuto: Section Context Awareness
Users submitting questionnaires for automation will now get more accurate AI-generated answers, as Questionnaire Automation detects and surfaces section headings to give the AI the framing it needs to correctly interpret questions in context rather than treating them in isolation.
TPRM: Next Review Date Now Available in Vendor Import
Users migrating their vendor risk programs into Vanta can now set the next review date directly in the vendor import, enabling automated evidence collection workflows to trigger immediately without requiring manual one-by-one updates.
Asana & ClickUp Ticket Linking + Evidence Sync for Documents
Users can now link existing Asana and ClickUp tasks to Vanta Documents and have attachments uploaded in those tools automatically surface as recommended evidence in Vanta, keeping task status synced across platforms without manual copy-pasting.
Enforce Policy Review
Users with admin access can now enable a setting that requires employees to open and review each policy before accepting it, giving mid-market and enterprise customers a more formal guarantee that policies are actually being read.
Auto Account Assignment & Creation
Users uploading contracts no longer need to manually assign them to accounts, as AI now automatically matches each contract to the right account, or creates a new one if none exists, dramatically reducing manual review during the contract ingestion process.
Agent-led Risk Onboarding
Users setting up a risk management program as part of the SOC 2 Guide can now have the Vanta Agent automatically generate personalized risk scenario recommendations based on their business context, replacing the need to manually browse and select from a lengthy risk library.
Early Access: Redesigned Portal Automation in QAuto
Users completing security portals through Questionnaire Automation will benefit from a fully rebuilt experience that replaces a heuristic DOM scan with a full-page AI scan and agentic section-to-section navigation, delivering broader and more consistent portal coverage.
Processor-Side of the Data Inventory (Processor ROPA)
Users can now track data they process on behalf of other entities under GDPR's Processor ROPA requirement, as the data inventory has been split into "Data you control" and "Data you process for others" to cover both sides of the compliance obligation.
QAuto: Object-Level Permissions for Questionnaires
Users in large organizations can now have questionnaire access tied directly to their ownership or approver role on individual questionnaires, giving teams granular control over visibility and editing rather than relying on broad global permissions.
Week of April 12, 2026
Vanta Agent Support for Audits
Users can now ask the Vanta Agent natural language questions about their audit status — such as whether their auditor has flagged anything or if there are overdue requests — without needing to manually dig through the audits product.
Controls Page Available in IRLs
Users in IRL audits can now access a dedicated controls page that displays all in-scope controls, control details, the control-to-request mapping, and progress tracking per control, eliminating the need to navigate into individual requests to find this information.
REST API for Contract Management
Users can now leverage new public REST API endpoints to upload, read, and delete contracts programmatically, enabling custom contract management workflows that reduce the manual overhead of building a complete contractual commitments inventory.
No Limits (Performance & Scaling)
Users across Trust Center pages and key feature areas will experience significantly faster load times and fewer timeouts, as the team resolved performance issues across 7 content types and 4 feature pages to meet SLOs at 100x peak load.
Improved Audit Workflows in IRLs
Users with admin roles can now enforce internal review processes in IRLs by requiring collaborators to mark requests as "internal review" before evidence reaches the auditor, giving security teams greater control over auditor communication.
Custom SLAs
Users can now create and edit their own SLA categories in Vanta and apply them to both custom and Vanta-built tests, providing greater flexibility to match their organization's unique remediation timelines.
Remote MCP Server Released to All Customers
Users across all customer accounts now have access to the Vanta remote MCP server as a public beta feature, following a private beta that demonstrated strong interest from AI-first customers.
File Attachments for the Vanta Agent
Users can now attach images and PDFs directly to the Vanta Agent via the paperclip icon, enabling richer context to be provided to the agent beyond plain text input.
Risk to Asset Mapping – Preview Release
Users can now natively link risk scenarios to integrations directly within Vanta — from the risk scenario detail page or the dedicated impacted assets tab — giving them a clearer, more complete view of which assets are affected by a given risk.
Risk Import Guidance
Users who indicated during onboarding that they have risks to import will now see a contextual banner on the Risks page along with a guided checklist and embedded help links on the import page, making it easier to complete the import process.
Admins Can Define Preferred Firm List for Audit Creators
Users with admin roles can now control which audit firms appear in the dropdown when creating an audit engagement, reducing the risk of an audit creator accidentally selecting the wrong firm.
Week of April 5, 2026
Personnel (V2) Context in the Vanta Agent
Users can now ask the Vanta Agent plain-language questions about their personnel compliance posture — including task completion, policy acceptance, and device status — through rebuilt V2 Personnel tools that significantly expand what the Agent can surface about people and their compliance standing.
Expanded Spreadsheet Questionnaire Support for TPRM
Users who rely on spreadsheet-based workflows for third-party risk assessments can now manage those questionnaires as a first-class experience alongside in-app questionnaires, eliminating the need to migrate off of familiar offline and collaborative workflows.
QAuto Context in the Vanta Agent
Users can now paste security questionnaire questions directly into the Vanta Agent and receive answers drawn from knowledge base resources and security questionnaires, going beyond the previous limitation of only searching policy documents.
Privacy Context in the Vanta Agent
Users can now ask the Vanta Agent questions about their privacy product data — including data processors, processing activities, and impact assessments — giving them visibility into their privacy posture directly through the Agent.
March 2026
Week of March 29, 2026
Auto-Renewals for 1–10 HC Customers
Users will experience automatic subscription renewals with zero effort required. Eligible 1-10 headcount customers on Essentials or Plus plans receive renewal notifications at 90 and 45 days, and their plan continues automatically unless they choose to make changes via a simple in-app form or cancel through a straightforward in-app flow that captures feedback for product improvements.
Vanta Plugin for Claude Code (Private Preview)
Users will be able to discover failing compliance tests, generate infrastructure-as-code fixes directly in their repository, and open pull requests without leaving their code editor. The plugin connects Claude Code to Vanta's MCP server with purpose-built remediation skills and commands, providing test-specific prompts and fix instructions for 500+ IaC tests across AWS, GCP, and Azure.
Extended Public Webpage Indexing for the Knowledge Base
Users can now add a single URL and enable "include sub-pages" to automatically index content from that page and all relevant sub-pages (one level deep), with LLM-based filtering ensuring only semantically relevant content is captured and daily re-scanning keeping the knowledge base up to date.
Auto-Tracking Commitments
Users now have commitments automatically added to their inventory as soon as AI finishes processing—eliminating manual review steps and getting customers to value faster while still giving them control via edit and archive actions.
Extended Public Webpage Indexing for Knowledge Base
Users can now add a single URL and enable "include sub-pages" to automatically index content from that page and all relevant sub-pages (one level deep), with LLM-based filtering ensuring only semantically relevant content is captured and daily re-scanning keeping the knowledge base up to date.
Version History for AI-assisted Edits in Policy Editor
Users can now track and recover from AI-assisted edits in the Policy Editor with automatic version history that saves every AI edit, provides summaries of changes, and allows one-click restoration of any previous version even across sessions.
Auto-Renewals for 1–10 HC Customers
Users (1-10 headcount customers) who want to continue on their current plan now renew automatically with zero effort, receiving 90-day and 45-day notifications, with simple in-app options to make changes or cancel if needed.
Risk Agent with Risk Program Context
Users can now ask questions about their risk register in plain language and get structured, real-time answers grounded in live program data—such as highest severity risks, risks without owners, and associated controls—giving program managers better visibility without digging through tables or reports.
Week of March 22, 2026
Simplifying Risk Navigation
Users will now see a more streamlined Risk page with less clutter, as Risk Snapshots have been moved into the “…” menu alongside a link to Risk Settings. This update simplifies navigation and helps users focus on the most relevant actions more easily.
Week of March 15, 2026
Splunk Access Integration
Users can automatically sync user, group, role, and access data from Splunk, enabling continuous monitoring of access controls, powered automated compliance tests, streamlined access reviews, and structured access requests.
Support for ENUM data type for custom tests
Users now have ENUMs available for building custom tests, further expanding the use cases that the test builder can support.
TPRM Multiple Assessments: Phase 2
Users can now create additional assessment types like privacy, legal, financial etc and perform multiple AI powered assessments in parallel for each of their vendors.
SOC 2 Guide for 1-10 HC Customers
Users benefit from a streamlined, agentic onboarding experience featuring agentic company research before first login, agentic policy creation with tailor-made policies, always-available next step recommendations, and the Vanta Agent always available for questions trained on company context, compliance data, and the full help center.
Week of March 8, 2026
Controls status for Business Units
Users are now able to see a breakdown of an individual BU's progress (e.g. "SOC 2 for APAC") rather than just the overall framework (e.g. "SOC 2") status.
Vendor Scoping
Users can manage the scope of their vendors at the framework and business unit level, allowing them to manage different vendor scopes for each audit leading to faster and more complex audit strategies.
TPRM Questionnaire Sections
Users can now organize questionnaires into structured sections with create, rename, duplicate, delete, and drag-and-drop reordering capabilities, with a new sidebar navigation allowing users to quickly jump between sections.
GA of Impact Assessments in the Privacy Hub
Users can now fill out a DPIA form within Vanta modeled after the ICO standard, link assessments to multiple processing activities, pull directly from the Vanta risk register, and utilize built-in approval workflows and customizable review cadences to ensure assessments remain up-to-date.
Vanta AI DPIA suggestions
Users can extract relevant information from within Vanta and use Vanta AI to suggest answers as they complete a DPIA, saving time and providing guidance for users who may not have deep experience drafting DPIAs.
TPRM Multiple Assessments: Phase 1
Users can now perform different types of assessments per vendor, make a single decision per vendor taking into consideration different types of evaluations, send a single evergreen exchange to vendors, and gain a clear understanding of vendor status through revamped vendor detail pages.
Removal of 10 deprecated blueprint tables from Risk
Users now have access to Risk views that render with modern design-system components (TableV2, FlatTable, etc), delivering a consistent UX across Risk Scenarios, Archived Risks, Risk Library, and Risk Settings.
DPIA approved in vanta automated test
Users benefit from a new automated test which runs periodically making use of the existing automated tests infrastructure to check if there is at least one approved DPIA.
Week of March 1, 2026
CTM: Improved custom RBAC permissions for Trust Center, Questionnaires, and Knowledge Base
Users can now create more granular custom roles across Trust Center, Questionnaires, and the Knowledge Base, including separating questionnaire edit vs approve permissions and avoiding unintended Knowledge Base write access.
Linear Ticket Linking & Evidence Sync for Documents
Users can now link existing Linear tickets directly to Vanta Documents and automatically sync attachments as recommended evidence. This enables teams to track work in Linear while maintaining visibility and audit readiness in Vanta, reducing duplicate work and improving cross-tool collaboration.
Global Settings
Users can now find and manage configuration more predictably because settings are being consolidated into Global Settings and standalone settings surfaces are being removed from left navigation.
Miradore MDM Integration
Users can now connect Miradore to continuously sync managed device inventory into Vanta, map devices to users, and evaluate device posture against controls, reducing manual inventory work and coverage gaps.
Structured Commitments
Users can now view contract commitments as structured, standardized fields (instead of only legal prose), making commitments filterable and comparable across customers so teams can act without reopening every contract.
Track Privacy Impact Assessments in My Work
Users can now see privacy impact assessment tasks in My Work, including items assigned to them and items waiting on others, making outstanding privacy work easier to track.
QAuto: Vanta Agent response approvals and questionnaire completion (public preview)
Users can now reduce manual review with optional automations that auto-approve unflagged agent answers and automatically complete questionnaires once all responses are approved.
Improving formatting and UX of risk emails
Users can now read risk emails more easily and land on the exact risk that needs action because the email formatting was cleaned up and the “Review in Vanta” button now deep-links to the individual risk, not the general risk table. [7]
February 2026
Week of February 22, 2026
System Security Plan (SSP) Generation Now Available
Users can now generate and manage a System Security Plan inside Vanta for FedRAMP R5, NIST 800-53, NIST 800-171, and CMMC, selecting DOCX or PDF output, downloading it, and having it stored in Vanta Documents for easier audit packages.
[Open beta] Automatically deprovision Calendly accounts during personnel offboarding
Users can now have Vanta automatically deprovision Calendly accounts during offboarding, reducing manual steps, and establishing the foundation for automatic deprovisioning across more integrations over time.
CTM: Bulk import for customer trust accounts
Users can now bulk import customers and prospects into Vanta Accounts so Trust Center automation, access controls, auto-approvals, and NDA rules can be applied at scale without recreating accounts one by one.
Trust Center: Optionally show failing control indicators
Users can now choose to display both passing and failing control indicators in Trust Center, improving transparency of compliance status instead of making the control list appear self-attested.
QAuto: Team assignment for questionnaire approvers
Users can now assign teams as questionnaire approvers in QAuto, while approval permissions still respect existing role-based access controls, and the rollout is being expanded beyond the initial cohort.
2-Resource Custom Tests
Users will be able to create custom tests that pull and join data from 2 different resource types, either from a single integration or across two different integrations. Data from both resource types can be used for resource scoping and for building evaluation logic to determine pass/fail, unlocking many more testing use cases that previously couldn't be addressed with single-resource tests. Additionally, users will now see enum values from received resources displayed in dropdowns when building test logic, making test authoring simpler and more intuitive.
Week of February 15, 2026
Unified Scoping POC
Users can now configure scope from a single scoping home page across multiple levels, and can scope AWS assets using tags, regions, and asset names, making scoping clearer and more flexible.
QAuto: Faster automatic column detection for spreadsheet questionnaires
Users can now skip the manual review step when Vanta detects spreadsheet columns with high confidence, which reduces hands-on validation while keeping a fallback to adjust column configuration if needed.
Configurable Privacy Policy Acceptance in Trust Center Access Requests
Users can now require and customize privacy policy acceptance in Trust Center access request forms. Trust Center owners can enable a toggle to mandate consent and edit the checkbox language, including adding markdown links—giving customers more control over compliance and legal requirements regardless of CRM usage.
[Open beta] Assign deprovisioning tasks to system admins in personnel offboarding
Users can now automatically assign deprovisioning tasks to the relevant system admins during offboarding, with Vanta auto-verifying task completion for integrated systems and enabling quick self-verification for manual systems, centralizing evidence for audit.
Inline editing in the privacy data inventory
Users can now edit processing activities inline on the overview page, avoiding a separate form page and making quick updates easier, including edits from within a drawer view.
Week of February 8, 2026
QAuto: Redesigned page header in response view
Users can now manage questionnaires more easily because the response page header was updated to a standardized header that lets them edit key metadata like due date, owner, and approver directly from the header, and it more clearly surfaces the primary action to complete the questionnaire.
VantaGov environment GA
Users in public sector, or selling into it, can now run Vanta in a GovCloud environment so they can meet stricter hosting and procurement requirements without exceptions, workarounds, or manual tooling.
Automated Evidence Collection for Vanta Trust Centers in TPRM
Users can now request private documents from vendors who use Vanta Trust Centers directly inside Vanta during a TPRM review, and once access is approved, the documents are automatically uploaded to the review as evidence, reducing the old back and forth of requesting, downloading, and re-uploading files.
Assign security awareness training from Vanta and third-party integrations (Private Preview and partial GA)
Users can now assign training by category from multiple sources at once, including Vanta’s training library, one or more SAT integrations, and custom training URLs, so they are no longer forced into an all-or-nothing choice when they connect an LMS integration.
AI Detects Service Accounts (GA for all GRC customers)
Users can now detect and classify service accounts using AI, helping them review personnel records dramatically faster and mark service accounts at much higher volume than the manual flow.
Week of February 1, 2026
Surface conflicting and duplicate content in the CTM knowledge base
Users can now identify and manage conflicting and duplicate content within their Customer Trust Management (CTM) knowledge base. This feature was released to nearly all QAuto customers, with temporary exclusions for domains containing more than 10,000+ answer library entries while processing latency issues are addressed. Support for these larger customers is expected within 2-3 weeks. (Available to all QAuto customers)
Enhanced Questionnaire Bulk Actions in QAuto
Users can now take bulk actions across multiple questionnaire questions at once, which reduces manual clicks during review and speeds up response workflows for larger vendor assessments.
Improved Evidence Upload Experience in TPRM Reviews
Users can now upload and manage supporting documents more seamlessly within Third-Party Risk reviews, with clearer status indicators and a more intuitive evidence workflow that reduces confusion during vendor evaluations.
Expanded Access Controls for Trust Center Content
Users can now configure more granular access settings for Trust Center documents, giving teams tighter control over who can view sensitive materials while still enabling secure sharing with prospects and customers.
Refined Audit Issue Status Visibility
Users can now more clearly see issue status changes within audit workflows, improving cross-team coordination and reducing back-and-forth during remediation tracking.
January 2026
Week of January 25, 2026
Issues Reporting
Users can now access a comprehensive Issues report that surfaces key metrics like issues opened vs. resolved, percent closed on time, and average time to close. The report also includes:
Trends by severity and status
Filters by owner, status, source, and audit
A faster reporting engine with near real-time updates
This makes it easier to track backlog, identify patterns, and manage remediation across teams.
[Progressive Rollout] Code Changes for All Packages
Users on Essentials and Plus can now access the /code-changes page, previously limited to higher-tier packages. This includes:
Pull request evidence ingestion via the resource fetcher
Two default product tests: PRs require approval by someone other than the author and must pass automated build checks
Support for audit evidence prep with a 200-minute estimated time savings
This upgrade replaces the old /changes experience, improving performance, visibility, and compliance validation.
URL Evidence in Issue Management
Users can now attach URLs as evidence directly to issues. This update supports teams that document remediations in external systems and streamlines evidence collection for audit.
Help Center Tools for Vanta Agent
The Vanta Agent now supports help center search and article retrieval. It can answer product usage questions such as:
How to upload an IRL
Where to track progress in Vanta
How to disable alerts or download the agent
This reduces support volume and brings the help experience directly into the Agent chat flow, decreasing refusal rates from 10–12% to just 3%.
Agent Memory (M1: Create and Use Memory)
Users can now store company-specific context in the Vanta Agent’s memory. Once saved, this context is referenced across all future interactions, enabling more personalized and consistent responses without repetitive setup.
Framework Evidence Overlap Drill-Down
Users can now view exactly which tests and documents overlap across frameworks and which are net new. This replaces the prior high-level percentage with:
A detailed, filterable breakdown
Previews of inactive framework items
Ability to scope effort and understand additional work before purchase
This boosts planning accuracy, reduces duplication, and increases customer trust when expanding frameworks.
[GA] TPRM Intake Form
Users can now publish a secure, configurable intake form for third-party risk management. Highlights include:
Custom and standard vendor fields
Evidence uploads
External access via secure magic links
Default risk assignment
This streamlines procurement intake, centralizes data, and closes a longstanding gap in the TPRM offering compared to competitors.
Week of January 18, 2026
AI Auto Consent & Provisioning Agents (Shadow Mode)
Users in the SOC 2 Studio Pilot can now benefit from AI-driven provisioning agents that run on domain creation. These agents scrape publicly available company data to auto-generate SOC 2 policies and scope relevant controls. Though currently running in shadow mode (not yet applying changes), these agents are designed to reduce setup time and tailor compliance programs instantly. Core and Core Plus domains are auto-opted into AI features and shown an informational banner upon login.
Approval Workflow for Impact Assessments
Users can now assign approvers and track approval status directly within the impact assessment workflow, using the same intuitive experience already available for policies. This replaces the need for external documents or spreadsheets, improving accountability and documentation.
Auto-Generated Agent Conversation Titles
Users will now see descriptive, auto-generated titles for their Vanta Agent conversations based on the context of the exchange. This makes it easier to identify, revisit, and manage past conversations across various workflows.
Globally Available Vanta Agent
Users can now access the Vanta Agent from anywhere in the platform via the top navigation. The agent is context-aware and offers relevant prompts based on the page you’re on, helping users get assistance and next steps without interrupting their workflow.
Link Existing Jira Issues to Documents
Users can now link existing Jira tickets to Vanta documents, improving traceability and removing the need to create duplicate tickets. This makes it easier for Program Managers to track documentation-related tasks alongside project workflows.
Personnel Tools for Vanta Agent
Users can now ask the Vanta Agent questions about personnel, such as task completion, security training progress, background checks, and device assignments. The agent can also return filtered personnel lists and provide policy acceptance rates, helping admins monitor compliance via natural language.
Revamped Personnel Offboarding Page UX
Users will see a refreshed offboarding experience with improved UI and functionality. Key updates include:
Enhanced visibility into accounts, roles, and vendor risk
Integration refresh timestamps and one-click refreshes
This improves clarity, supports scaling, and aligns with upcoming access deprovisioning features.
Linking Impact Assessments and Processing Activities
Users can now link impact assessments to processing activities and vice versa. This includes creating assessments directly from activities, navigating between linked items, and viewing link status from the impact assessments table, streamlining privacy workflows.
Scalable Product Tests
Users with large data volumes will benefit from redesigned product test infrastructure, which now supports paginated processing. Early results from the “No Limits” initiative show a 93% reduction in daily test failures. Previously unresponsive tests are now running reliably for over 50 affected customers.
QAuto: Answer History
Users will now see a full edit history for questionnaire responses, giving greater transparency into how answers have evolved over time. This includes visibility into changes made by collaborators and Vanta Agent. Key details:
Currently rolled out to 20% of customers, expanding to 100% by week’s end (pending no critical issues)
Available only for new questionnaire responses going forward
Approvals and assignments are not yet tracked in history but are planned for future updates
Business Unit Segmentation for Tests
Users can now view test results segmented by business unit, not just framework. For each test, customers can:
See which business units are impacted
View how many resources the test evaluates per unit
Open a segment-specific remediation view to take focused action
This gives larger organizations better oversight and a more intuitive compliance view across distributed teams.
History and Versioning for Impact Assessments (DPIAs)
Users can now version and track changes to DPIAs with new functionality that includes:
The ability to create a new draft from an approved assessment, enabling updates while preserving the original
A History tab that shows previous versions and allows users to navigate, compare, or discard drafts
This improves collaboration, audit tracking, and iteration on high-impact privacy documentation.
Week of January 11, 2026
AI Auto Consent & Provisioning Agents (Shadow Mode)
Users in the SOC 2 Studio Pilot can now benefit from AI-driven provisioning agents that run on domain creation. These agents scrape publicly available company data to auto-generate SOC 2 policies and scope relevant controls. Though currently running in shadow mode (not yet applying changes), these agents are designed to reduce setup time and tailor compliance programs instantly. Core and Core Plus domains are auto-opted into AI features and shown an informational banner upon login.
Approval Workflow for Impact Assessments
Users can now assign approvers and track approval status directly within the impact assessment workflow, using the same intuitive experience already available for policies. This replaces the need for external documents or spreadsheets, improving accountability and documentation.
Auto-Generated Agent Conversation Titles
Users will now see descriptive, auto-generated titles for their Vanta Agent conversations based on the context of the exchange. This makes it easier to identify, revisit, and manage past conversations across various workflows.
Globally Available Vanta Agent
Users can now access the Vanta Agent from anywhere in the platform via the top navigation. The agent is context-aware and offers relevant prompts based on the page you’re on, helping users get assistance and next steps without interrupting their workflow.
Link Existing Jira Issues to Documents
Users can now link existing Jira tickets to Vanta documents, improving traceability and removing the need to create duplicate tickets. This makes it easier for Program Managers to track documentation-related tasks alongside project workflows.
Personnel Tools for Vanta Agent
Users can now ask the Vanta Agent questions about personnel, such as task completion, security training progress, background checks, and device assignments. The agent can also return filtered personnel lists and provide policy acceptance rates, helping admins monitor compliance via natural language.
Revamped Personnel Offboarding Page UX
Users will see a refreshed offboarding experience with improved UI and functionality. Key updates include:
Enhanced visibility into accounts, roles, and vendor risk
Integration refresh timestamps and one-click refreshes
This improves clarity, supports scaling, and aligns with upcoming access deprovisioning features.
Linking Impact Assessments and Processing Activities
Users can now link impact assessments to processing activities and vice versa. This includes creating assessments directly from activities, navigating between linked items, and viewing link status from the impact assessments table—streamlining privacy workflows.
Scalable Product Tests
Users with large data volumes will benefit from redesigned product test infrastructure, which now supports paginated processing. Early results from the “No Limits” initiative show a 93% reduction in daily test failures. Previously unresponsive tests are now running reliably for over 50 affected customers.
Week of January 4, 2025
Simplified Navigation
Users on Essentials or Plus plans pursuing first-time compliance will now see a more focused navigation experience. Non-essential nav items are hidden initially and revealed as key milestones are completed. This progressive disclosure approach reduces cognitive load, accelerates activation, and helps users build momentum. Customers can disable this feature in settings if they prefer full platform access.
Tests QoL Improvements
Users will experience several quality-of-life improvements across the Tests experience:
Edit names and descriptions of custom tests post-creation
See the test author in the test details view
Deactivate original tests when duplicating as part of the copy flow
Bulk-add subscribers from the tests list view
These updates streamline test management and improve traceability and collaboration.
Adaptive Scoping for Business Units (Public Preview)
Users can now define separate framework and asset scopes by business unit within a single workspace. This new capability allows organizations with complex structures to manage distinct compliance needs without duplicating frameworks or workspaces. Segment assignments are visible across core Vanta objects, and support for business unit–level audits and evidence is planned in upcoming releases.
Basic POA&M Management
Users can now create issues using a new POA&M (Plan of Action & Milestones) template, enabling structured tracking of compliance gaps required by frameworks like FedRAMP, NIST 800-53, and CMMC. The update supports:
Structured fields for regulatory metadata
Backdating issue detection
Enhanced export functionality
This is part of a broader initiative to support federal agencies and regulated industries.
December 2025
Week of December 21, 2025
Improved Questionnaire Table for TPRM Security Assessments
Users can now clearly distinguish between AI-generated, Vendor-provided, and internal answers in the Suggested Answer column via leading icons. Additional enhancements include:
Optional toggles to view AI and Vendor answers in separate columns
Full visibility into Flagged Findings without needing to click through
CSV exports now include AI answer, Vendor answer, and Flagged Findings columns
These changes improve usability and transparency during security reviews.
Vanta Agent for TPRM Security Assessments
Users can now engage with an experimental Vanta Agent tailored for Security Assessments. This interface allows users to:
Ask follow-up questions
Compare vendor and AI answers
Analyze SOC 2 exceptions and findings
Query across metadata, evidence, and summaries
This new agent brings consistency to the “Ask Vanta AI” experience and will eventually be integrated into the main Vanta Agent based on feedback and iteration.
QAuto: Limit Ask-in-Slack to a Single Channel with Optional Auto-Reply
Users can now configure Ask-in-Slack to post only in one designated Slack channel, keeping security and compliance questions centralized. An optional auto-reply feature also ensures that questions posted in the channel, without using the Slack command, are captured and responded to, improving visibility and reducing manual overhead.
Week of December 14, 2025
BU Asset Pages: /computers, /access, and /vulnerabilities Now Use Segments
Users with multiple business units will now see segments instead of frameworks when viewing the /computers, /access, and /vulnerabilities pages. This change aligns asset visibility with business unit scoping and helps customers better understand how their resources are organized.
Automated Test for Data Inventory in Privacy Frameworks
Users can now rely on a new automated test that periodically evaluates the state of their data inventory. This replaces the previous document-based test, offering continuous monitoring and faster issue detection. A banner in the data inventory evidence request guides users to the new setup.
Vanta Agent Supports Issue Management Queries
Users can now query issue metadata directly through the Vanta Agent using natural language. The agent can surface counts, trends, ownership details, and statuses, making it easier to analyze issues without filtering, exporting, or reviewing them manually.
Deprecation of Draft Reviews in TPRM
Users will no longer see the “Draft” state for third-party risk management reviews. Instead, reviews will follow a simplified status model: Not Started, In Progress, and Complete. This change improves clarity and sets the stage for upcoming enhancements like support for multiple assessments.
QAuto: Quick-Add to Answer Library from a Questionnaire
Users can now add responses to the answer library directly while filling out a questionnaire. This makes it easier for SMEs to capture reusable answers at the moment they are written, without relying on the pending review queue. Future updates will introduce Vanta Agent-suggested knowledge base updates based on response activity.
New Vanta-Built Kolide MDM Integration
Users now have access to a new first-party Kolide integration built by Vanta, replacing the previous third-party version. Key improvements include:
Device group filtering
Support for Windows, Linux, and macOS devices
A more extensible foundation for future updates
This update improves device trust accuracy and gives teams more control over fleet management.
Week of December 7, 2025
Removing the MSP “Cart” Experience
Users managing domains via the MSP console will now see those domains provisioned directly through SFDC by Vanta sellers. This change eliminates the old “cart” experience, reduces delays in SKU availability, and ensures product access aligns with billing. As part of the update, over 1,200 domains were corrected to fix previously unpaid or misaligned entitlements.
Vanta Agent Can Edit Policies
Users can now ask the Vanta Agent to directly edit policies. By prompting the agent (e.g., “can you fix this contradiction for me?”), the agent will draft the edits, show proposed changes for review, and update the policy, eliminating the need to manually copy text or navigate to the Policy Builder.
BU Asset Pages: /people/people and /people/groups Use Segments
Users with multiple business units will now see segments instead of frameworks on the /people/people and /people/groups pages. This change improves clarity around resource scoping for organizations using Framework Scoping with multiple BUs.
QAuto/CTM AI: New Agentic Answer Pipeline
Users now benefit from an upgraded answer pipeline for Question Automation, replacing the legacy RAG system. This rollout improves response accuracy, context understanding, and clarity. It also sets the foundation for future enhancements like SME assignment, live data integration, and flagging answers that need human review.
Expanded Document Descriptions
Users will now see clearer guidance when uploading evidence, including four new components: a short description, implementation guidance, evidence collection tips, and a downloadable template (if applicable). This change helps streamline uploads across 5,000+ documents and 44 frameworks.
Performance Improvements to Inventory and Vulnerabilities Pages
Users will experience faster load times on key pages:
Vulnerabilities findings-by-asset loads 77% faster (p95: 10.13s → 2.32s)
Inventory page loads ~70% faster (p95: 9.52s → 2.93s)
Additional backend optimizations removed high-cost queries and improved system reliability—eliminating timeouts for many large customers.
Enterprise: Oracle OC19 and DRCC Support
Users can now connect Oracle’s EU Sovereign Cloud (OC19) and Dedicated Region Cloud Customer (DRCC) offerings to Vanta. This extends support for advanced Oracle deployments and makes Vanta the only GRC platform supporting these enterprise-specific OCI environments.
Audit Creation by Program Segments
Users with multiple business units can now create audits by program segment instead of framework. The UI now shows audit names by segment, supports filtering by business unit, and displays scope summaries on audit cards—enhancing clarity and flexibility for large organizations.
Week of November 30, 2025
Segmented Control Statuses on the Frameworks Page
Framework Scoping customers will now see accurate, framework-specific control statuses and evidence readiness directly on the Controls tab of the Frameworks page. Previously, users had to hover over each control to view the relevant framework status, and evidence readiness was hidden entirely. With this update, customers gain immediate clarity into their control progress for each framework, helping teams prioritize effectively and reduce confusion during audits.
Connect Microsoft Azure to Vanta in Under 5 Minutes
Users can now connect Azure to Vanta in less than 5 minutes, thanks to a streamlined setup experience. Improvements include smart defaults that guide users to the best connection path, and a simplified Cloud Shell script that provisions all required permissions with a single command—reducing manual steps and setup time by more than half.
Custom Note on Personnel Records
Users can now add free-form custom notes to personnel records, creating a permanent space for internal context such as employment status changes, test users, or duplicates. This makes personnel tracking more accurate and audit-ready without relying on external documents.
Upgraded Evidence Generation from Automated Tests
Users will now see a new Evidence tab across all tests, featuring:
A complete structured table of evaluated resources and results
Visibility into out-of-scope resources to explain test outcomes
Workpaper exports that meet auditor standards
Clear test criteria descriptions and a more intuitive UI with side panels
These improvements significantly reduce audit prep time and improve trust and clarity for both customers and auditors.
Datetime Support for Custom Tests
Users can now use datetime values when writing custom tests. This unlocks scenarios like testing SLA timelines or verifying time-sensitive controls—previously not possible with existing data types.
Data Inventory + ROPA Management in Privacy Frameworks (GA)
Users can now manage a full data inventory, including importing/exporting ROPA, directly within Vanta's privacy frameworks. This helps streamline privacy compliance with built-in test coverage and data organization.
BU Asset Pages for /inventory and /code-changes
Users with multiple business units will now see segments (instead of frameworks) in the /inventory and /code-changes pages. If a customer only has one or fewer business units, the framework view remains unchanged to avoid unnecessary disruption.
Segmented Statuses on Frameworks Page Controls Tab
Users using framework scoping will now see framework-specific control statuses in the Controls tab of the Frameworks page. This ensures accuracy in evidence readiness and status reporting per framework.
November 2025
Week of November 23, 2025
Assign Vanta Teams as System Reviewers in an Access Review
Vanta Teams can now be designated as system reviewers during an access review. When a team is assigned, every member gains the ability to review accounts for that system and record any access changes. Notifications are sent to all team members either by email or to a selected Slack channel, creating a more coordinated and visible review process.
Issue to Policy Mapping
Users can now link issues directly to policies from within the Issue Management and Policies modules, completing the chain between policies, controls, risks, and issues. This gives customers a connected view of their compliance posture: when an issue appears, they can immediately identify the governing policy along with its approver and status. The linking experience follows the established control and risk mapping flow, making it intuitive to adopt. AI suggested policy mappings will be added soon.
Week of November 16, 2025
Business Units Scope Overview
Customers can now see changes to scope on a per-business unit basis. This affords a more streamlined process for making changes to scope and clearly seeing the updated metrics & activity.
Surfacing accounts from Access Requests in Personnel Offboarding
Vanta now surfaces manual accounts (i.e. those from non-integrated systems) from Access Requests in our Personnel Offboarding tool. For customers using Access Requests, this is a huge increase in visibility into who has access to what and ensuring personnel are offboarded securely and seamlessly.
Approver as an Object-Level Role (on Policies)
Approver is now an object-level role, live on policies, that can be assigned to Collaborators. Approvers have view & comment access and are granted approve/reject permissions when it's their turn in the approval chain.
Privacy ROPA export
Allows users to export their ROPA as an XLSX file during audits or investigations to help prevent penalties.
Week of November 9, 2025
Test Author Visibility for Custom Tests
Users will now see the name of the author who created a custom test in the test details view. This only applies to newly created custom tests going forward and will not retroactively apply to existing tests created before this feature was introduced.
TPRM Navigation
Users can now manage their entire vendor ecosystem from a unified view within TPRM. This redesign merges Discovery, Procurement, and Managed Vendors into one streamlined experience. It also introduces Continuous Monitoring from the Riskey acquisition, aggregates findings across vendors, and sets the foundation for expanded workflows like multi-assessments and findings management.
Approve Trust Center Access Requests in Slack
Users can now approve or deny Trust Center access requests directly in Slack with one-click actions. Slack notifications display all necessary context to support informed decisions without leaving the chat flow.
Vanta Agent Can Now Create Policies
Users can now ask the Vanta Agent to generate custom policies, such as "Draft a vendor management policy" or "Create a policy for remote work security." The agent produces a tailored, editable policy—reducing the need for manual drafting or template customization.
QAuto: Daily Reminder Digest for Questionnaire Owners and Approvers
Users will now receive a daily email or Slack digest summarizing questionnaires that require attention:
For owners: Triggered when the due date is within 7 days or past due, and status is one of: Needs column selection, In progress, or Approved
For approvers: Triggered under the same date logic when status is: Ready for review or In review. This helps users stay on top of deliverables and avoid missing deadlines.
Week of November 2, 2025
Connect Google Cloud Platform (GCP) to Vanta in Under 5 Minutes
Users can now connect Google Cloud Platform (GCP) to Vanta in under 5 minutes, thanks to a streamlined flow with smart defaults, a simplified experience, and a new Cloud Shell script that automates policy and role setup.
CTM: Allow employees to ask questions directly in Slack
Users can now ask security and compliance-related questions directly in Slack, powered by Vanta’s CTM knowledge base. This enables employees to get fast, accurate answers using approved company information, all within existing workflows.
New Package: Enterprise (Internally: Modular Enterprise) - Replacing Scale and the old “Enterprise GRC” packages
Users now have access to Vanta’s new Enterprise package (Modular Enterprise), which replaces the Scale and previous Enterprise GRC packages. It offers a core platform with modular add-ons aligned to outcomes like Risk Management, TPRM, Trust Center, and Questionnaire Automation, enabling tailored solutions based on customer maturity and needs.
Pulling Leave and Personal Emails from HRIS
Users with updated HRIS integrations (Bob, Personio, PayFit, Employment Hero, Rippling, Trinet) can now pull leave data and personal email addresses into Vanta’s Personnel tab. This helps pause compliance tasks during leave and ensures contact info accuracy, improving task tracking and reducing false compliance failures. A reconnection to the HRIS integration is required to access these updates.
October 2025
Week of October 26, 2025
Custom Test Creation Now Available Without Admin Access
Users no longer need Admin-level access to create custom tests. With this update, any user assigned a custom role that includes “View and edit” permissions for “Tests and Documents” can now create and manage custom tests making it easier to delegate test creation across teams while maintaining permission boundaries.
[Public Preview] Vanta Agent now has frameworks & control context
Users can now access framework and control-aware responses from the Vanta Agent (Public Preview). The agent uses additional context like framework requirements and control mappings to deliver more tailored, GRC-savvy responses across the Policies, Controls, and Frameworks pages.
CTM: Track questionnaires at the account level
Users can now track questionnaires at the account level in CTM. This adds visibility alongside existing Trust Center access, activity, and customer commitments—laying the foundation for ROI reporting, CRM enrichment, and future trust lifecycle automation.
Github Streamlined Connection Flow
Users can now connect GitHub through a simplified OAuth flow that eliminates redundant configuration steps, making it much faster to complete setup. Additional improvements are planned, including repo selection UI and modal-based flows.
Evidence eval quality enhancements: reduce false positives in analysis
Users will see improved accuracy in evidence admissibility checks, thanks to quality enhancements that reduce false positives by approximately 50%. The updated pipeline focuses on broader criteria for audit readiness.
Bedrock AI Model Inventory (progressive rollout)
Users leveraging AWS Bedrock will now see a new inventory tab that tracks AI models in use, with metadata like last use, detection date, usage frequency, and export support. This data can also be pulled into custom tests. (Progressive rollout underway)
Week of October 19, 2025
Import from ROPA
Users can now import data inventory directly from their ROPA spreadsheet, simplifying onboarding and making the transition from manual tracking to Vanta smoother and faster.
CRI 2.1 New Framework (Cyber Risk Institute)
Users can now adopt the Cyber Risk Institute (CRI) Profile v2.1 framework in Vanta, with 319 mapped controls, full support for all four impact tiers, AI-powered evidence collection, and cross-framework mapping (45% overlap with NIST CSF, 50% with SOC 2, 55% with ISO 27001).
Trust Center Layout Customization
Users can now fully customize their Trust Center layout with a new “Customize layout” option, enabling drag-and-drop section reordering, section visibility toggles, and live previews before publishing.
Custom fields for processing activities
Users can create and manage custom fields for processing activities in the Data Inventory, assign values, and view them within the ROPA dashboard for greater tracking flexibility.
QAuto: Attach supporting evidence and documentation when requested
Users can now attach supporting documentation to QAuto responses, either by uploading new files or linking to their knowledge base. Final exports include the questionnaire and all supporting evidence in a zip file, along with a portal-ready download guide.
FedRAMP 20x Low + Moderate New Framework
Users now have access to the FedRAMP 20x Low and Moderate frameworks, including full control inventories and baseline toggling. With automation coverage expanding next quarter, teams can meet PMO thresholds and accelerate submissions.
Integration & Control filters on Tests page are now multi-select
Users can now apply multiple filters simultaneously for both Integrations and Controls on the Tests page, allowing for more refined test views and easier navigation.
Customizable Policy Renewal
Users can now set customizable policy renewal cadences, including options like quarterly, monthly, or every two years—expanding flexibility beyond the default annual renewal schedule.
Performance improvements to the computers page
Users will experience significant performance improvements on the Computers page, with load times dropping below 4 seconds even for large environments (e.g., 80k+ computers now load in under 1 second).
Domain Inventory from Cloudflare
Users connected to Cloudflare will now see domain inventory in Vanta, including whether domains are proxied and protected (e.g., WAF, DDoS). Vanta also introduces three new tests for verifying Cloudflare protections and supports this data in custom tests.
Week of October 12, 2025
Vanta now has 400+ integrations in our ecosystem!!!
Users now benefit from Vanta’s integration ecosystem surpassing 400 integrations, enabling automated evidence collection, reduced manual effort, and continuous audit readiness across the broadest tech stack in the trust management space.
Controlled Audit View GA
Users can now use the Controlled Audit View (GA) to limit auditor visibility on population pages. Auditors can self-serve basic sampling data (e.g., names and hire dates) but must explicitly request sensitive fields. Customers can also set a default audit view that auditors cannot override.
Evidence Eval: Support for auto-running evaluation and URL uploads
Users can now evaluate evidence from URLs and benefit from automatic evidence evaluation when documents are uploaded—streamlining workflows and reducing the need for manual review steps.
Existence Custom Tests (fka Any/All)
Users can now create Existence Custom Tests (formerly Any/All tests), which pass when any entity meets the criteria. This allows teams to verify the existence of roles, users, or other minimum conditions without requiring full compliance from all entities.
Native Tasks in Issue Management
Users can now create and manage native tasks directly within Issue Management, making it easier to track resolution efforts, assign responsibility, and keep work centralized in Vanta.
Create Jira tasks from Issues
Users can now create Jira tasks directly from Vanta Issues, enabling streamlined cross-tool task tracking and better alignment between security and engineering workflows.
Week of October 5, 2025
Processing Activity Data Inventory Landing Page
Users can now access a new Processing Activity Data Inventory landing page, which includes an overview of activities, the ability to create or edit standalone activities, and cross-linked views between activities and processors for easier navigation.
Team Notification Preferences
Users can now manage team notifications in a new Notification Preferences section under Team Settings. Team Admins can toggle specific alerts, including team assignment, membership changes, tasks needing attention, or task completion.
Test Filters for Custom Tests
Users can now add filter logic to custom tests to target specific resource subsets (e.g., only production environments), keeping evaluation logic clean and relevant.
Auto Scoping for Personnel
Users now benefit from faster, more reliable Auto Scoping for Personnel (GA), with instant scope updates across linked assets and improved alignment between personnel and compliance coverage.
Framework Scope Overview
Users can now view a Framework Scope Overview that shows total and percentage of scoped systems and people, plus a log of who made changes and when enhancing shared visibility and audit readiness.
QAuto: Improved AI source citations
Users will see improved AI source citations in QAuto, with reference lists now showing only sources actually used in the AI-generated answer, increasing transparency and trust.
Custom Resource Types
Users can now add custom resource types to their evidence list, including within the evidence request workflow, allowing greater flexibility in how compliance artifacts are tracked.
Vanta MCP Server: coverage for risks, vulnerabilities, people, documents, and integrations
Users can now query risks, vulnerabilities, people, documents, and integrations using the Vanta MCP Server. This enables advanced AI-driven use cases like generating GRC reports, checking test failures before deployment, and verifying access controls all from within external tools.
CTM AI: External web page sources for the knowledge base
Users can now add external web pages as sources in the CTM knowledge base. These are indexed daily and currently support Questionnaire Automation, with plans to extend to the Trust Center and chatbot in the future.
September 2025
Week of September 28, 2025
Collaborator role for Issues Mgmt
Users can now assign team members as Collaborators in Issue Management. Collaborators have object-level access only to specific issues they’re assigned, enabling Admins and Editors to delegate responsibilities without granting full module access.
TPRM Questionnaire Question Reordering / Duplication
Users can now duplicate and reorder questions in the TPRM questionnaire builder, allowing for faster setup, easier editing, and more streamlined questionnaire workflows.
Week of September 21, 2025
Workspaces improvements
Users will now experience improved performance and security in Workspaces, including faster load times (P95 reduced to 2.5s), reduced data access risk through a new GraphQL Workspaces type, and a simplified Users page to reduce confusion and support overhead.
[Issue Mgmt] Ability to filter and tag issues by source
Users can now filter and tag issues in Issue Management by source, selecting from Internal Audit, External Audit, Incident, or Other. This new “Issue Source” field also appears in CSV exports and can be used to filter issues directly in Vanta for better tracking and reporting.
QAuto: Redesigned response experience
Users will see a redesigned experience in Questionnaire Automation, moving from drawer-style to inline card-style responses for easier review and bulk actions. Users can now search the answer library directly from the response panel and enjoy a more collaborative editing experience.
Moxso Security. Awareness Integration
Users can now connect Moxso to Vanta via a new Security Awareness Training integration that passes SAT information for easier tracking and evidence collection.
LatticeFlow Access Integration
Users can now integrate LatticeFlow with Vanta via a newly built access integration, enabling marketplace visibility and access monitoring.
Watchpoint Vulnerability Integration
Users now have access to a live vulnerability integration with Watchpoint, allowing customers to connect and monitor their security findings through Vanta.
Week of September 14, 2025
ABV integration
Users can now integrate ABV as a partner system in Vanta. This access integration supports mutual customers and is part of ABV’s participation in the channel program.
Vanta Exchange Secure Login
Users can now restrict access to specific Vanta Exchanges using domain-based secure login. External users must log in via a magic link and only individuals from specified domains (e.g., @aws.com) can gain access—improving privacy and control during security reviews.
Week of September 7, 2025
TPRM Security Review Redesign
Users will now experience a redesigned TPRM Security Review workflow that automatically takes them to the exact step they last completed, eliminating the need to click through multiple screens. The improved UI clearly separates completed, pending, and upcoming tasks—making reviews faster, easier, and more focused on risk assessment.
Data inventory & ROPA builder (Early Access)
Users in early access can now build a data inventory and generate a ROPA directly in Vanta. This feature allows customers to define their personal data processing activities and associated vendors, import existing spreadsheets, and prepare regulator-ready reports—laying the groundwork for future automation and more sophisticated privacy management.
August 2025
Week of August 31, 2025
Expanding Access: Issue Management for Editors
Users with the Editor role can now access and manage the Issue Management module, allowing them to create, update, and oversee issues directly. This change improves collaboration and gives teams more flexibility without needing Admin or Manager permissions.
SentinelOne Alerts Management (Public Preview)
Users can now view and manage SentinelOne alerts in public preview. These alerts appear in the CSPM Alerts page, allowing customers to monitor severity-based SLAs, track findings, and manage remediation efforts more effectively.
Week of August 24, 2025
Tailscale (Access)
Users can now connect Tailscale to Vanta, syncing user accounts hourly to monitor access and confirm deprovisioning when personnel leave. Compliance tests include checking linked Tailscale accounts and confirming proper deactivation.
Keeper Integration (Access)
Users can now integrate Keeper via SCIM, syncing users and groups hourly into Vanta to track account access and automate compliance evidence for offboarding and access monitoring.
Bocada integration
Users can now list Bocada as an integration partner via an access-only integration, kicking off our collaboration while schema-level mapping is still in development.
Compliance Roadmap Improvements for clarity & engagement
Users will see an improved Compliance Roadmap experience, with simplified UI, clearer task tracking, more intuitive language, and redesigned auditor steps to increase clarity and reduce friction—especially for first-time compliance customers.
Bulk mark personnel as service accounts
Users can now bulk-mark personnel as service accounts (or revert them back) in one click, making it easier to manage large personnel lists in the Personnel Hub.
Trust Center: Granular Subscription to Updates
Users can now offer granular subscription options in their Trust Center, allowing buyers to subscribe to only the updates they care about instead of receiving all content.
View-Only Access to Framework Scoping
Users with limited permissions can now view framework scoping settings without being able to make changes, providing visibility while maintaining access control.
[Trust Center Private Preview] More granular design customization
Users in the Trust Center Private Preview can now customize more design elements, including buttons, fonts, colors, and borders—enabling tighter brand alignment.
CTM: Knowledge base ownership and verification
Users now benefit from structured governance in the knowledge base, with ownership assignment, visibility into content health, and automated re-verification to ensure accuracy over time.
HirePass Integration
Users can now integrate with HirePass, thanks to their implementation of Vanta’s Background Check schema using the Connectors API.
Corrective action card to Issue Mgmt
Users can now document corrective actions in a dedicated card in Issue Management, making ISO-aligned records easier to maintain and improving audit readiness.
Code Changes Scoping
Users will now see code changes filtered by scoping and segmentation tags, aligning pull requests with parent repo scoping on the /code-changes page for more accurate audit views.
Week of August 17, 2025
Policy Library
Users can now manage Vanta standard policies through the new Policy Library, giving them full control to add or remove Vanta policies from their program as needed—keeping the policies page clean and aligned with GRC program maturity.
Policy management & collaboration improvements
Users benefit from two major policy management upgrades:
Direct policy linking on control drawers now includes auto-generated rationale, giving users immediate context without extra clicks.
Comments on policies allow teams to tag collaborators with @mentions and view a centralized comment thread—including messages from the approval process—for better cross-functional collaboration.
TPRM Continuous Monitoring Alerts
Users now receive TPRM Continuous Monitoring Alerts when a high-risk vendor receives a new high-severity finding. Alerts appear on the Overview and Managed Vendors pages, and can be filtered by category, severity, and vendor risk—centralizing urgent vendor insights.
Improved test formatting in Issue Mgmt (QOL release)
Users will now see improved formatting in Issue Management, as line breaks and paragraph spacing are preserved in long text fields—making issues clearer and easier to read.
Week of August 10, 2025
TPRM: See Vendor Subprocessors
Users can now view vendor subprocessors in TPRM, including available details like product names, processing purposes, and geographic locations—giving better insight into a vendor’s extended risk surface.
[GA] Trust Center Accounts + Account Workflows
Users can now manage Trust Center Accounts and Account Workflows (GA) to track trust engagement across accounts, manage NDAs and access per account, and monitor activity like Trust Center views and questionnaire submissions. This lays the foundation for a future “Security CRM.”
New User Control Scoping
Users can now complete control scoping via a new survey at the start of the compliance roadmap, or within compliance settings. Based on their answers, Vanta will automatically unmap unnecessary controls, tests, and evidence—saving time and improving program relevance.
Issue mgmt due date filter
Users can now filter issues by due date in Issue Management, such as upcoming deadlines (e.g., next 7 or 30 days) or past-due tasks. This powers visibility on the My Work page for better prioritization and follow-up.
Comments on Issue Mgmt
Users can now leave comments directly within Issue Management, allowing teams to discuss, assign ownership, and document decisions within a single issue thread—no more switching tools.
Killing the Public GraphQL API
Users will no longer have access to the public GraphQL API, which has now been fully deprecated as part of the EI 2 initiative. All requests are redirected to use Vanta’s REST API going forward, simplifying development and support.
Assign teams as system approvers/admins for Access Requests
Users can now assign Vanta teams as system approvers or admins for Access Requests, allowing any member of the assigned team to act on requests and receive email or Slack notifications.
My Work
Users now have access to My Work, a dedicated page showing all assigned work (including team-related items), grouped by urgency with filters like “Needs my approval.” Collaborators now land on this page by default to stay focused without needing admin help.
Week of August 3, 2025
Submit access requests on behalf of others
Users can now submit access requests on behalf of others, with updated flows in both the Vanta app and Slack showing who submitted the request and who it’s for—streamlining delegation and approvals.
Exporting security review question and answers in TPRM
Users can now export question-and-answer content from the security review flow in TPRM, making it easier to share vendor responses externally or retain them for offline review.
Vanta Agent - SLA Remediation
Users can rely on Vanta Agent to automatically detect and surface SLA mismatches between policies and SLA settings, offering one-click fixes with before/after views—enabling proactive remediation without manual prompts.
July 2025
Week of July 27, 2025
Auto Scoping for Personnel [Open Preview]
Users can now auto-scope personnel with two new features in open preview: Bulk Group Updates for streamlined configuration across employee groups, and Auto-scoping to keep devices and accounts in sync based on employee ownership.
Vanta Agent - Policy Chatbot
Users can now chat with the Vanta Agent directly in Policies to ask plain-English questions and receive concise, sourced answers pulled from both approved and draft policies, improving policy access and internal clarity.
Structured access levels for Access Requests
Users can now configure structured access levels in Access Requests, requiring requesters to specify predefined access levels and enabling approvers to review exact entitlements—creating strong audit trails and improved verification for integrated systems.
Week of July 20, 2025
Public preview: TPRM - Vendor AI Answers
Users can now preview AI-generated answers in the vendor portal via TPRM Vendor AI Answers (public preview), reducing manual effort by pre-filling responses once evidence is submitted.
Support file uploads in Issue Mgmt
Users can upload supporting files (e.g., screenshots, PDFs, docs) directly to issues in Vanta, creating a centralized and audit-ready record of issue remediation.
Vanta Agent - SLA remediation beta
Users can now proactively fix SLA mismatches between policies and Vanta settings with the Vanta Agent SLA Remediation beta, accessible via the new “AI insights” banner in the Policies tab.
Private Preview: Automate spreadsheet questionnaires with custom dropdown responses
Users in the private preview can now automate spreadsheet questionnaires with custom dropdown responses using QAuto, allowing Vanta AI to select the most relevant predefined value and apply it directly in the export.
Inline Citations for TPRM AI
Users now see inline citations in TPRM AI answers, clearly referencing the specific evidence and page location used to generate each response—making verification faster and easier.
Tag awareness for the Trust Center chatbot
Users benefit from improved accuracy in the Trust Center chatbot, which now respects applied tags to ensure it only surfaces relevant, tagged resources.
Week of July 13, 2025
Issues .csv download
Users can export all issues and their metadata to CSV, simplifying external analysis, audit prep, and offline tracking.
Policies REST API
Users can now query the status of their policies via Vanta’s REST API with two new endpoints:
List policiesandGet policy by ID, enabling deeper integration and automation.
Private Preview: Chatbot for Public Trust Centers
Users in the private preview can now enable chatbot functionality on public Trust Centers, with safeguards to ensure only publicly available information is referenced.
QAuto: Vanta Agent answering experience
Users now experience a more transparent AI workflow in QAuto with the introduction of the Vanta Agent answering experience, setting the stage for interactive and multi-step AI capabilities.
Week of July 6, 2025
Issue to risk mapping
Users can now map issues directly to risks in the Issue Management module, providing better visibility into how individual issues impact broader compliance objectives.
Control history visibility setting
Users on Growth+ plans can now control whether control history is visible to auditors via a new setting in the Audit Visibility section. This setting is off by default.
Access Requests Export
Users can now export all access requests directly from the Access Requests page for easier reporting and tracking.
QAuto: Improved automatic answer length/verbosity
Users benefit from improved QAuto responses thanks to a new AI classifier that determines optimal verbosity before answer generation, resulting in more reliably formatted answers.
Answer Library CSV Export
Users can now export their filtered Answer Library as a CSV, making it easier to generate custom reports or maintain offline backups.
Performance improvements to the Policies Page
Users will experience significantly faster load times on the Policies Page following recent performance improvements, supporting larger orgs with extensive user and policy data.
June 2025
Week of June 29, 2025
Adaptive Framework Scoping: Mark All In/Out by Resource Group
Users can now bulk mark resources in or out of scope by resource group using Adaptive Framework Scoping, simplifying setup for frameworks like PCI and ISO 27017 and enabling precise, efficient configuration across large environments.
Code Changes for Azure DevOps // Start of `/changes` deprecation
Users now have access to redesigned
/code-changesauditor pages (beta) offering improved control, clarity, and exportability, with added support for Azure DevOps including accurate parsing of review groups for robust compliance checks.
Pen Test Import v0
Users can now access Penetration Tests directly from the Assets > Vulnerabilities section, streamlining visibility and laying the groundwork for enhanced pen test support and findings tracking in Q3.
Wiz Vulns and Alerts GA!
Users can now access Wiz Vulnerabilities and Issues as the integration enters GA, expanding availability to all customers after months of refinements and successful adoption by over 150 teams.
Week of June 22, 2025
Risk report filter expansion to all charts
Users can now apply owner, category, and status filters across all charts in the risk report, enabling more consistent and tailored risk insights.
QAuto: Automatically detect columns in spreadsheet questionnaires
Users can now leverage Vanta AI to automatically detect column types in spreadsheet questionnaires, streamlining setup and moving closer to fully automated questionnaire completion.
Week of June 15, 2025
Test SLA Customization
Users can customize a test’s SLA category, allowing them to adjust its priority or assign a different SLA based on their organizational needs.
Oracle Cloud GA
Users can now integrate with Oracle Cloud at GA, featuring new product tests, expanded support for networking components, region editing, multi-tenant configurations, and more bringing Oracle in line with other cloud integrations.
Customers can limit auditor actions
Users can now restrict auditor actions in Vanta with new compliance settings that prevent auditors from creating audits, modifying controls, or adding additional auditors.
Week of June 8, 2025
Test Details: Failing Entities by Segment
Users can now view failing test entities by segment on the Test Details page, enhancing visibility into which scoped resources are out of compliance and improving clarity across segments.
New Framework-specific Tests Table
Users can access a new framework-specific tests table that displays only tests relevant to a given framework, with accurate statuses and direct links from the overall tests table for streamlined navigation.
GDPR Policies now in Policy Builder
Users can now access GDPR-specific policies in Policy Builder, expanding the existing library with two new templates to support GDPR compliance alongside SOC 2 and ISO 27001. All templates include updated editing guidance to align with GDPR requirements.
Comment Notifications
Users can stay on top of collaboration with the new Comment Notifications inbox, which consolidates all relevant comment threads in one place for easier tracking and responses.
Vanta MCP Server (Public Preview)
Users can now interact with Vanta data using LLMs via the Vanta MCP Server (Public Preview), enabling advanced workflows like audit prep and automated remediation directly in tools like Claude Desktop or Cursor.
Redesigned AWS Integration Overview Page
Users will see a redesigned AWS Integration Overview Page featuring a full-page layout with tabs for overview, capabilities, prerequisites, permissions, synced resources, and automation details streamlining decision-making and aligning with the content on vanta.com.
Week of June 1, 2025
More Personal Email Support for Merge HRIS Platforms
Users can now track personal emails in Vanta for 17 additional Merge HRIS platforms, expanding visibility into employee data across systems.
QAuto: Adjust answer columns and re-run AI answers without starting from the beginning
Users can now adjust answer columns in spreadsheet questionnaires and selectively re-run AI responses for unapproved answers, preserving approved content and reflecting the latest knowledge base updates.
TPRM: Marking a question as reviewed releasing this week
Users can now mark TPRM questions as reviewed, locking the primary answer to track progress and ensure stability in collaborative workflows, while still seeing the latest AI and vendor responses.
May 2025
Week of May 25, 2025
Comments on Risks and Controls
Users can now collaborate more effectively in Vanta by adding comments and tagging teammates directly on controls and risks, just like with audits and questionnaires. Notifications are sent as comments are added to keep everyone in the loop.
Risk Filter Update
Users can now customize their risk register and action tracker with an updated filter experience that reduces clutter by showing key filters by default and allowing additional filters to be added as needed. This update adopts Vanta’s new filter overflow pattern for a cleaner, more flexible interface.
View and Filter Personnel by Individual Security Tasks
Users can now view and filter the people table by individual security tasks, making it easier to track task completion across personnel. The table can also be customized to show the most relevant columns for quick insights into task-level progress.
QAuto: Adjust verbosity at the answer level
Users can now adjust the verbosity of individual QAuto answers by selecting from Concise, Standard, Extensive, or AI-recommended options. This manual control improves answer customization while helping train better automatic verbosity selection over time.
TPRM: Use Links with Vanta AI
Users can now leverage Vanta AI to auto-populate security questionnaires by submitting a link as evidence, enabling quicker insights into a vendor’s risk posture without waiting for additional documentation.
Week of May 18, 2025
Framework Scoping for 1st Party Integrations
Users can now apply framework scoping to all Vanta-built integrations, ensuring that only relevant data is monitored for compliance. All future first-party integrations will support this feature, with a few exceptions that don't import resources.
Week of May 11, 2025
Unified Permission Foundation: Org-Roles Now Powered by Oso
Users now benefit from a more scalable and secure role-based access system as all organizational role evaluations have been migrated to Oso, a centralized authorization engine. This upgrade standardizes permission checks, boosts performance, and lays the groundwork for advanced access control features.
Week of May 4, 2025
Improved comments notification copy
Users will now see the domain name in the subject line of comment notification emails sent to auditors, along with the object type name included in the email body for clearer context.
Personnel in-app hub
Users can now access an in-app hub within the People tab that provides step-by-step guidance and interactive tours to help new admins navigate personnel setup in Vanta.
Object-level owner role on controls (aka granular user access on assigned controls)
Users can now be assigned as owners of specific controls using object-level roles, granting them access only to those controls and their mapped evidence for more granular permission management. This enhancement enables precise delegation and supports least privilege by allowing control owners to reassign mapped tests and documents.
AI change summaries for streamlined approvals
Users can now leverage Vanta AI to generate draft approval notes by comparing the latest policy draft with the last approved version, highlighting key changes for easier review. For first-time policies, Vanta AI provides a summary instead.
Introducing support for Wiz Issues in Vanta
Users can now view Wiz Issues directly in Vanta through a new integration for Growth+ customers, enabling unified visibility into misconfigurations and risks alongside Wiz vulnerabilities. This feature supports filtering, pagination, and centralized risk monitoring while remediation continues in Wiz.
April 2025
Week of April 27, 2025
Users can automate how personnel request access to systems. Vanta routes requests to the right approvers and admins, tracks status, and simplifies provisioning.
Test Management by Framework Segment
Users can view test status, asset counts, and history by framework segment to simplify audit prep, support scalability, and keep compliance efforts organized.
Framework Scoping: Integrations scoping
Users can now filter scoped out integrations and accounts from the audit view. They won’t show up in product tests, or across any audit pages, providing a seamless framework scoping experience that just works (TM).
Week of April 20, 2025
SCIM support for Teams
Users can sync Vanta Teams to their IdP Groups via SCIM, enabling seamless and programmatic Team management as the customer’s organization grows and changes.
Scheduled delivery of Reports
Users can schedule reports to be emailed daily, weekly, or monthly, with each email linking directly to the live report in Vanta for up-to-date visibility across stakeholders.
Document Quick Views
Users see quick views on the Documents page that filter and display relevant documents and columns based on the actions they need to take.
Add messages to streamline policy approvals
Users have the ability to drop messages to their designated approvers so they can make a more efficient and informed approval decision.
Improvements to Control History
Users now see a detailed control history that logs changes to key fields and allows optional “reason for change” notes when tests or documents are unmapped.
TPRM: Questionnaire Library
Users can create questionnaires by choosing from a curated library built by Vanta SMEs, then customize them as needed—including options for general vendors and AI-specific use cases.
Week of April 14, 2025
SCIM support for Teams
Users can sync Vanta Teams to their IdP Groups via SCIM, enabling seamless and programmatic Team management as the customer’s organization grows and changes.
AI Control Mapping for Policies
If you are using Vanta's default template stack or bringing in your custom policies, you can use Vanta AI to help you map security controls back to the policy
Collaborator Role
The collaborator role is now available for object-level assignments and more granular access control within Vanta
Week of April 7, 2025
Compliance Roadmap
The test metric allows customers to easily assess their program's progress by providing the key metrics they need, all in one seamless location
Week of March 31, 2025
Report Center Metrics: Test Breakdown by Status
The test metric allows customers to easily assess their program's progress by providing the key metrics they need, all in one seamless location
March 2025
Week of March 24, 2025
Custom Metadata Fields: Vendor Risk Management
Users can now flexibly track any and all data they need to know about the vendor. They can choose from the following field types: text, date, number, and picklist.
Week of March 17, 2025
New Standard Vendor Fields: Vendor Risk Management
TPRM has two new standard fields: contract amount and vendor headquarters.
Preserving security reviews when merging vendors: Vendor Risk Management
When a user merges two vendors, they can preserve the security reviews, evidence, and findings from both vendors, ensuring they don't lose any of the due diligence they've done.
Week of March 10, 2025
Vanta Branded Engagement Letters
Customers activating their Trust Centers for the first time will find a resource document already created for them, affirming their engagement with Vanta and ongoing compliance efforts.
Week of March 03, 2025
Advanced tagging for Questionnaire Automation and Trust Center (GA)
Create custom tags for organizing your knowledge base and sharing resources from your Trust Center
Internal audit tag
Customers can select an audit type when creating an audit engagement in Vanta.
Team ownership for tests & documents
Customers can now create and assign Teams as owners of tests and documents.
Vendor Risk Management Slack notifications
Users receive Slack notifications when questionnaires are submitted and are notified when all evidence is available, and the security review is ready for analysis.
Trust Center: Hide full access requests
Trust Center admins now have the option to disable "Full access" on their public Trust Center
February 2025
Week of February 24, 2025
Merge.dev Multi-Tenancy Support
Vanta's new Merge.dev Multi-Tenancy Support enables seamless management of multiple instances of the same integration
Framework Scoping for MDMs
Customers can now scope JumpCloud resources by framework
Questionnaire Automation: Delete individual rows after import
After adding a questionnaire, customers can select response rows and delete them.
Vendor Risk Management
Vendor AI answers will be organized in bullet points
Users can choose to move a vendor from Discovery into Procurement, following the funnel and typical workflow of our users
Week of February 17, 2025
Framework scoping for Azure and GCP Organization Sub-accounts
Users can now scope individual accounts within organizations for GCP and Azure.
Framework scoping for GitHub Organizations & Projects
Users now have control over which frameworks they include their GitHub organizations and project assets in.
Framework scoping for AWS Organization Sub-accounts
With AWS organization sub-account scoping, users now have more granular control over their assets.
Week of February 10, 2025
Approval workflow for questionnaires
An approval workflow can now be facilitated within Questionnaire Automation. This workflow allows an approver to be assigned and notified when the questionnaire is ready for review with a new set of statuses to track and communicate each step of the process clearly.
Week of February 3, 2025
Bulk Reminders for the People Page
Admins can now send a bulk one-time reminder to specific people by selecting them on the People Page table. The admin can also select whether to send these reminders over Slack, email, or both (the reminder will default to their current personnel notification settings).
January 2025
Week of January 28, 2025
Sensitivity Flag on Documents Table
There is a new column in the documents table to indicate if a document is "sensitive"
Streamlined control mapping for policies
We’ve added an “Add Controls” button directly on the Policy details page
Transition flagged evidence back into "ready for audit"
Users can transition flagged evidence back into ready-for-audit; this lets them know that a piece of evidence is ready for another review, eliminating the need for back and forth between auditors and customers.
Week of January 20, 2025
Customers can filter their evidence list by 'auditor-created evidence.'
Users can filter evidence to view evidence created by the auditor
View-only permissions enabled in custom role-based access control
For each permission in a custom RBAC role, the admin can choose from “no access,” “view-only,” or “view and edit.”
Show risk ID when mapping risk scenarios to a control
When a user maps a risk to a control, they will be able to see the risk ID along with other pertinent information about the risk.
Week of January 6, 2025
New Documents page experience
Users are now prompted to add all relevant files to satisfy the document evidence request and mark it as complete before the document status changes to OK.
Risk REST API
Four new endpoints are now available via the REST API:
