Vanta AI Security Assessment evaluates AI risk

Vanta announced new ways to help organizations demonstrate AI security and evaluate AI risk across their ecosystem. With the launch of Vanta’s new AI Security Assessment offering, customers using, developing or building with AI can now more effectively address critical considerations and proactively strengthen their AI security posture.

As AI evolves and becomes increasingly ubiquitous, demonstrating secure practices and managing vendor risk are critical for maintaining trust. According to Vanta’s State of Trust report, 62% of organizations plan to invest more in AI security in 2025, but only 36% of organizations have, or are in the process of putting a company AI policy in place.

“AI has become foundational to how businesses operate, and every company—not just those building AI—need to engage with it responsibly on behalf of their customers, vendors and stakeholders,” said Jeremy Epling, CPO, Vanta. “Regulations are moving quickly, and so are the risks. With Vanta’s AI Security Assessment, we’re giving companies a practical, scalable way to assess AI-related risk, demonstrate their AI posture and build trust in a rapidly changing landscape. Earning our ISO 42001 certification reinforces that commitment, setting the standard not just for our customers, but for ourselves and the industry as a whole.”

AI Security Assessment built by experts and powered by insights

Available now, Vanta’s AI Security Assessment provides a standardized approach to evaluating AI-related security risks and enables companies to have a better understanding of how these risks impact their overall security program. AI Security Assessments feature an accessible and practical set of evaluative questions covering ten critical categories, from governance and organizational management, data privacy and security, bias, human oversight and more.

With AI Security Assessment, customers can:

• Demonstrate AI posture proactively: Completed assessments can be published on a public-facing Trust Center, making them easily accessible to customers and partners.
• Complete questionnaires faster: Assessments can be added to Vanta’s knowledge base to power AI-generated responses in Vanta’s Questionnaire Automation tool—helping security teams cut down the time it takes to respond to incoming security questionnaires.
• Evaluate vendor AI risk: AI Security Assessment questions are now part of Vanta’s Vendor Risk Management questionnaires, enabling customers to confidently assess vendor AI risk.

“As companies race to adopt AI, standardized approaches like Vanta’s AI Security Assessment bring much-needed clarity and accountability to how AI systems are secured and governed,” said Ryan Maple, Head of Information Security and Compliance, Writer. “We were glad to contribute input based on what we’re seeing across the industry and hope this helps raise the bar for responsible AI practices.”

Vanta AI Security Assessment questions are aligned to Vanta-supported AI compliance frameworks, including NIST AI RMF, EU AI Act and ISO 42001, helping customers ensure compliance as regulations evolve. The assessment supports customization with tiered questions based on how a company engages with AI:

• For companies using AI, including AI software products or software built with AI: the assessment provides a basic AI security evaluation.
• For companies building with AI, or providing AI-powered products and services: the assessment layers on additional questions to evaluate AI supply chain risks, cross-functional review processes, model training methods, drift and performance degradation, and more.
• For companies developing AI models and training AI systems: the evaluation includes additional questions about access controls, issue reporting protocols, risk level classification, procurement policies and more.

Vanta achieves ISO 42001 certification for responsible AI practices

As the leading trust management platform, Vanta is the first and only compliance automation and trust management platform to earn its ISO 42001 certification, the international standard for managing artificial intelligence responsibly. Leading by example, Vanta helps customers navigate emerging AI risk and regulation with guidance grounded in firsthand experience with the framework.

“The regulatory landscape around AI continues to evolve, and Vanta is committed to not only keeping pace, but leading with transparency and trust,” said Jadee Hanson, CISO, Vanta. “Achieving our ISO 42001 certification is one step in our ongoing journey to establish trust in the age of AI, and to support the GRC community as we navigate this shift together.”

To benefit its customers, Vanta is expanding its applications of Vanta AI throughout the platform and adopting AI to power operations across its business. This certification ensures that this growth is rooted in responsible practices and demonstrates Vanta’s focus on transparency and continuous improvement.

Vanta’s ISO 42001 badge and certificate are available in its Trust Center, along with its own AI Security Assessment.