Vanta, a trust management platform, has recently unveiled a new AI Security Assessment offering to provide organizations with a means of demonstrating AI security and evaluating AI risk across their ecosystems.
Assessments target the growing need to address AI security proactively
Customers who use, develop, or build with AI can utilize this assessment tool to more effectively address critical considerations and proactively boost their AI security posture.
“AI has become foundational to how businesses operate, and every company– not just those building AI– need to engage with it responsibly on behalf of their customers, vendors, and stakeholders,” said Jeremy Epling, Vanta’s chief product officer. “Regulations are moving quickly, and so are the risks. With Vanta’s AI Security Assessment, we’re giving companies a practical, scalable way to assess AI-related risk, demonstrate their AI posture, and build trust in a rapidly changing landscape. Earning our ISO 42001 certification reinforces that commitment, setting the standard not just for our customers, but for ourselves and the industry as a whole.”
Vanta’s AI Security Assessment is now generally available, providing a standardized approach to evaluating AI-related security risks and enabling companies to have a better understanding of risks that can impact their overall security program.
The assessment features an accessible and practical set of evaluative questions covering 10 critical categories, from governance and organizational management, data privacy and security, bias, human oversight, and others.
Among the features of the AI Security Assessment are:
- An ability to demonstrate AI posture proactively. The completed assessments can be published on a public-facing Trust Center to make them more easily accessible to customers and partners.
- Questionnaires can be completed quickly by being added to Vanta’s knowledge base to power AI-generated responses in Vanta’s Questionnaire Automation tool, thereby helping security teams reduce the time it takes to respond to incoming security questionnaires.
- Assessment questions are now part of Vanta’s Vendor Risk Management questionnaires, enabling customers to assess vendor AI risk with confidence.
“As companies race to adopt AI, standardized approaches like Vanta’s AI Security Assessment bring much-needed clarity and accountability to how AI systems are secured and governed,” said Ryan Maple, Head of Information Security and Compliance, Writer. “We were glad to contribute input based on what we’re seeing across the industry and hope this helps raise the bar for responsible AI practices.”
Achieving Vanta-supported AI compliance frameworks
The Vanta assessment questions are designed to align with Vanta-supported AI compliance frameworks, including the NIST AI RMF, EU AI Act, and ISO 42001. This helps customers ensure compliance as regulations evolve.
The Vanta AI Security Assessment supports customization with tiered questions based on how organizations engage with AI:
- Companies that utilize AI, including those that employ AI software products or software built with AI, can utilize the assessment to conduct a basic AI security evaluation.
- Companies building with AI, or providing AI-powered products and services, utilize the assessment layers to address additional questions and evaluate AI supply chain risks, cross-functional review processes, model training methods, drift, and performance degradation, among other factors.
- Companies developing AI models and training AI systems can use the evaluation for additional questions about access controls, issue reporting protocols, risk level classification, procurement policies, and more.
According to Vanta, their trust management platform is the first and only compliance automation and trust management platform to have earned ISO 42001 certification —an international standard for managing AI responsibly. The platform helps customers navigate emerging AI risk and regulation with guidance grounded in firsthand experience with the framework.
Vanta will expand the applications of Vanta AI throughout the platform and adopt AI to benefit its customers. ISO 42001 certification ensures that the growth of applications is rooted in responsible practices.
“The regulatory landscape around AI continues to evolve, and Vanta is committed to not only keeping pace, but leading with transparency and trust,” said Vanta CISO Jadee Hanson. “Achieving our ISO 42001 certification is one step in our ongoing journey to demonstrate trust to our customers, partners, and stakeholders, and to support the GRC community as we navigate this shift together.”
The increased use of AI has led to a significant rise in data center power and cooling requirements. Learn more from nVent about how retrofits, liquid cooling, and smart tech help cool data centers.