Latest news with #JeremyEpling
TechCrunch
02-06-2025
- Business
- TechCrunch
Vanta bug exposed customers' data to other customers
Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and compliance processes, said it identified an issue on May 26 and that remediation will complete June 4. The incident resulted in 'a subset of data from fewer than 20% of our third-party integrations being exposed to other Vanta customers,' according to the statement attributed to Vanta's chief product officer Jeremy Epling. Epling said fewer than 4% of Vanta customers were affected, and have all been notified. Vanta has more than 10,000 customers, according to its website, suggesting the data exposure likely affects hundreds of Vanta customers. One customer affected by the incident told TechCrunch that Vanta had notified them of the data exposure. The customer said Vanta told them that 'employee account data was erroneously pulled into your Vanta instance, as well as out of your Vanta instance into other customers' instances.' The customer told TechCrunch that Vanta's notice said this type of data 'generally includes' information like employee names, roles, and information about configurations of some tools, such as the use of multi-factor authentication. When asked by TechCrunch, Vanta spokesperson Erin Cheng would not say what types of customers' data were involved during the incident or comment on whether Vanta employee data was exposed. Founded in 2018, Vanta has raised more than $350 million to date, including $150 million in its most recent Series C funding round in July 2024.
Times
14-05-2025
- Business
- Times
AI is rewriting the rules of risk management
With cyber risks and compliance demands increasing, automation is quickly becoming the smartest way for businesses to stay secure, agile and ahead of the curve Organisations today face unprecedented challenges when it comes to managing risk. More applications, increased cloud migration and the proliferation of software-as-a-service solutions have dramatically expanded the threat landscape. Meanwhile, security teams are struggling with strict regulations, shrinking budgets and talent shortages. At the same time, chief information and security officers are keen to demonstrate the business value that the security function provides, rather than just being viewed as a cost centre. They want to convey cybersecurity's role in mitigating risk, achieving compliance standards and helping to win new business. It is against this backdrop that artificial intelligence (AI) presents a double-edged sword, often representing both a significant threat and a powerful solution. Cybercriminals are using AI to create more convincing phishing attempts and generate more complex attack codes. But AI-powered tools are also providing unprecedented capabilities in risk management and compliance. 'We're seeing more vulnerabilities and attack vectors than ever before,' explains Jeremy Epling, chief product officer at Vanta. 'AI is being used by attackers to create new threats, whether through sophisticated phishing attempts or AI-generated attacks. 'But AI also gives us a capability we never had before: dealing with unstructured data. So much of compliance and security revolves around documents and screenshots, and now we have an entirely new way to understand and provide value.' Vanta's most recent The State of Trust Report reveals a striking insight: 77 per cent of IT decision-makers believe automation can relieve the manual burden of compliance, saving them time and money. Yet only 60 per cent of business leaders agree. This gap likely stems from a fundamental misunderstanding of the manual burden faced by security teams, says Epling. 'It boils down to who feels the pain every day. Business leaders are looking at the numbers and the ROI and driving the business, but they're not living in these tools every day and building a deep appreciation for how many hours get sucked into these reviews,' he explains. 'Governance, risk and compliance has been underserved for a long time in terms of providing a high level of innovation and helping to drive efficiencies.' Businesses are spending more time than ever before on compliance. In the UK, companies already dedicate 12 working weeks per year to keeping operations compliant. Security teams in particular often dedicate far more time to compliance than to other value-adding activities, such as cyber strategy and threat mitigation. Here, intelligent automation offers multiple operational benefits. 'AI can help generate secure code, automate remediation processes and provide a single pane of glass for your entire security programme,' Epling says. For example, AI can automatically respond to complex security questionnaires and analyse vendor documents, identifying risks and providing actionable insights. It can also ensure consistency around security policies, as AI can detect irregularities across multiple policy documents. Automated systems can also immediately identify documentation issues, which can help prevent last-minute audit complications. 'Instead of spending hours manually reviewing documents and copy-pasting responses, AI can take a first pass on these tasks,' says Epling. Perhaps most importantly, intelligent automation enables security teams to be seen as strategic business enablers rather than cost centres. 'When you achieve compliance standards, you can unlock new markets and win additional business,' Epling says. He continues: 'Automation helps us clearly show time savings and improvements in efficiency. For example, when teams use Vanta's automated workflows, we can quantify how much faster they're completing tasks compared to before. That makes it easy for security leaders to go back to their management and explain the tool's value.' But it's not just security teams that benefit from automation tools, he explains; these systems can also help engineering and IT teams to work more efficiently. 'Since they're not in the security trenches every day, giving them focused, actionable remediation guidance, along with context about why it matters, helps them prioritise effectively,' Epling says. And with Vanta's tools, such as automated questionnaires, customers are constantly providing feedback to help the firm improve its programmes. 'It's a way to turn security from a cost centre into a growth enabler,' says Epling. 'When you can show how your trust posture helps close deals faster or opens new opportunities, it becomes a clear business-value driver. And it bridges the gap between security teams and leadership, so they're finally speaking the same language.' For organisations considering intelligent automation, Epling offers some practical guidance. The first step is to start small – focus on specific areas such as supplier risk or questionnaire management. Then trial AI tools with existing documents and policies, and make sure the AI solutions provide clear citations and explanations. Epling also advises organisations to consider comprehensive platforms that offer a holistic view of governance, risk and compliance. 'For startups and small businesses, there are tools designed to help you get your first certification,' says Epling. 'You don't need prior knowledge – the right platform will guide you step by step.' As cyber threats become more sophisticated and the compliance burdens increase, intelligent automation isn't just a 'nice-to-have' – it's becoming a necessity. Such automation marks a transformative approach to risk management. By embracing AI-powered tools, organisations can not only mitigate risks more effectively but also turn compliance into a strategic business advantage. 'The goal is to spend less time on paperwork and more time on deep, impactful security work that truly protects your organisation,' says Epling. As cyber threats continue to evolve, the message is clear: intelligent automation isn't just a technological upgrade, it's a critical component of your security strategy. To learn more, please visit
