AI Market Logo
Login Sign Up
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%
Drata Brings AI Agent Technology To Vendor Risk Management: Exclusive
risk-management

Drata Brings AI Agent Technology To Vendor Risk Management: Exclusive

Drata debuts AI Agent for Vendor Risk Management to automate and enhance governance, risk, and compliance tasks for enterprises.

August 6, 2025
5 min read
Rick Whiting

Drata debuts AI Agent for Vendor Risk Management to automate and enhance governance, risk, and compliance tasks for enterprises.

Drata Brings AI Agent Technology To Vendor Risk Management: Exclusive

Risk and compliance startup Drata today debuted its AI Agent for Vendor Risk Management (VRM), marking the first in a planned series of AI assistants designed to shift governance, risk, and compliance (GRC) tasks from manual processes to autonomous, context-aware agents. The San Diego-based company introduced the VRM Agent as a foundational step toward its broader vision of autonomous AI agents enabling continuous GRC operations on its AI-native Trust Management platform. The VRM Agent targets GRC teams responsible for managing relationships with thousands of outside vendors, including IT companies and service providers.
“This is a new era of trust management, as we say, where trust is continuously maintained and proven,” said Adam Markowitz, Drata CEO and co-founder, in an exclusive interview with CRN.
Risk management tools help businesses identify, assess, and control threats—ranging from cybersecurity risks to financial and operational risks. Managing risks posed by third parties such as suppliers and customers is a critical component of this process. GRC teams typically operate within security operations under the oversight of chief information security officers (CISOs). Founded in 2020, Drata offers a cloud-based GRC platform that supports risk management, policy compliance monitoring, user access reviews, and evidence collection for audits, security assurance, and service level agreements (SLAs). The company serves approximately 8,000 customers, achieved 60% year-over-year global revenue growth in its last fiscal year, and surpassed $100 million in annual recurring revenue earlier this year. Drata’s SaaS platform integrates with hundreds of external vendors, continuously monitoring their security controls and collecting evidence to confirm contractual compliance. A key feature of the platform is its integration with trust centers—external websites and portals where IT vendors share security, privacy, and compliance information such as SOC 2 reports, HIPAA policies, certifications, and more. These trust centers foster transparency and trust among customers, partners, and other stakeholders. Networks of trust centers include cloud platforms, code repositories, and identity security providers. In February 2025, Drata acquired SafeBase, a trust center software provider used by over 1,000 companies including OpenAI, Twilio, CrowdStrike, Hubspot, LinkedIn, and T-Mobile.
“Third- and fourth-party vendor risk is one of the leading causes for security breaches or incidents across their vendor landscape,” Markowitz noted.
He also highlighted the risks introduced by the rapid adoption of AI services, including “shadow AI” usage, which can lead to data leaks and compromise data integrity and confidentiality. CISOs and security teams face pressure to quickly assess these vendors to safely integrate AI technologies. The VRM Agent, currently in beta and expected to be generally available by the end of 2025, specifically addresses vendor risk management. It helps evaluate and manage vendor relationships to reduce cybersecurity risks and gather information for internal audits and SLAs.
“Having agents takes this to a whole new level,” Markowitz said, emphasizing the agent’s ability to autonomously establish monitoring criteria for vendors and even vendors’ vendors, continuously monitoring them in real-time—capabilities beyond human scale.
The VRM Agent accelerates vendor risk reviews and improves data scoring for network trust frameworks. Its features include automated criteria extraction and mapping, AI-powered document review and risk scoring, dynamic report generation, and follow-up orchestration. Drata also announced that additional Trust and Compliance agents are in development and will be released following the VRM Agent. The company collaborates with over 1,000 partners, including IT service providers, system integrators, and audit firms. Approximately one-third of Drata’s sales come through partners, and about 90% of deals involve partner participation. Some partners incorporate Drata’s platform into their vendor onboarding processes, while others offer it as a managed service to customers, expanding advisory and managed service opportunities tied to GRC.

Frequently Asked Questions (FAQ)

Drata's AI Agent for VRM

Q: What is Drata's new AI Agent for Vendor Risk Management (VRM)? A: It's an AI assistant designed to automate and enhance the process of managing risks associated with third-party vendors. Q: How does the VRM Agent work? A: It autonomously establishes monitoring criteria for vendors, continuously monitors them in real-time, and helps evaluate vendor relationships to reduce cybersecurity risks and gather audit information. Q: What are the key features of the VRM Agent? A: Features include automated criteria extraction and mapping, AI-powered document review and risk scoring, dynamic report generation, and follow-up orchestration. Q: When will the VRM Agent be generally available? A: It is currently in beta and expected to be generally available by the end of 2025. Q: What is Drata's broader vision for AI assistants? A: Drata plans to release a series of AI assistants designed to shift GRC tasks from manual processes to autonomous, context-aware agents, enabling continuous GRC operations on their AI-native Trust Management platform. Q: What are "trust centers" in the context of vendor risk management? A: Trust centers are external websites and portals where IT vendors share security, privacy, and compliance information, fostering transparency and trust among stakeholders. Q: What risks does Drata's CEO highlight regarding AI adoption? A: Dr. Markowitz highlights risks like "shadow AI" usage, leading to data leaks and compromised data integrity and confidentiality, and the need for CISOs and security teams to quickly assess AI vendors.

Crypto Market AI's Take

Drata's introduction of an AI Agent for Vendor Risk Management signifies a significant advancement in how organizations approach third-party risk. In the rapidly evolving digital landscape, especially with the increasing integration of AI services, managing vendor security and compliance is paramount. This development aligns with the broader trend of AI-driven automation in critical business functions, a concept that resonates deeply with our focus on leveraging AI for market intelligence and trading. The ability of Drata's agent to autonomously monitor vendors, even down to their own suppliers, showcases the power of AI to scale complex processes beyond human capacity. This proactive, continuous monitoring approach is crucial for mitigating sophisticated risks, a principle we apply to our own AI-powered crypto trading bots. As businesses increasingly rely on interconnected digital ecosystems, the need for robust and intelligent vendor risk management solutions, like Drata's offering, becomes indispensable for maintaining trust and security.

More to Read:

Originally published at CRN on August 5, 2025.