Drata is ushering in a new era of trust management with the launch of its AI Agent for Vendor Risk Management (VRM). This groundbreaking AI assistant is the first in a series of tools designed to automate governance, risk, and compliance (GRC) tasks, aiming to transition GRC operations from manual processes to autonomous, context-aware AI agents. Based in San Diego, Drata's VRM Agent is a core component of their AI-native Trust Management platform, which supports organizations in continuously maintaining and proving trust. The VRM Agent is particularly beneficial for GRC teams tasked with managing relationships with thousands of external vendors, including critical IT service providers. Adam Markowitz, Drata CEO and co-founder, emphasized this shift in an interview with CRN, stating, "This is a new era of trust management, as we say, where trust is continuously maintained and proven." Risk management tools are crucial for identifying and controlling threats, with third-party vendor risk being a significant concern for organizations, especially with the rapid adoption of AI services and the rise of "shadow AI," which can lead to data leaks and compromise data integrity. Drata's cloud-based GRC platform, founded in 2020, already offers capabilities like risk management, policy compliance monitoring, and evidence collection for audits. The company serves approximately 8,000 customers and has achieved over $100 million in annual recurring revenue with 60% year-over-year global revenue growth. The platform integrates with hundreds of external vendors, continuously monitoring their security controls. A key feature is its integration with trust centers, where vendors share security and compliance information. This includes Drata's recent acquisition of SafeBase, a trust center software provider used by major companies like OpenAI and CrowdStrike. The VRM Agent, currently in beta and expected for general availability by the end of 2025, automates the evaluation and management of vendor relationships to mitigate cybersecurity risks and ensure compliance with internal audits and Service Level Agreements (SLAs). It autonomously sets monitoring criteria, even for vendors' vendors, providing continuous, real-time oversight that human teams cannot match. The agent's features include automated criteria extraction, AI-powered document review, dynamic reporting, and follow-up orchestration. Drata is also developing dedicated Trust and Compliance agents to enhance its platform's capabilities. Drata also highlighted its strong partner ecosystem, collaborating with over 1,000 partners, including IT service providers and audit firms, which account for about one-third of their sales.

Originally published at CRN on August 5, 2025.

Frequently Asked Questions (FAQ)

What is Drata's AI Agent for Vendor Risk Management (VRM)?

Drata's AI Agent for Vendor Risk Management (VRM) is an AI-powered tool designed to automate and streamline the process of assessing and managing the risks associated with third-party vendors. It aims to shift these critical GRC (Governance, Risk, and Compliance) tasks from manual efforts to autonomous, AI-driven operations.

How does the VRM Agent help organizations?

The VRM Agent helps organizations by continuously monitoring vendor security controls and compliance with contractual obligations. It accelerates vendor risk reviews, enhances data scoring, and provides real-time oversight that would be impossible for human teams alone. This reduces cybersecurity risks and supports internal audits and SLA compliance.

What kind of vendors can the VRM Agent manage?

The VRM Agent is specifically designed to support GRC teams managing relationships with thousands of external vendors, including IT companies and service providers.

What are trust centers in the context of vendor risk management?

Trust centers are external websites or portals where IT vendors share their security, privacy, and compliance information, such as SOC 2 reports, HIPAA policies, and various certifications. Drata's platform integrates with these trust centers to gather essential data.

What is the current status of the VRM Agent?

The VRM Agent is currently in beta and is expected to be generally available by the end of 2025.

Crypto Market AI's Take

Drata's introduction of an AI Agent for Vendor Risk Management signifies a crucial advancement in the GRC space, aligning with the broader trend of AI adoption across all industries, including finance and technology. As organizations increasingly rely on external vendors, and as the complexity of these relationships grows with the integration of new technologies like AI services, robust and automated risk management becomes paramount. This move by Drata highlights the growing demand for intelligent solutions that can handle the scale and speed required to mitigate third-party risks effectively. For businesses operating in the highly regulated and fast-paced cryptocurrency sector, having such AI-powered GRC tools can be a significant competitive advantage, ensuring compliance and security while fostering trust in their vendor ecosystem.

Drata Brings AI Agent Technology To Vendor Risk Management: Exclusive