Founder: Christina Cacioppo (CEO)
Launched: 2018
Headquarters: San Francisco
Funding: $504 million
Valuation: $4.1 billion
Key Technologies: Artificial intelligence, cloud computing, generative AI, machine learning, software-defined security
Industry: Enterprise technology
Previous appearances on Disruptor 50 list: 1 (No. 17 in 2023)
Startups that want to sell software to big companies eventually hit the same wall: prove you're secure.
That proof usually comes in the form of SOC 2, a third-party audit that verifies if a company's systems and data controls are actually doing what the company claims. Getting that certification typically requires months of manual work: spreadsheets, pulling logs and other evidence, all while trying to get a product out the door.
Vanta was built to streamline that time-consuming process. The San Francisco-based company, which is backed by CrowdStrike, connects to a business's existing infrastructure, such as cloud services, HR tools or code repositories, and automatically collects the evidence auditors require. It monitors controls continuously, runs hundreds of tests hourly, and flags problems before an auditor does. What once took the better part of a year can now take weeks.
The company was launched in 2018 by Dropbox product manager Christina Cacioppo to automate security compliance. She saw how painful security compliance was for companies and worked with Erik Goldman, also a former Dropbox employee, to fix it. Vanta now has more than 15,000 customers and raised a $150 million Series D in July, implying a $4.15 billion valuation, with backing from Sequoia Capital, Y Combinator, and Wellington Management.
The company has since expanded beyond SOC 2, supporting more than 35 frameworks and regulations while moving into broader governance, risk, and compliance territory.
Its competitors include Drata and enterprise-grade platforms like OneTrust and AuditBoard, which serve larger organizations with broader compliance and privacy mandates.
The past year has been busy. Vanta launched an AI agent, which works as a workflow assistant that can draft policies, complete questionnaires and flag risks. The company also acquired Riskey, a third- and fourth-party risk monitoring startup, and received FedRAMP authorization, opening the door for companies to sell cloud services to U.S. federal agencies.
Sign up for our weekly, original newsletter that goes beyond the annual Disruptor 50 list, offering a closer look at the most promising venture-backed companies.
