On the 101 in my bumper-car Prius, there's one billboard that invariably gets a chortle out of me.
It's for AI security and compliance startup Vanta, with the tagline: "Compliance that doesn't SOC 2 much." SOC 2, short for Service Organization Control 2, is a certification that outlines how companies should manage and protect customer data. While it's not legally required, it's become a crucial standard for enterprise SaaS companies -- though the certification process is notoriously time-consuming.
Vanta, which this summer raised $150 million at a $2.45 billion valuation, was started in 2018 to automate information security compliance (like SOC 2). The SOC 2 process has traditionally been arduous, requiring companies to send auditors soon-outdated screenshots, PDFs, and documents -- something Vanta has streamlined using AI and other technologies. But SOC 2 is just one form of compliance a company might need, and there are almost innumerable others, from GDPR to FedRAMP. Accordingly, there's been a growing group of AI compliance-oriented startups gaining traction in recent months and years. Just a few of the companies that touch this category include Cribl, Eon.io, Klarity, Norm AI, Relyance AI, and BigID. (OpenAI also just hired its first Chief Compliance Officer.) PitchBook sent Fortune data showing that, this year, the top 50 deals in the space added up to about $1.75 billion in deal value.
I spoke to Vanta CEO and cofounder Christina Cacioppo about what's making AI and compliance such a ready-made fit. In part, it's just the right time, she says, as compliance itself has never been more important for tech companies up and down the food chain.
"I think it's inevitable," said Cacioppo. "There's so much more scrutiny on tech companies than pick your prior year, or a decade ago... So, some of it is at least inevitable that there's more government and public scrutiny on what they're doing. And I think tech companies pushing back on that fact is just a losing proposition... And I think AI, because of its zeitgeist-iness, is uniquely positioned to the flashpoint issue."
In short, AI is designed to simplify these processes at a time when tech companies must be more compliant than ever -- partly due to the very world AI is creating. Vanta today released its 2024 State of Trust Report, which underscores this point. The report finds that 55% of companies say that security risks have "never been higher," in a new reality connected to AI's rise. Additionally, over 30% of companies surveyed reported that AI has amplified risks related to both phishing and malware, while 27% noted a rise in compliance violations with increased AI adoption.
Now, this may sound somewhat bleak. But for startups with solutions, there's opportunity. Vanta has a growing slate of customers that include Atlassian, Quora, Mistral AI, ZoomInfo, The Salvation Army, and Duolingo. In part, Cacioppo thinks Vanta's offering has resonated because they're in the business of giving people time back -- and because compliance can be ultimately revenue-generating.
"The insight with compliance is that it's a cost center," Cacioppo told Fortune. "It should be a revenue-driver, because the first time you get one of those combined certifications, you open up new markets. 'I can now sell to companies that I want to talk to in healthcare, because I have HIPAA, financial services because I have FedRAMP... You can tie a lot of this to revenue, and I think if you can actually tie the security pieces to revenue, you'll get more security."
Vanta in recent years has also moved beyond SOC 2, expanding to governance, risk, and compliance (GRC) solutions for larger customers.
"If you keep making customers really happy and the problem is big enough -- and the pain is intense enough -- there's always going to be a market in that space," said Vanta CPO Jeremy Epling, who's previously worked at GitHub and Microsoft.
It's essentially part of a long chain, one in which everyone is increasingly security-aware, Cacioppo said. Customers are increasingly demanding and sophisticated when it comes to software security and compliance, and tech companies that are competing for customers subsequently need their compliance in order to close those deals.
"We guide them through a bunch of the actual hard work," said Cacioppo. "Then [customers] can use it to grow their business."
It's an intriguing case of a sector poised to capitalize on the way AI is creating more risk, as AI is simultaneously creating solutions. And the reality is that, if you're one of many companies looking to up your compliance game, the process should SOC a little less.
Nina Ajemian curated the deals section of today's newsletter. Subscribe here.
VENTURE DEALS
- Interface.ai, a Covina, Calif.-based agentic AI solutions provider for community banks and credit unions, raised $30 million in funding from Avataar Venture Partners.
- Dunia.ai, a Berlin-based AI-driven material discovery company, raised $11.5 million in funding. Elaia and redalpine led the round and were joined by EIC, Pace Ventures, Kindred Capital, angel investors, and others.
- Keel, a London-based custom operational software building platform for businesses, raised $6 million in seed funding from Earlybird and LocalGlobe.
- Lin Health, a Denver-based chronic pain recovery digital platform, raised $5.2 million in funding from aMoon, Mayo Clinic, Saban Ventures, and others.
- Ned, a New York City-based cash flow lending platform, raised $4.2 million in seed funding. Impression Ventures led the round and was joined by Capital Eleven.
- Dryad Networks, a Berlin-based wildfire detection technology developer, raised €2.5 million ($2.7 million) in funding from First Imagine!.
- Turnover Labs, a New York City-based decarbonization technology developer for the chemical manufacturing industry, raised $1.4 million in pre-seed funding. Pace Ventures and GC Ventures led the round and were joined by Sandy Spring Climate Partners and others.
- Revyse, a Bend, Ore.-based vendor management software for the multifamily industry, raised $1 million in seed funding from RET Ventures.
- Achieve Partners acquired a majority stake in RiseNow, a Leawood, Kan.-based procurement and supply chain advisory and strategy firm. Financial terms were not disclosed.
OTHER
- FreeWill acquired Grant Assistant, a Washington, D.C.-based AI-based grant application process platform for nonprofits and international development organizations. Financial terms were not disclosed.
- hc1 acquired Accumen, a Scottsdale-based healthcare performance consulting firm. Financial terms were not disclosed.
FUNDS + FUNDS OF FUNDS