On the 101 in my bumper-car Prius, there’s one billboard that invariably gets a chortle out of me.
It’s for AI security and compliance startup Vanta, with the tagline: “Compliance that doesn’t SOC 2 much.” SOC 2, short for Service Organization Control 2, is a certification that outlines how companies should manage and protect customer data. While it’s not legally required, it’s become a crucial standard for enterprise SaaS companies—though the certification process is notoriously time-consuming.
Vanta, which this summer raised $150 million at a $2.45 billion valuation, was started in 2018 to automate information security compliance (like SOC 2). The SOC 2 process has traditionally been arduous, requiring companies to send auditors soon-outdated screenshots, PDFs, and documents—something Vanta has streamlined using AI and other technologies. But SOC 2 is just one form of compliance a company might need, and there are almost innumerable others, from GDPR to FedRAMP. Accordingly, there’s been a growing group of AI compliance-oriented startups gaining traction in recent months and years. Just a few of the companies that touch this category include Cribl, Eon.io, Klarity, Norm AI, Relyance AI, and BigID. (OpenAI also just hired its first Chief Compliance Officer.) PitchBook sent Fortune data showing that, this year, the top 50 deals in the space added up to about $1.75 billion in deal value.
I spoke to Vanta CEO and cofounder Christina Cacioppo about what’s making AI and compliance such a ready-made fit. In part, it’s just the right time, she says, as compliance itself has never been more important for tech companies up and down the food chain.
“I think it’s inevitable,” said Cacioppo. “There’s so much more scrutiny on tech companies than pick your prior year, or a decade ago… So, some of it is at least inevitable that there’s more government and public scrutiny on what they’re doing. And I think tech companies pushing back on that fact is just a losing proposition… And I think AI, because of its zeitgeist-iness, is uniquely positioned to the flashpoint issue.”
In short, AI is designed to simplify these processes at a time when tech companies must be more compliant than ever—partly due to the very world AI is creating. Vanta today released its 2024 State of Trust Report, which underscores this point. The report finds that 55% of companies say that security risks have “never been higher,” in a new reality connected to AI’s rise. Additionally, over 30% of companies surveyed reported that AI has amplified risks related to both phishing and malware, while 27% noted a rise in compliance violations with increased AI adoption.
Now, this may sound somewhat bleak. But for startups with solutions, there’s opportunity. Vanta has a growing slate of customers that include Atlassian, Quora, Mistral AI, ZoomInfo, The Salvation Army, and Duolingo. In part, Cacioppo thinks Vanta’s offering has resonated because they’re in the business of giving people time back—and because compliance can be ultimately revenue-generating.
“The insight with compliance is that it’s a cost center,” Cacioppo told Fortune. “It should be a revenue-driver, because the first time you get one of those combined certifications, you open up new markets. ‘I can now sell to companies that I want to talk to in healthcare, because I have HIPAA, financial services because I have FedRAMP… You can tie a lot of this to revenue, and I think if you can actually tie the security pieces to revenue, you’ll get more security.”
Vanta in recent years has also moved beyond SOC 2, expanding to governance, risk, and compliance (GRC) solutions for larger customers.
“If you keep making customers really happy and the problem is big enough—and the pain is intense enough—there’s always going to be a market in that space,” said Vanta CPO Jeremy Epling, who’s previously worked at GitHub and Microsoft.
It’s essentially part of a long chain, one in which everyone is increasingly security-aware, Cacioppo said. Customers are increasingly demanding and sophisticated when it comes to software security and compliance, and tech companies that are competing for customers subsequently need their compliance in order to close those deals.
“We guide them through a bunch of the actual hard work,” said Cacioppo. “Then [customers] can use it to grow their business.”
It’s an intriguing case of a sector poised to capitalize on the way AI is creating more risk, as AI is simultaneously creating solutions. And the reality is that, if you’re one of many companies looking to up your compliance game, the process should SOC a little less.
See you tomorrow,
Allie Garfinkle
Twitter: @agarfinks
Email: [email protected]
Submit a deal for the Term Sheet newsletter here.
Nina Ajemian curated the deals section of today’s newsletter. Subscribe here.
VENTURE DEALS
– Interface.ai, a Covina, Calif.-based agentic AI solutions provider for community banks and credit unions, raised $30 million in funding from Avataar Venture Partners.
– Genmo, a San Francisco-based AI video generation research lab, raised $28.4 million in Series A funding. NEA led the round and was joined by The House Fund, Gold House Ventures, WndrCo, angel investors, and others.
– WarrCloud, a St. Louis-based automated warranty processing platform, raised $20 million in Series B funding. Centana Growth Partners led the round and was joined by existing investors Argentum and Automotive Ventures.
– Genie AI, a London-based AI legal assistant, raised $17.8 million in Series A funding. Google Ventures led the round and was joined by Khosla Ventures.
– BiltOn, a New York City-based construction operations and risk management software platform formerly named Beti, raised $15 million in Series B funding. PSG Equity led the round and was joined by Titan Capital and 97212 Ventures.
– Attention, a New York City-based customer conversation insights platform for sales and revenue teams, raised $14 million in Series A funding. Alven led the round and was joined by Eniac, 645 Ventures, Aglae, and others.
– Dunia.ai, a Berlin-based AI-driven material discovery company, raised $11.5 million in funding. Elaia and redalpine led the round and were joined by EIC, Pace Ventures, Kindred Capital, angel investors, and others.
– Variational, a George Town, Cayman Islands-based peer-to-peer trading protocol for perpetuals and generalized derivatives, raised $10.3 million in seed funding. Bain Capital Crypto and Peak XV Partners led the round and were joined by Coinbase Ventures, Dragonfly Capital, North Island Ventures, angel investors, and others.
– Embedded Intelligence, a New York City-based embedded AI tool developer, raised $10 million in seed funding from General Catalyst, Valor, SV Angel, Conviction Embed, Medal, and others.
– Paccurate, a New York City-based parcel intelligence and packing optimization platform, raised $8.1 million in Series A funding. High Alpha led the round and was joined by Tech Square Ventures, Grand Ventures, HPA, and others.
– Keel, a London-based custom operational software building platform for businesses, raised $6 million in seed funding from Earlybird and LocalGlobe.
– Lin Health, a Denver-based chronic pain recovery digital platform, raised $5.2 million in funding from aMoon, Mayo Clinic, Saban Ventures, and others.
– Ned, a New York City-based cash flow lending platform, raised $4.2 million in seed funding. Impression Ventures led the round and was joined by Capital Eleven.
– Sidero Labs, a Goleta, Calif.-based Kubernetes management software company, raised $4 million in funding. Hiro Capital led the round and was joined by Sony Innovation Fund.
– Passionfroot, a Berlin-based AI-powered B2B creator platform, raised $3.8 million in seed funding. Supernode Global led the round and was joined by s16vc, Sequoia and Accel scout funds, and angel investors.
– Ramdam, a Paris-based AI-powered user-generated content production platform for advertisers, raised $3.2 million in seed funding. The Moon Venture, Paris Region Venture Fund, and Data Tech Fund led the round and were joined by BPI.
– Dryad Networks, a Berlin-based wildfire detection technology developer, raised €2.5 million ($2.7 million) in funding from First Imagine!.
– Turnover Labs, a New York City-based decarbonization technology developer for the chemical manufacturing industry, raised $1.4 million in pre-seed funding. Pace Ventures and GC Ventures led the round and were joined by Sandy Spring Climate Partners and others.
– Revyse, a Bend, Ore.-based vendor management software for the multifamily industry, raised $1 million in seed funding from RET Ventures.
PRIVATE EQUITY
– Wendel agreed to acquire a 75% stake in Monroe Capital, a Chicago-based asset management firm specializing in private credit markets, for $1.1 billion.
– Achieve Partners acquired a majority stake in RiseNow, a Leawood, Kan.-based procurement and supply chain advisory and strategy firm. Financial terms were not disclosed.
OTHER
– FreeWill acquired Grant Assistant, a Washington, D.C.-based AI-based grant application process platform for nonprofits and international development organizations. Financial terms were not disclosed.
– hc1 acquired Accumen, a Scottsdale-based healthcare performance consulting firm. Financial terms were not disclosed.
FUNDS + FUNDS OF FUNDS
– Infinity Ventures, a San Francisco-based venture capital firm, raised $184 million for its second fund focused on B2B fintech and commerce enablement.
PEOPLE
– Halifax Group, a Washington, D.C.-based private equity firm, promoted Davis Hostetter to managing director and added Will Morrissett as a vice president. Previously, Morrissett was at Pamlico Capital.
– The House Fund, a Berkeley, Calif.-based venture capital fund, added Zachary Hargreaves as a managing partner. Previously, he was at Founders Fund.– Torch Capital, a New York City-based venture capital firm, promoted Chris Harper to partner.
