Generative AI Compliance Startup Vendict Raises $9.5M
Today, enterprise software vendors must often fill out questionnaires proving they are compliant with the security requirements of the customers they seek to service — a highly manual, technical and time-consuming process.
Security compliance startup Vendict has raised $9.5 million in a funding round led by NFX, Disruptive AI, and Cardumen Capital. Vendict leverages generative AI to automate security compliance, streamlining the paperwork usually necessary for an enterprise software company to sign a client.
Vendict’s pitch is that generative AI can handle filling out compliance questionnaires, leveraging the company’s own data to do so, and ensuring they don’t miss any steps in getting approval for the actual work they perform. The result saves hundreds of hours of labor without any big increase in budget, according to Vendict.
The startup has built what it claims is the first large language model AI that grasps the security language necessary to fill out the questionnaires. The startup blends its own LLM with licensed APIs of others and employs Microsoft Azure generative AI tools as well. The resulting “AI security expert” is trained on the vendor’s existing database, including audit reports, workflow guides, and previously filled-out questionnaires. The AI then processes each question in the forms and, ideally, responds with whatever appropriate answer a human at the company would have written.
“Filling out a security questionnaire is one of the least preferred activities of any CISO, GRC specialist, or sales engineer I’ve ever spoken with. By using the GRC-specific generative language model, this is the first time that this pain is truly solved,” Vendict CEO Udi Cohen said. “As the CEO, I’m getting to see the astonished faces of our customers when they realize that they will not need to manually respond to questionnaires anymore. This is satisfying in a way that I can’t explain. But still, this is just an intermediate step. The technology we are now developing will eliminate the need to send questionnaires altogether. Vendict will generate security assessment reports to the buyers, based on the sellers’ documents, and the criticality of the vendor.”