Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With regulations evolving faster than ever due to new technologies, emerging threats, and global market trends, maintaining the expected compliance posture is becoming increasingly complex and time-consuming. ‍ Today, many organizations struggle to update systems and processes in response to regulatory changes, all while maintaining core business activities.

Globally, 88% of companies regularly use AI in at least one business function—a 10% increase from the previous year. But as organizations race to adopt new capabilities, we’ve found that the rigor and maturity of AI governance vary widely by region. ‍ The third edition of our State of Trust report reveals how leading AI adopters outside the U.S.—from the UK to Germany, France, and Australia—are approaching AI security and governance in distinct ways.

AI is changing the threat landscape faster than organizations can respond. AI-generated phishing and fraud have increased sharply year-over-year, and GenAI is enabling more sophisticated cyber attacks than ever before. ‍ Businesses are feeling the pain. Our team at Vanta surveyed 2,500 business and IT leaders across the globe and found that nearly three-quarters believe AI threats are outpacing their ability to manage them.

2025 began with experts warning about the dangers of agentic AI use—but that didn’t slow adoption. Our annual State of Trust Report shows that nearly 80% of organizations are either actively using or planning to use agentic AI. That acceleration is outpacing the governance required to keep these systems safe: ‍ ‍ A level of machine autonomy that would’ve been unthinkable just a few years ago is quickly becoming normalized.

We’re excited to announce the availability of two multi-product solutions in AWS Marketplace today. ATG and Vanta: Fast Track to Compliance Acceleration, along with Digital Trust Accelerator with Cognisys & Vanta to allow organizations to easily discover, try, test, buy, and deploy—as well as manage—thousands of software solutions. This new drop includes pre-built AI agents and ready-to-integrate tools, all in one place. ‍

This past month, the Vanta team launched new features to help you: ‍ ‍

‍On December 3rd, the React team disclosed a critical security flaw in React Server Components known as CVE-2025-55182. With a CVSS score of 10.0, this issue is extremely severe. React and Next.js are the backbone of the modern web. Consequently, this vulnerability likely sits deep within your third-party vendor ecosystem in addition to your own codebase.

‍ AI is transforming businesses at breakneck speed—but security isn’t keeping up. ‍ According to Vanta’s State of Trust Report 2025, which surveyed over 2,500 business and IT leaders around the world, 3 in 5 say AI-related security threats are outpacing their expertise. With a majority of organizations experiencing threats weekly, AI is not just driving the volume, but the precision of these attacks.

Since the launch of the Vanta AI Agent, teams using the Vanta AI Agent are saving an average of four hours a week—time they can reinvest in building, shipping, and scaling securely. ‍ According to a recent Vanta customer survey, 91% of Vanta AI Agent users say it’s improved their audit readiness, and 86% report faster audit preparation overall. Teams had less manual work, fewer last-minute scrambles, and more time to focus on meaningful security improvements. ‍ ‍ ‍

Not sure whether your Aussie startup needs to obtain an ISO 27001 certification? ISO 27001 isn’t legally required, but if you plan on trading internationally or have potential customers who are international, many organisations won’t even open conversation with you if you don’t have an ISO 27001 certification. ‍ To put a long story short: if you collect, store, transmit, or process data in any way, you may want to consider it.