On 3 June 2026, on a stage in New York, Vanta launched a product designed to solve a problem that, by its own figures, almost no one is currently solving.

The product is the Vanta Agent for Risk. The problem is the distance between two numbers that the company also published that week. Across Vanta’s customer base of more than 16,000 organisations, the count of internal “builder” roles has grown 311 per cent year on year. A builder, in this sense, is anyone inside a company who spins up new software, new integrations, and new artificial-intelligence tools without waiting for the technology department to bless it. Over the same period, those same organisations reviewed just 7 per cent of the outside vendors they had taken on, and fixed only 12 per cent of the risks they did manage to find.[1]

Hold those three figures next to each other. Adoption up threefold. Review at seven in a hundred. Remediation at one in eight. That is not a story about a product launch. That is the shape of a governance gap, measured by the company that sells the tool to close it — which is worth saying plainly, because the vendor’s incentive sharpens the data rather than discrediting it — and it is the most useful number to come out of any security launch this quarter.

The 7 per cent problem

Start with what the figures are actually counting, because the jargon hides the stakes. A “vendor review” is the unglamorous work of checking whether an outside supplier can be trusted with the access you have granted it. The supplier might be a payroll platform, a note-taking app, or an AI model wired straight into your customer data. Third-party risk management, or TPRM, is the discipline of doing that checking continuously rather than once at signing. It is dull. It is also the soft underbelly of every modern organisation, because the outside supplier is the door an attacker walks through when the front entrance is locked.

Seven per cent is the proportion of that door that anyone is watching.

According to Vanta’s own data, drawn from its 16,000 customers and published in a report it calls “The Builder Boom — Breaking Security”, 30 per cent of the AI vendors those organisations have onboarded are flagged as high or critical risk.[2] So the picture is not that enterprises are reviewing a representative 7 per cent and finding it clean. They are reviewing 7 per cent, finding that nearly a third of the AI tools in that sample are dangerous, and then remediating 12 per cent of what they find. The funnel narrows at every stage. By the time you reach the end of it, the amount of identified-and-fixed risk is a rounding error against the amount of adopted-and-unexamined risk.

I will mark that reading as analysis rather than reportage. Vanta has a commercial interest in the gap looking wide. But the figures are consistent with what every independent dataset is now reporting, and that is the test that matters.

What the builder boom actually broke

The instinct, reading those numbers, is to blame the security team. Resist it. The security team did not get lazier; the building got faster, and it moved out of the building it used to live in.

For most of the last two decades, the person who could introduce a new piece of software into a company was, broadly, an engineer. Procurement was a chokepoint. The technology department was the gate, and the gate was annoying, and being annoying was the point — it meant someone looked at the thing before it touched the data. The builder boom is the dissolution of that gate. The “builder” is no longer in engineering. The builder is the marketing manager who connects an AI copy tool to the customer database, the finance analyst who pipes the management accounts into a chatbot, the lawyer who runs the contract stack through a model nobody approved. Vanta’s own taxonomy captures the spread with a detail I find more telling than the headline figure: job titles containing “GTM Engineer” — a go-to-market role that did not meaningfully exist three years ago — are up 1,329 per cent year on year, and “Legal Engineer” roles are up 850 per cent.[2]

This is the Tony Stark problem. The interesting thing about Iron Man was never the suit; it was that the man who signed the cheques put it on and started flying sorties himself. When the executive becomes the operator, the org chart stops describing who can do what. And the executive is doing exactly that. Independent research from the security firm UpGuard, reported in November 2025, found that senior leadership is 50 per cent more likely to use unsanctioned AI tools, or “shadow AI”, than the rank and file, and that 68 per cent of security leaders themselves admitted to feeding company work through AI tools no one had cleared.[3] The people who write the security policy are among the most reliable people breaking it. Gartner expects shadow AI to be implicated in breaches at 40 per cent of organisations by 2030.[4]

So the gap is not a discipline failure. It is structural. The rate at which new risk enters an organisation is now set by everyone, all at once, from the graduate to the board; the rate at which it gets reviewed is still set by a small team — using tools built for a world where the gate still held — and the asymmetry between those two rates is the one the whole sector is quietly failing to price. It is also the one the Vanta launch is built to attack.

Two regulators, one blind spot

Here is why the gap is about to stop being an operational nuisance and start being a disclosable event.

In the United States, since December 2023, the Securities and Exchange Commission has required public companies to report a material cybersecurity incident on a Form 8-K — the regulatory filing every listed US company files for the events that move a share price — within four business days of deciding the incident is material.[5] The clock does not care whether the breach came through your own code or through an AI vendor your marketing team adopted in a tool nobody logged. A breach you cannot see is still a breach you must, eventually, disclose; you simply disclose it later, worse, and with the added admission that you did not know it was there.

In the United Kingdom, the pressure arrives as warning rather than rule, but the warning is unusually direct. In April 2026, at the CYBERUK conference in Glasgow, Dr Richard Horne, chief executive of the National Cyber Security Centre, told the room the country faces a “perfect storm” for cyber security: rapid AI advances and rising geopolitical tension arriving together, with the majority of nationally significant incidents now originating, directly or indirectly, from nation states.[6] He noted, pointedly, that frontier AI is already accelerating the discovery and exploitation of vulnerabilities at scale. The attackers are builders too, and they are adopting faster than the defenders.

The cost of the blind spot is not hypothetical, and the British example is the one to put in front of any board that thinks this is an American compliance story. The April 2025 attack on Marks & Spencer cut the company’s first-half statutory pre-tax profit from £391.9 million to £3.4 million, a near-total wipe-out, with a forecast operating-profit hit of around £300 million.[7] It was carried out, on the public record, by the Scattered Spider collective using DragonForce tooling, and it reached the retailer through a supplier rather than the front door. The combined damage to M&S and the Co-op was estimated at up to £440 million by the Cyber Monitoring Centre. The vector was a supplier relationship. The 7 per cent problem, fully priced.

And it is not a Vanta-shaped anomaly. Verizon’s 2025 Data Breach Investigations Report, an independent annual study of more than 12,000 confirmed breaches and about as close to an industry baseline as the field has, found that the share of breaches involving a third party doubled in a single year, from 15 per cent to 30 per cent.[8] That figure was produced by no one with a product to sell you. It says the same thing Vanta’s number says, and it gives the launch its real significance: the gap is real, it is widening, and the regulators on both sides of the Atlantic are now watching the same blind spot from two different angles. CISA, the US cyber-defence agency, spent 2025 publishing supply-chain procurement guides for exactly this reason.[9]

Reading this far?

Subscribe to The Control Layer for one piece a week in this register — AI, cybersecurity, sovereignty, and the geopolitics of the technology stack. Free.

The auditor is now an algorithm

So to the product, handled as what it is: a vendor’s answer to a problem the vendor has accurately described.

The Vanta Agent for Risk sits on what the company calls its “Trust Graph” — strip the branding and it is a continuously updated map of an organisation’s controls, vendors, assets, and obligations, refreshed through more than 400 integrations and 1,400 automated tests.[1] The pitch is that the agent reasons across that map without sleeping, links a drifting internal control to the vendor relationship it exposes, and surfaces the connection before it becomes an incident. There is also an “AI Risk Library”, a pre-built register for governing the AI tools themselves, and a scoring engine that rates each risk separately for financial, brand, and operational impact.

When Vanta unveiled the Trust Graph in London in May, I argued the architecture was the right one, and I stand by that. The June launch raises the harder question the May one deferred. Not whether you can see your risk in real time — but whether, having built the eyes, anyone has agreed to keep them open.

The honest case for the product is strong. Annual risk assessment is a smoke detector you test once a year and ignore for the other 364 days; continuous assessment is the detector left switched on. This is the Minority Report promise — get to the exposure before it becomes the incident, in the window when it is still cheap to fix — and applied to the 7 per cent problem, the logic is sound. You cannot review your whole vendor estate by hand. An agent that never tires is the only plausible way to push 7 per cent towards 70.

The case that needs pressing is the one the marketing will not raise. If the thing auditing your AI risk is itself an AI system reaching into your most sensitive metadata, who audits the auditor? This is the HAL 9000 question, and it is not rhetorical — the agent given the mission and the autonomy to pursue it is precisely the configuration that fails in interesting ways — and “the agent flagged nothing” is going to be a sentence in an incident report before this decade is out. Vanta’s answer, to its credit, is that the agent works against a structured graph rather than open-ended data, which constrains how it can fail. That is a real answer. It is not yet a regulatory one, because no regulator has defined the point at which one AI system may be trusted to attest to the security of another. Until they do, treat the agent’s output as decision-support, not decision-final.

There is a second thing to keep in view, which is that the product solving the problem also concentrates it. A risk map this complete is the most sensitive asset an organisation will hold: every weakness, every vendor, every drifting control, gathered in one place. The questions of where that map sits, and who can compel access to it, do not disappear because the dashboard is elegant. That is not an argument against the tool. It is the argument every board should commission before signing, with eyes open.

Predictive Judgement

Prediction. By 31 December 2027, at least one US-listed company will use an SEC Form 8-K Item 1.05 filing, or the 10-K annual report that follows it, to disclose a material cybersecurity incident in which an unreviewed or unsanctioned third-party AI tool was a contributing vector. The phrase “shadow AI” or its plain-English equivalent will appear in mainstream financial coverage of a specific named breach within the same window.

Signals to watch, quarterly.

1. Form 8-K Item 1.05 filings, and SEC comment letters, that name a third-party SaaS or AI vendor as part of an incident’s root cause.

2. The first shadow-AI-linked breach to reach the front page of the Financial Times or the Wall Street Journal with a named company attached.

3. UK movement — an FCA or NCSC intervention, or a Crown Commercial Service framework refresh, that names continuous third-party AI monitoring as an expectation rather than a nicety.

Falsifiability. If, by 31 December 2027, no US public-company disclosure attributes a material incident even partly to an unreviewed or unsanctioned third-party AI tool, the prediction is wrong. I will say so in writing.

The publication that calls its predictions in writing.

Every Control Layer piece ends with a falsifiable prediction and a list of signals to watch. Subscribe to track them. One email a week. Free.

The Bottom Line

The boards that come out of the next two years intact will be the ones that, in the middle of 2026, understood that adoption and governance had come apart — and that the gap between them was not a budget line, a tooling choice, or a problem the security team could be blamed into closing. It was a structural mismatch between the speed at which everyone in the organisation now builds and the speed at which a small number of people can still look.

The launch in New York is a good answer to a real question. Continuous, agentic risk monitoring is the only mechanism that can plausibly drag the 7 per cent towards a number worth defending, and the firms that adopt it early will disclose less, recover faster, and sleep better than the firms that do not. But the tool is the easy part. The hard part is the decision that precedes it: agreeing, at board level, that the risk you have never examined is still your risk, and that the disclosure clock — in New York and in London both — has already started counting.

You cannot file an 8-K on a breach you never saw coming. You cannot remediate a vendor you never reviewed. And you cannot govern what you have never agreed to look at.

The next piece is on what happens when the regulator asks who audited the agent.

Subscribe to The Control Layer to get the analytical thread continued — one piece a week, free, in the same register. From Amer Altaf, Managing Editor.

References

[1]: Vanta. “Vanta Launches New Agent to Unify Internal and Third-Party Risk.” Press release, Vanta Delivers: Live from New York, 3 June 2026. — figures for builder-role growth, integrations, and continuous tests as stated by Vanta.

[2]: Vanta. “The Builder Boom — Breaking Security.” Research report drawn from Vanta’s customer base of 16,000+ organisations, June 2026. — 311% builder-role growth, 73% higher AI-vendor adoption among organisations with formalised builder roles, 30% of AI vendors flagged high/critical risk, 7% of vendor inventory reviewed, 12% of identified risks remediated, “GTM Engineer” +1,329% and “Legal Engineer” +850% year on year. All figures are Vanta’s own and should be read as vendor data.

[3]: UpGuard. “New Research from UpGuard Reveals 68% of Security Leaders Admit to Unauthorized AI Usage.” 10 November 2025, — reported by Cybersecurity Dive, Based on 2024 surveys of 1,500 security leaders and employees across the US, UK, Canada, Australia, New Zealand, Singapore, and India.

[4]: Gartner, cited in “Shadow AI Security Breaches Will Hit 40% of All Companies by 2030, Warns Gartner,” Fortra, 2025.

[5]: U.S. Securities and Exchange Commission. “SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.” Adopted 26 July 2023 (Release 33-11216); Form 8-K Item 1.05, “Material Cybersecurity Incidents,” disclosure compliance began 18 December 2023, with filing required within four business days of a materiality determination.

[6]: National Cyber Security Centre. “Cyber chief: UK faces ‘perfect storm’ for cyber security.” Remarks by Dr Richard Horne, CEO, CYBERUK 2026, Glasgow, April 2026.

[7]: Marks & Spencer first-half results and cyber-attack impact: “M&S profits tumble after cyber attack,” Computer Weekly, November 2025; combined M&S/Co-op cost estimate of up to £440 million, Cyber Monitoring Centre, reported in Engineering and Technology Magazine, 23 June 2025,

[8]: Verizon. “2025 Data Breach Investigations Report.” Third-party involvement in breaches doubled from 15% to 30%; analysis of 22,052 incidents and 12,000+ confirmed breaches.

[9]: Cybersecurity and Infrastructure Security Agency. “Information and Communications Technology Supply Chain Risk Management.” Including the Software Acquisition Guide (August 2025) and the SBOM for Cybersecurity Guide (September 2025).

Further reading

- National Cyber Security Centre, “Cyber chief: UK faces ‘perfect storm’ for cyber security” (April 2026) — https://www.ncsc.gov.uk/news/cyber-chief-uk-faces-perfect-storm-for-cyber-security

- Verizon, “2025 Data Breach Investigations Report” — https://www.verizon.com/business/resources/reports/dbir/

- Cybersecurity Dive, “Shadow AI is widespread — and executives use it the most” (2025) — https://www.cybersecuritydive.com/news/shadow-ai-employee-trust-upguard/805280/

- U.S. Securities and Exchange Commission, final rule on cybersecurity risk management and incident disclosure (2023) — https://www.sec.gov/rules-regulations/2023/07/s7-09-22

- CISA, “Information and Communications Technology Supply Chain Risk Management” — https://www.cisa.gov/information-and-communications-technology-supply-chain-risk-management

- Fast Company, “’Shadow AI’ is real. Vanta wants to help manage it” (June 2026) — https://www.fastcompany.com/91551820/vanta-agent-for-risk

Author

Amer Altaf is Founder and CEO of Arkava, a UK and European sovereign AI agentic automation business, and Managing Editor of The Control Layer, the publication where he tracks the convergence of cybersecurity, AI, and the geopolitics of the technology stack. A techUK member, he contributes to industry engagement on UK technology sovereignty policy. He is currently writing on cloud security in an age of geopolitical uncertainty for Oxford University Press’s Expert Essentials series.