The first 200 words of this piece are free. The full 3,400-word editorial breakdown — the architecture deep-dive, the constructive critique, the UK-sovereignty challenge to the trust graph, and the falsifiable predictive judgement on the death of the annual audit — sits behind the paywall.

Subscribe to read the full piece and the rest of the Trust Is the Growth Engine series — three pieces this week on what VantaCon UK 2026 told us about how trust is being rebuilt for the AI era.

On the morning of 7 May 2026, in a converted post-industrial conference space on Aldersgate Street, Vanta opened its third VantaCon UK[1] with a thesis the audit profession has spent the last two decades trying not to confront.

Christina Cacioppo, Vanta’s CEO and co-founder, walked on stage and said it directly. “AI is rewriting trust.”[2] Then, for the next ninety minutes, alongside her Chief Product Officer Jeremy Epling, she made the case that the static, annual, PDF-shaped compliance certificate is a relic, and that the architecture replacing it — continuous assurance, agentic governance, a live trust graph that updates 1,400 times an hour — is no longer five years away. It is shipping now.

That is the most important sentence to come out of any UK security conference this year, and I will mark it as my analytical reading rather than reportage. The reason it matters is not the platform announcement itself. It is what the announcement reveals about who has read the room correctly.

Continue reading — subscribe to The Control Layer