Company Replaces Low-Confidence, Point-in-Time Workflows so Enterprises can Continuously Analyze Outside-in Security Feeds and Vendor Security Posture Artifacts to Accurately Identify Gaps and Complete Risk Assessments
TrustCloud, the AI-native Security Assurance Platform for enterprise CISOs, announced a new version of TrustLens, the company’s Third Party Risk Management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four critical requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk mitigation.
In the latest TrustLens deployments, a Global 2000 life sciences customer leveraged the TPRM AI agent within TrustLens to assist their human agents. As a result, they were able to assess more than 5000 suppliers in six months (a 10x improvement). The TrustLens agent enabled deterministic and accurate risk assessments using a unique combination of AI models and rules, expanded assessed vendor coverage from 20% to 92% of its ecosystem, and identified 4x more critical gaps about their vendors compared to the prior process, resulting in proactive remediation by their supplier landscape.
“Our industry has normalized a version of TPRM that is process-driven rather than outcome-driven, where teams are rewarded for following a rigid process to complete assessments instead of reducing risk and leveragingย agentic AI to automate process and improve accuracy,” said Jikku Venkat, Head of Product, Customer Assurance and Third-Party Risk, TrustCloud. “We have introduced an AI agent in TrustLens that automates greater than 70% of the assessment work while still giving the risk analyst control over final decisions and approvals. This replaces point-in-time attestations with continuous proof that stands up to scrutiny at any moment.”
For years, organizations have operated under a model that rewards activity over outcomes, where teams send questionnaires, collect self reported answers, and produce reports that create a sense of diligence while leaving the underlying risk largely untouched. TrustCloud now challenges one of the most deeply entrenched and quietly dangerous assumptions in enterprise security: the belief that documenting risk is the same as managing it. With its new version of the TrustLens product, TrustCloud is now making it clear that the legacy TPRM approach is not just inefficient but fundamentally broken in a world where third party ecosystems are the dominant source of cyber exposure.
Also Read:ย CIO Influence Interview with Gihan Munasinghe, CTO of One Identity
With TrustLens’ new agentic AI capabilities, customers now have:
- The ability to automatically scope every assessment based on its inherent risk tier; the agent makes it possible to move from one-size fits all questionnaires to right-sizing every single assessment
- Real-time knowledge of a vendor’s profile, risks and gaps, and analysis of evidence and data to reduce endless back-and-forth time wasted in manually waiting for and analyzing responses
- Intelligent risk summaries, citing documentation, inside-out, outside-in data to accurately complete assessments in a deterministic and auditable fashion
- Insights and Q&A to understand business impact of risk factors, allowing anyone to ask questions about the risk posture and gaps with a vendor
- Up-to-date security posture data to enable proactive monitoring of security drift and continuously track new risks from a previously completed vendor assessment
TrustCloud’s position is unapologetically direct, which is that most third party risk programs today are not designed to prevent incidents or mitigate risks but to show that someone is completing an assessment to check a box. In an environment where the vast majority of enterprises have already experienced third party-driven breaches, that distinction is no longer acceptable.
“As organizations face increasing regulatory pressure, expanding vendor ecosystems, and a growing gap between perceived and actual risk, we need clear signals that the era of checkbox-driven TPRM is over,” said Dan Walsh, CISO, Datavant. “The future of risk assessment and reporting will require us to understand, report, and reduce risk with transparency, automation, and a data-driven approach that operates 24×7 across our entire vendor landscape.”
“With this launch, we are disrupting the TPRM status quo by eliminating a process that is simply frustrating for both the assessor and the third party,” said Tejas Ranade, Co-founder and CPO, TrustCloud. “We are replacing every broken manual workflow created by ineffective TPRM tools of the past with agentic, continuous data driven assessments that defend an organization from supply chain risk and allow CISOs to finally use their TPRM process as a high-confidence predictor of risk.”
Catch more CIO Insights:ย CIO as Orchestrator of Cross-Functional Digital Strategy
[To share your insights with us, please write toย psen@itechseries.com ]
