In the rapidly evolving landscape of cybersecurity, ensuring compliance and managing third-party risks are more crucial than ever. Vendict, a trailblazer in leveraging AI for security compliance, is at the forefront of this transformation. SafetyDetectives had the opportunity to speak with Udi Cohen, CEO and Co-Founder of Vendict, to delve into the innovative solutions his company provides. Udi’s extensive background in AI and security, combined with his experience at Broadcom, has equipped him with unique insights into the complexities of GRC (governance, risk, and compliance). He shares how Vendict’s AI-driven approach not only streamlines compliance processes but also enhances accuracy and efficiency, addressing some of the most pressing challenges in the field today.
Can you tell us a bit about your background and what led you to found Vendict?
Before Vendict, I was the Director at Broadcom, responsible for AI innovation in the switch and routing business unit. I have always been interested in AI, as has my co-founder. I worked extensively with AI at Broadcom and saw the power of linguistic models, believing that linguistic AI is the future. Several years ago, we recognized the challenges around GRC and third-party risk management. We saw how tedious this work was and identified an opportunity to solve these issues with linguistic AI.
How does Vendict’s AI-driven approach to security compliance differ from traditional methods?
Security compliance involves generating and analyzing complex texts. People can spend 20 years in GRC and still have gaps in their knowledge because it combines multiple disciplines: security, legal, technology, and compliance. Traditional tools for security compliance and third-party risk management could help with bureaucracy and workflow, but experts still had to do the hard work. Our AI, adapted to this specific problem, can help experts not just with project management and workflow but also with the mundane parts of their work, like responding to repetitive questions and analyzing extensive documents. Our AI understands the complex language of compliance, making it much easier to handle.
What are some of the key benefits that your clients have reported after implementing Vendict’s solutions?
The primary benefits are time savings and improved mental health by eliminating repetitive tasks. Clients can complete tasks much faster, allowing them to focus on more critical aspects of their work. For example, imagine receiving a 300-question questionnaire as part of a sales cycle. Manually responding to these questions is time-consuming and stressful, often requiring work over weekends. Our AI speeds up this process, reducing the time and effort required and improving overall efficiency.
What role does automation play in reducing human error and increasing efficiency in security compliance?
Automation significantly reduces the time required for tasks such as responding to questions and analyzing document quality. Tasks that typically take hours can now be completed in minutes, reducing human error and increasing efficiency.
Can you discuss the importance of continuous monitoring and real-time updates in maintaining compliance?
Vendict helps with third-party risk management, both when selling and buying technology. When selling, companies need to respond to questionnaires to pass assessments and close deals. On the buying side, companies need to verify their vendors to mitigate risks. Traditional responses to questionnaires can be unreliable because it’s hard to verify the information. Vendict automates third-party risk management, ensuring responses are based on reliable data from documents like SOC 2 reports. This makes the data more insightful and helps manage risk more efficiently, reducing overall risk.
For example, think about CrowdStrike. Although they typically have high standards, incidents can still occur. Companies also work with hundreds of other vendors, often smaller ones, who are more likely to make mistakes. If you choose to work with a smaller vendor without proper verification, you risk being the only one affected while your competitors continue operating smoothly. Imagine being the only airline that couldn’t register passengers while others are unaffected. You need to verify each technology vendor, which is why questionnaires are sent.
However, the problem is that you cannot rely solely on the responses to these questionnaires because you don’t know who answered them or how accurate they are. Vendict automates the process of third-party risk management by ensuring that the responses are not just provided by a sales engineer aiming to close a deal. Instead, the responses are based on actual data from documents that the company has committed to, like SOC 2 reports. These documents are verified by external auditors, making the data more reliable. By extracting responses from these verified documents, Vendict provides more accurate and insightful information, enabling better risk management and reducing overall risk.
What do you see as the biggest opportunities and threats in the security compliance market today?
Compliance is becoming increasingly important as we understand the problems technology can generate. Security is not just a problem for technology vendors; it requires regulatory oversight. Compliance enforces these regulations, and AI makes it possible to do this efficiently. However, the main threat is that regulations may not keep pace with rapid technological advancements, particularly with generative AI, which could have significant negative impacts if not properly managed.