Vanta

Why do the best CISOs always look so calm? Not because the job is easy (it isn't). But because the rest of the org looks to you for strength. You carry the “what if?” so they don't have to. Behind the scenes, though, you're fighting rising AI risk, impossible expectations, endless audit prep, vendor sprawl—and a checklist that only grows. CISOs: we see you, we salute you, and we'd like to introduce you to a little something we call Calm-pliance. What's Calm-pliance? It's the moment you realize you're not relying on memory, or outdated tools, or manual...anything anymore. Compliance, risk, and proof live right where you want them—clearly visible and all on one peaceful platform. It's not about less responsibility, it's about less uncertainty. And it's about feeling as calm... ...as they already think you are. Get Calm-pliance: bit.ly/4smy9dQ

If you've ever thought, "Surely someone has solved this already…" They probably have. And now you can find them. 🎉 Today marks the grand opening of the Vanta Community, a Slack-native space bringing together operators, security leaders, and compliance pros across the Vanta network. Security is serious. Community makes it better. Come find your people and get the answers you’ve been looking for. 💜 community.vanta.com

AI is supposed to make a CISO's job easier. Right now, it may be doing the opposite. More shadow tools, more complex vendor contracts, more non-human identities to manage—the complexity is outpacing the efficiency gains. Our Sr. Director of GRC, Khushboo Kashyap, calls it the "CISO burnout paradox." At this year's #RSAC, she joined @insights_expert to talk about what this means for security teams, and how to govern AI without killing velocity. Read the full interview to find out how to stay ahead of it. bit.ly/3Op6FpG

Tokyo—we’re heading your way 🍸 Vanta is hosting a networking drinks night in partnership with @InsightAssuranc and SIGQ to share insights on how fast-growing tech companies in Japan are achieving continuous monitoring through automation. If you're in town, come join us. Spots are limited: luma.com/35vkbd0f

#Calmpliance, now boarding in NYC 🚕

Stop and smell the controls 💐 #Calmpliance

AI is already embedded across your org. You just might not see all of it yet. That’s where risk starts. A few simple moves can bring clarity: 🟣 Map your AI usage 🟣 Assign ownership 🟣 Track AI risks 🟣 Start small with assessments Build governance that actually scales with the help of our AI governance checklist: bit.ly/4bA78y7

Turns out “everything’s under control” can mean a lot of things. Our CMO Scott Holden sat down with @CyberMSociety to break down the thinking behind our latest “Calm-pliance” campaign—and the very real tension behind it. It’s a fun one (with some very real truths underneath). Give it a listen 👇

What's new in Vanta this month? 🔥 Automated SSPs. More integrations. Obligations you can actually track. Smarter vendor risk. All in Vanta. Log in and take a look, and check out our blog for details: bit.ly/3PqrG3H

"Fetching rocks” is one of the most expensive habits teams fall into. 🪨 On @firstround's Executive Function, our CPO @jeremy_epling shared happens when teams start doing work before they’ve defined what decision they’re actually trying to make. TL;DR? Clarity first. Then execution.

Compliance, enlightened.💡🕉️ #Calmpliance

“If you want a scalable compliance program, stop treating it like a project.” From the Vanta Delivers stage: The teams doing this well think about compliance like a product: 👤 Designed with users in mind 🔄 Continuously evolving 🤝 Deeply connected across the business That’s what sustainable compliance actually looks like. Watch the full customer panel on-demand ft. @jadeehanson, @alexstamos, and Andrew Becherer, plus learn about Vanta’s newest product launches: bit.ly/40HH0uX

It’s the final day of #RSAC 👀 Here’s a quick booth tour—come see it before it’s gone! #Calmpliance

It's like Disneyland for cybersecurity pros. ✨ #RSAC

Chaos averted. 😌 #Calmpliance #RSAC

Zen city, population: You 😌 Come find us at #RSAC for a little #calmpliance, ASMR IRL, and soothing swag.

You all really brought the energy to our Calm Before party last night 😌 Great people, amazing conversations, and a packed house at Temple SF—we couldn’t have asked for a better kickoff to #RSAC! Shoutout to our partners @Xbow, @aligncompliance, @coalfire, Agency, and Suger for helping make it happen. The vibes continue at booth S-1827 👀✨

Hey #Berlin, Vanta Trust Tour is coming your way! 🇩🇪 We're bringing together security, risk, and GRC leaders figuring out what trust actually looks like in the age of AI. Here’s what we’ll dig into in Berlin: 🟣 How CISOs are approaching AI + GRC in 2026 (and what’s actually working) 🟣 What’s changing in cybersecurity, and what to prioritize next 🟣 How teams in Germany are going from pilot to enterprise while building lasting customer trust Join us 12 May in the heart of Neukölln: vanta.com/trust-tour

We're aware of recent reporting about Delve’s compliance practices. Lovable is not a Delve customer. We proactively moved to Vanta in late 2025, before any of this came to light. Our SOC 2 Type II was independently audited by Prescient Assurance. We’re currently undergoing an independent internal audit of our ISMS, recertifying ISO 27001, and have our next SOC 2 Type II scheduled for Q3 2026. Security is not an afterthought at Lovable. It's a company-wide commitment backed by a dedicated team and continuous investment. Our current compliance practices are all here: trust.lovable.dev

If you’ve been to #RSAC, you know the feeling: Full calendar. Packed expo floor. Somewhere between your third coffee and your fifth conversation, everything starts to blur together. ✨We’re carving out a different kind of space this year.✨ Come find your moment of Calm-pliance with us at booth #1827 (South Expo) anytime you need a reset... whether that’s for some ASMR, super exclusive swag, or just a few minutes away from the chaos. Find us @ RSAC: bit.ly/475awi0

Today at Vanta Delivers, we said goodbye to audit chaos and hello to Calm-pliance. 💜 🎉 For a lot of GRC teams, the hard part isn’t passing audits. It’s everything in between: the resets, the repeated evidence collection, the constant coordination that never quite compounds. That’s what @jadeehanson, @alexstamos, and Andrew Becherer dug into today, and what we’re building to change at Vanta. With this launch, we focused on helping programs operate more like systems that evolve over time—where controls can be reused across frameworks, scope stays aligned as the business changes, audits run against what already exists, and Agents reduce the coordination overhead that slows teams down. Today, @jeremy_epling shared how that comes to life in Vanta: → Enterprise Control for flexibility at scale → Vanta Agents to surface what matters and automate the rest → Privacy Automation to bring privacy into one system This is what #calmpliance looks like in practice. Catch Vanta Delivers on demand: bit.ly/40HH0uX