Drata launches AI tools for risk reviews & trust centres

Drata has introduced a set of agentic AI tools for third-party risk management and customer assurance workflows, expanding its product range in two areas central to how businesses assess suppliers and respond to security checks.

The new features cover vendor assessments, questionnaire responses and the creation of online trust centres used to share security and compliance information with customers.

They are intended to reduce the manual work involved in reviewing suppliers, answering buyer questions and publishing assurance material.

Risk Reviews

The first product, Agentic TPRM Assessment, is now available to Drata customers. It is designed to automate parts of third-party risk reviews, including setting assessment criteria, reviewing controls, linking findings to source evidence and turning issues into follow-up actions, tracked risks and reports.

The tool can also pull information from vendors' Drata Trust Centres, request access with consent and use live artefacts rather than older uploaded documents.

Drata says this should reduce the email exchanges and repeated document requests that often slow procurement and security reviews.

Third-party risk management has become a growing workload for security and governance teams as companies face pressure to assess more suppliers in greater detail. Manual evidence gathering and subjective reviews can create delays, particularly when internal teams must revisit the same vendors for updates.

UiPath, a Drata customer, said the new assessment tool could change how those reviews are carried out.

"Agentic TPRM Assessment will transform how we run third-party reviews," said Sheron Chakalakal, Head of GRC at UiPath.

"By ingesting live Trust Centre evidence and producing criteria-based evaluations, Drata eliminates the tedious back-and-forth with vendors and lets our team focus only on real risk-ultimately accelerating reviews and giving our procurement team the confidence to move faster," Chakalakal said.

A second UiPath executive linked the product to broader pressure on chief information security officers to monitor supply chain exposure.

"Third-party risk is one of the most pressing challenges for every CISO," said Scott Roberts, Chief Information Security Officer at UiPath.

"Drata's agentic TPRM Assessment will fundamentally change how organizations operationalize third-party risk management, bringing rigor, consistency and scale. Using agentic AI, security teams can run assessments in minutes, achieve a more accurate risk posture across the supply chain and operate at AI speed," he said.

Questionnaires

Drata also introduced Agentic Questionnaire Response, now in beta. The tool extends the company's existing questionnaire assistance software by handling more of the end-to-end process for security questionnaires that customers send to vendors during sales and procurement checks.

Security questionnaires are a common source of friction in business software sales because they often involve spreadsheets, repeated standard questions and multiple handoffs to subject matter experts. The new product is intended to organise drafting, collaboration, reminders, review and final delivery, while allowing customers to decide how much autonomy the software has at each stage.

Users retain control over key actions through human review points. That will likely matter for customers in regulated industries, or those working with legal and compliance teams that require approval before information is sent externally.

Trust Centres

A third addition, AI Trust Centre Creation, focuses on building public trust centres, which companies use to present compliance documents, reports and answers to common buyer questions. Drata says these sites often take months to create because teams must write content, collect documents and secure internal approvals.

The new feature can generate a preview of a trust centre from existing artefacts, including linked documentation. The aim is to shift customer assurance teams from manually gathering material to reviewing and editing a draft before publication.

That matters because trust centres have become a common way for software vendors to handle customer due diligence requests without repeating the same material in one-to-one exchanges. Faster publishing could help sales and assurance teams respond with current documents rather than ad hoc files.

Leadership Change

Alongside the product launch, Drata said Bharat Guruprakash has joined the team as Chief Product and Technology Officer. He previously served as chief product officer at Algolia and has held leadership roles at Twilio, Bitcasa, Samsung and Digit International.

The appointment adds a senior executive with product and engineering experience as Drata expands further into AI-led workflow tools. Guruprakash will oversee the company's global product and engineering teams.

Adam Markowitz, co-founder and CEO of Drata, said the new releases reflect a shift in how companies are expected to demonstrate trust to customers and partners.

"We're seeing a fundamental shift in how trust is proven and evaluated, with businesses worldwide now expected to continuously demonstrate trust at scale," he said.

"With our latest agentic AI capabilities, Drata moves beyond AI for piecemeal tasks to fully agentic workflow ownership, enabling organizations to autonomously assess third-party risk, service questionnaires at speed and dynamically deliver trust information. That's how trust becomes continuous, transparent and autonomous."