Try Claude
Case Study

Vanta streamlines compliance remediation with Claude

Vanta + Anthropic logo lockup

Vanta, a leading trust management platform, uses Claude to automate compliance remediation instructions, helping customers quickly fix security issues with precise, code-based solutions that previously required manual research and implementation.

With Claude, Vanta:

  • Accelerated implementation timeframe from weeks to just a few days
  • Expanded internal developer adoption of AI tools by 113% in just 2 months
  • Gained competitive advantage with remediation instructions that customers describe as "the bees knees"

Making compliance intuitive and actionable

Vanta's trust management platform helps over 10,000 customers automate compliance frameworks like SOC 2 and ISO by running tests that verify security controls. However, when these tests fail, customers can struggle to understand how to fix the underlying issues, compromising their security posture while they figure out solutions.

"Customers had failing tests and didn't know how to fix them, compromising their security and compliance postures," said Iccha Sethi, VP of Engineering at Vanta.

Vanta decided to go beyond detecting compliance issues to provide customers with clear, actionable remediation steps for immediate implementation. The sheer complexity of compliance frameworks—with thousands of controls across multiple cloud providers— made the manual creation of remediation instructions impractical for the Vanta team to maintain at scale.

To solve this challenge, Vanta created an AI-powered remediation system that automatically generates custom fix instructions when compliance tests fail. This system leverages Claude to analyze the compliance issue, determine the customer's cloud environment, and produce tailored step-by-step instructions or code snippets that customers can immediately implement—providing quick, actionable solutions to compliance failures.

Selecting Claude for superior code generation and easy implementation

Vanta employs an "eval driven framework" to select AI models, running extensive tests with golden datasets to find the best solution for specific customer problems. When evaluating models for their remediation instructions feature, Claude stood out.

"We ran eval tests and comparisons of Claude versus other models, and it outperformed them by approximately 15% for the test remediation use case focused on generating Terraform outputs," said Sethi. This advantage in code generation made Claude the clear choice for Vanta's compliance remediation needs.

Another critical factor was implementation speed. Sethi noted, "Switching to Claude was easy. It took us less than a week to complete the process—from evaluation and testing to implementation—and the transition was seamless."

Beyond core remediation, Vanta also saw dramatic improvements in developer productivity using Claude 3.7 Sonnet and Cursor. "Our team had previously tried alternatives and remained skeptical of code generation tools," explained Sethi. "The high-quality code produced by Claude 3.7 Sonnet has built genuine trust among our engineers in AI coding tools, showing these solutions are truly effective."

Transforming compliance remediation with AI-generated solutions

With Claude, Vanta developed a remediation system that automatically generates tailored fixes when compliance tests fail. The system determines the customer’s cloud provider and generates precise solution templates or AWS CLI instructions they can use to fix violations.

"An engineer had a breakthrough insight: we already track which cloud provider each customer uses," said Sethi. "We realized we could leverage this knowledge to automatically generate tailored solution templates or specific AWS CLI commands that customers could immediately apply to resolve their compliance violations."

“Vanta is continually improving to ensure our software and company practices are secure and compliant, making the auditing process very easy. I love how it provides steps for remediation of non-compliance. I check in on Vanta several times a day to keep up to date. We're REALLY loving Vanta AI, and are excited to see what's added to that next.”

– Vanta Healthcare customer

Winning customers and building market leadership

Claude-powered remediation instructions have become a competitive differentiator for Vanta. One customer reported, "Vanta's remediation instructions are significantly more intuitive, so it's a no-brainer to choose them as the market leader," while another stated, "We selected Vanta over competitors because their generated remediation instructions are a huge timesaver and an invaluable tool for our team."

The feature has transformed how Vanta's customers approach compliance, changing it from a burdensome requirement to a streamlined, automated process. By reducing the time between identifying a security and compliance issue and implementing a fix, Vanta helps customers maintain stronger security postures while spending less time on manual research and trial-and-error remediation.

This innovation has furthered Vanta's position as the market leader, with over 10,000 customers relying on their platform for trust management. The success with Claude has also driven internal AI tools adoption, with their team Slack channel for AI experimentation growing rapidly from 30 to 130+.

Building towards a proactive compliance future

Looking ahead, Vanta is pioneering the next evolution of compliance with Claude through the Model Context Protocol (MCP). After successfully deploying an internal prototype that instantly answers questions about failing controls and remediation steps, they're developing a public MCP server to extend these capabilities.

"We're exploring how to expand our MCP server integration to consumer-facing APIs and existing developer tools," said Sethi. "We envision workflows where agentic coding tools could automatically fetch remediation instructions or highlight compliance issues needing attention."

This vision transforms compliance from a retroactive burden into a seamless part of development. Sethi said, "We're just scratching the surface of what generative AI can do in compliance and security. This represents a shift-left approach, where compliance merges with security to become real-time and proactive."

Vanta isn't just automating compliance by making security information accessible through AI. They're reimagining it as powerful guardrails that empower organizations to move faster while staying secure. With Claude, they're creating a new approach to trust management that removes the traditional friction of compliance.