Vanta Crosses $300M in ARR
Vanta (vanta.com), the security and compliance platform, has hit $300 million in annual recurring revenue. Fortune exclusively reported the milestone, which represents a tripling of ARR in two years. The company, last valued at $4.15 billion following its $150M Series D led by Wellington Management in July 2025, has been backed by Sequoia Capital, Goldman Sachs, JPMorgan, Craft Ventures, CrowdStrike Ventures, Atlassian Ventures, and Pioneer Fund among others.
The acceleration is striking. In a blog post, CEO Christina Cacioppo laid out the trajectory: Vanta took two years to grow from $10M to $100M ARR, 15 months to reach $200M, and just nine months to hit $300M. The company's customer growth rate has accelerated to roughly 60% year-over-year, a number that has increased in each of the past four quarters.
Vanta now serves more than 16,000 customers, including Snowflake, Atlassian, Duolingo, Ramp, Cursor, and Harvey. The company says 60% of the Forbes AI 50 are Vanta customers, many of which started as tiny teams and have grown substantially on the platform.
"It's astounding how fast Vanta has been growing. And for the best reason too: they made a really good product."
— Paul Graham, on X
A significant driver of this growth is the proliferation of AI tools inside companies that security teams struggle to track. According to Vanta's data, 70% of companies have AI tools and models that were adopted without formal security review. LLMs are 52% more likely to receive a high risk designation in Vanta compared to traditional SaaS. That gap between adoption and oversight is what Cacioppo describes as the core tailwind for the business.
"AI is reshaping how companies build, sell, and prove they can be trusted. This is exactly why we built our new third-party risk product and the Vanta Agent, and why our growth has accelerated after its rollout."
Vanta's product has evolved well beyond its original SOC 2 compliance automation roots. The company now offers what it calls an "Agentic Trust Platform" built on two core pieces: the Trust Graph, a real-time map of a company's controls, vendor relationships, and compliance obligations across 400+ integrations, and the Vanta Agent, an AI-powered system that handles compliance orchestration, audit prep, vendor risk assessments, and security questionnaires.
Enterprise customers are putting it to use. Samsara used the Vanta Agent to consolidate 820 controls across 10 frameworks into a common controls framework of roughly 260 controls, cutting its vendor review process time in half.
Cacioppo and Erik Goldman started the company in 2018, initially targeting Y Combinator startups needing compliance certifications to land enterprise deals. Three-quarters of YC companies have used the platform. The company has since pushed aggressively upmarket, with average revenue per customer rising from about $14K in early 2024 to $18K by mid-2025, and enterprise accounts like Snowflake and Samsara now running their trust programs on the platform.
Vanta is also investing in developer tooling, including an MCP Server and REST API that pipe the Trust Graph's data into tools like Claude and Cursor, letting engineering teams handle compliance issues without leaving their workflows. The company also recently received FedRAMP 20x Moderate authorization for its government cloud offering, opening up the federal market.
At $300M ARR with accelerating growth, the question now is whether Vanta is building toward a public offering. Cacioppo didn't address that directly, but framed the milestone in characteristically understated terms: "We're one more square into the back half of the chessboard."