Vanta has acquired Riskey, a specialist in realtime third- and fourth-party risk monitoring, in a move to transform how organizations manage vendor cybersecurity risks. The acquisition integrates Riskey's technology into Vanta's Vendor Risk Management platform, replacing traditional static point-in-time assessments with continuous, AI-driven risk intelligence.

The deal comes as supply chain cyberattacks have surged dramatically, with supply chain attacks increasing by 431% between 2021 and 2023, and third-party involvement in breaches doubling to 30 percent according to recent industry reports. Supply chain attacks rose sharply in April-May 2025, hitting IT and telecom sectors hardest, demonstrating the urgent need for enhanced vendor monitoring capabilities.

The timing reflects growing pressure on organizations to better manage vendor relationships amid escalating cyber threats. According to Gartner research cited in the announcement, 45% of organizations have experienced increased business interruptions due to third-party cybersecurity incidents, while IT teams spend over six hours weekly reviewing vendor risk.

"The traditional model of vendor risk reviews - annual questionnaires and lagging scores - no longer meets the pace or scale of today's threat landscape," said Jeremy Epling, Chief Product Officer at Vanta.

"By integrating Riskey and Vanta, we've unlocked continuous vendor risk monitoring which lets customers identify threats proactively and take action immediately to protect company assets."

Recent high-profile incidents have underscored the vulnerabilities in supply chains, where attacks on Australian IT and telecom solutions companies exposed licensing files, hashed credentials, and critical infrastructure data.

Riskey's technology monitors for vulnerabilities, breaches, misconfigurations, leaked credentials and subprocessors across third- and fourth-party relationships. Its AI scoring model categorizes findings and provides actionable context to security teams.

"Customers are drowning in vendor data with no clear signal on what's relevant or actionable," said Koren Molcho, CEO and co-founder of Riskey.

"Combining Riskey's monitoring technology into Vanta's VRM offering is an absolute game changer."

The integrated platform will enable customers to run comprehensive vendor assessments through both first-party security reviews and third- and fourth-party monitoring, streamline risk management with automated artifact collection, and receive real-time alerts with contextual guidance for mitigation.

The acquisition strengthens Vanta's position in the growing vendor risk management market as organizations seek to address what industry experts describe as one of the biggest challenges facing security leaders.

Recent studies show 61% of organizations have experienced a third-party data breach or security incident in the past 12 months, while 98% of companies worldwide have at least one vendor with a documented security breach.

https://www.vanta.com