Most corporate employees in America have likely signed up for ChatGPT. And Claude. And possibly Cursor. Their employer’s security team has no idea—or even if they do, they can’t keep up. This paradox is why Vanta is having a blockbuster year.
The San Francisco-based security and compliance company has crossed $300 million in annual recurring revenue, Fortune exclusively learned. This milestone represents a tripling of ARR in two years. Vanta’s customer growth rate has also accelerated to roughly 60% year-over-year—a number that has gone up in each of the past four quarters, the company said. Sources with knowledge of Vanta’s balance sheet say that its net revenue retention (NRR) has similarly increased every quarter for the last 2 years and continues to be over 100 percent.
Vanta now serves more than 16,000 customers, including Snowflake, Atlassian, Duolingo, Ramp, Cursor, and Harvey.
The company’s success stands firmly against the backdrop of its last public valuation in July 2025: $4.15 billion. At the time, Wellington Management led a $150 million Series D alongside Sequoia, Goldman Sachs Alternatives, J.P. Morgan, Craft Ventures, Y Combinator, Atlassian Ventures, and CrowdStrike Ventures. Vanta has raised more than $500 million since CEO Christina Cacioppo and engineer Erik Goldman founded the company out of Y Combinator in 2018. Cacioppo—who taught herself to code from books before writing Vanta’s first prototype—now oversees roughly 1,000 employees.
What’s pulling the curve up is a problem that didn’t exist at scale 24 months ago. Vanta’s own data, drawn from its third-party risk management product and released in a recent report, found that 70% of companies now have shadow AI—tools employees adopted without security review. The company also reported that LLMs are 52% more likely to be flagged as high risk than traditional SaaS. In a single year, the average company sees employees reinstall an AI tool 1,000 times after security has revoked it. The most-reinstalled offenders, per Vanta: Claude, ChatGPT, and Cursor.
“There’s this push-pull going on at an actually really broad scale,” Cacioppo told Fortune, describing executives demanding AI transformation while security teams scramble to assess what’s already on the network. The fix, she argues, is continuous monitoring.
“AI is exciting, but also scary and risky,” Cacioppo said. “It’s that combination of new, quickly growing AI hyperscalers with more risk and more scrutiny that is letting Vanta’s growth rate actually increase year over year.”
Now, the $65.2 billion governance, risk, and compliance field is watching a category leader extend its lead. As for the inevitable IPO question, Cacioppo demurred: “The goal is the long-term sustainable company versus the day of confetti.”
See you tomorrow,
Lily Mae Lazarus
X: @LilyMaeLazarus
Email: lily.lazarus@fortune.com
Submit a deal for the Term Sheet newsletter here.
Joey Abrams curated the deals section of today’s newsletter. Subscribe here.
