Most corporate employees in America have likely signed up for ChatGPT. And Claude. And possibly Cursor. Their employer’s security team has no idea—or even if they do, they can’t keep up. This paradox is why Vanta is having a blockbuster year.
The San Francisco-based security and compliance company has crossed $300 million in annual recurring revenue, Fortune exclusively learned. This milestone represents a tripling of ARR in two years. Vanta’s customer growth rate has also accelerated to roughly 60% year-over-year—a number that has gone up in each of the past four quarters, the company said. Sources with knowledge of Vanta’s balance sheet say that its net revenue retention (NRR) has similarly increased every quarter for the last 2 years and continues to be over 100 percent.
Vanta now serves more than 16,000 customers, including Snowflake, Atlassian, Duolingo, Ramp, Cursor, and Harvey.
The company’s success stands firmly against the backdrop of its last public valuation in July 2025: $4.15 billion. At the time, Wellington Management led a $150 million Series D alongside Sequoia, Goldman Sachs Alternatives, J.P. Morgan, Craft Ventures, Y Combinator, Atlassian Ventures, and CrowdStrike Ventures. Vanta has raised more than $500 million since CEO Christina Cacioppo and engineer Erik Goldman founded the company out of Y Combinator in 2018. Cacioppo—who taught herself to code from books before writing Vanta’s first prototype—now oversees roughly 1,000 employees.
What’s pulling the curve up is a problem that didn’t exist at scale 24 months ago. Vanta’s own data, drawn from its third-party risk management product and released in a recent report, found that 70% of companies now have shadow AI—tools employees adopted without security review. The company also reported that LLMs are 52% more likely to be flagged as critical risk than traditional SaaS. In a single year, the average company sees employees reinstall an AI tool 1,000 times after security has revoked it. The most-reinstalled offenders, per Vanta: Claude, ChatGPT, and Cursor.
“There’s this push-pull going on at an actually really broad scale,” Cacioppo told Fortune, describing executives demanding AI transformation while security teams scramble to assess what’s already on the network. The fix, she argues, is continuous monitoring.
“AI is exciting, but also scary and risky,” Cacioppo said. “It’s that combination of new, quickly growing AI hyperscalers with more risk and more scrutiny that is letting Vanta’s growth rate actually increase year over year.”
Now, the $65.2 billion governance, risk, and compliance field is watching a category leader extend its lead. As for the inevitable IPO question, Cacioppo demurred: “The goal is the long-term sustainable company versus the day of confetti.”
See you tomorrow,
Lily Mae Lazarus
X: @LilyMaeLazarus
Email: lily.lazarus@fortune.com
Submit a deal for the Term Sheet newsletter here.
Joey Abrams curated the deals section of today’s newsletter. Subscribe here.
VENTURE CAPITAL
– True Anomaly, a Centennial, Colo.-based developer of space technology, raised $650 million in Series D funding. Eclipse and Riot Ventures led the round and were joined by Paradigm, Atreides, G Squared, The Private Shares Fund, VanEck, and others.
– Golden Child, a Miami, Fla.-based dog food company, raised $37 million in funding from Atomic, A*, and Redpoint Ventures.
– Fence, a New York City-based developer of internet-native infrastructure for debt capital markets, raised $20 million in funding. Galaxy Ventures led the round and was joined by existing investors ParaFi Capital and Crane Venture Partners.
– Windmill, a New York City-based AI-powered performance review platform, raised $12 million in funding. Inspired Capital led the round and was joined by Primary Venture Partners, Founder Collective, and Oceans Ventures.
– Redpine, a Stockholm, Sweden-based knowledge layer for agentic AI, raised €6.8 million ($8 million) in seed funding. NordicNinja led the round and was joined by Luminar Ventures, node.vc, and angel investors.
– Dex, a London, U.K.-based AI talent agent, raised $5.3 million in seed funding. Notion Capital led the round and was joined by a16z Speedrun, Concept Ventures 2100, and angel investors.
– Betterness, a Miami, Fla.-based developer of autonomous AI agents for personalized wellness, raised $2.5 million in seed funding from Martin Varsavsky, Justin Stone, and others.
– Tapaya, a Prague, Czech Republic-based payments infrastructure startup, raised €1 million ($1.18 million) in pre-seed funding. Passion Capital and Depo Ventures led the round and were joined by BADideas.fund.
PRIVATE EQUITY
– Artemis acquired Optikos, a Wakefield, Mass.-based optical technologies company. Financial terms were not disclosed.
– ClearCourse, backed by Aquiline, acquired Kurve, a Newport, Wales-based developer of self-service kiosk technology. Financial terms were not disclosed.
– Superior Health Partners, a portfolio company of Renovus Capital Partners, acquired Chant Healthcare, a Stigler, Okla.-based provider of home health, home care, and hospice services operating through Compassion Homecare and Sans Bois Hospice. Financial terms were not disclosed.
– Valor Exterior Partners, a portfolio company of Osceola Capital, acquired Associate Roofing, a Braintree, Mass.-based exterior home services company. Financial terms were not disclosed.
EXITS
– Acron Technologies acquired Sightline Intelligence, a Portland, Ore.-based video processing and AI-powered defense solutions company, from Artemis Capital Partners. Financial terms were not disclosed.
– Protective Life Corporation agreed to acquire Obsidian Insurance Holdings, a New York City-based property, casualty, and specialty insurance platform, from Genstar Capital. Financial terms were not disclosed.
PEOPLE
– InTandem Capital Partners, a New York City-based private equity firm, appointed Elliot Cooperstone CEO and managing partner, Brad Coppens president and managing partner, Chris Reef to partner, Aaron Newman as principal, Lauren Mangino to managing director, and Jackson Monnin to vice president.
In the rapidly evolving landscape of corporate technology, many employees in America are adopting advanced AI tools like ChatGPT, Claude, and Cursor, often without their employers’ knowledge. This trend has presented significant challenges for corporate security teams, who struggle to keep pace with these developments. This backdrop of increasing AI adoption has propelled Vanta, a security and compliance company based in San Francisco, to impressive growth, achieving over $300 million in annual recurring revenue (ARR). This figure marks a tripling of ARR in just two years, with a customer growth rate of around 60% year-over-year. Vanta’s net revenue retention (NRR) has also remained above 100% for the past two years, indicating strong customer loyalty and satisfaction.
Vanta serves over 16,000 clients, including notable names such as Snowflake, Atlassian, Duolingo, Ramp, Cursor, and Harvey. The company’s growth follows a substantial funding round led by Wellington Management, which valued Vanta at $4.15 billion in July 2025, as part of a $150 million Series D investment. Since its inception in 2018, co-founders Christina Cacioppo and Erik Goldman have raised over $500 million to build Vanta into a prominent player in the governance, risk, and compliance (GRC) sector.
The surge in Vanta’s growth can be attributed to an emerging challenge in corporate environments: the rise of « shadow AI. » Vanta’s research indicates that 70% of companies have adopted AI tools without undergoing a formal security review. These tools pose heightened risks, as large language models (LLMs) are reported to be 52% more likely to be flagged as critical risks compared to traditional software-as-a-service (SaaS) offerings. On average, employees reinstall restricted AI tools approximately 1,000 times after security measures have been implemented. The most frequently reinstalled tools include Claude, ChatGPT, and Cursor.
Cacioppo emphasizes the growing tension between the demand for AI innovation and the imperative of security, noting that executives are pushing for AI transformation while security teams are scrambling to manage the risks associated with unauthorized tool adoption. She advocates for continuous monitoring as a solution to this challenge, highlighting the combination of the rapid growth of AI technologies and the associated risks as a driving factor behind Vanta’s impressive growth trajectory.
As Vanta continues to expand its influence in the $65.2 billion GRC industry, the prospect of an initial public offering (IPO) looms. However, Cacioppo is focused on building a sustainable company for the long term, rather than simply preparing for a public offering.
In addition to Vanta’s success, the venture capital landscape remains vibrant, with several notable funding rounds occurring across various sectors. Companies like True Anomaly, Golden Child, and Windmill have secured substantial investments, showcasing the ongoing interest in innovative technologies and solutions.
True Anomaly, based in Centennial, Colorado, raised $650 million in Series D funding to advance its space technology initiatives. Golden Child, a Miami-based dog food company, garnered $37 million to expand its product offerings. Windmill, a New York-based AI-powered performance review platform, raised $12 million to enhance its services.
In the private equity space, several acquisitions have taken place, including Artemis’s acquisition of Optikos, a Massachusetts-based optical technologies company, and ClearCourse’s acquisition of Kurve, a developer of self-service kiosk technology.
The landscape of corporate technology, security, and compliance is undoubtedly changing, with Vanta at the forefront of this transformation. As organizations grapple with the dual challenges of embracing innovative AI solutions while ensuring robust security measures, companies like Vanta are poised to continue growing and providing essential services in this complex environment.
