Home
/
Blog
/
The AI-Native Future of Third-Party Risk Management: Inside Info-Tech Research Group’s Analyst Report on Vendict
Author picture
Kim Ann King
12.18.2025

The AI-Native Future of Third-Party Risk Management: Inside Info-Tech Research Group’s Analyst Report on Vendict

AI-native third-party risk management analyst report by Info-Tech Research Group featuring Vendict.

If you’ve ever worked inside a security, risk, or compliance team, you already know one universal truth: third-party risk management is exhausting.

Endless questionnaires. Never-ending PDF reviews. SOC 2 reports that magically grow longer every year. Vendors who take weeks to answer basic questions. Internal teams asking, “Hey, is that vendor approved yet?” every… five minutes.

It’s a lot. And according to a new analyst report from Info-Tech Research Group, there’s finally a real solution emerging – one that doesn’t require ripping out your entire GRC stack or hiring an army.

That solution is Vendict, an AI-native automation platform built specifically to tackle the messy, repetitive, document-heavy work that slows down every single TPRM program on the planet.

And the story behind how we got here is actually pretty interesting.

Vendict wasn’t started by generalists trying to “disrupt” GRC from the outside. It was started by two people who lived through the pain themselves.

  • Udi Cohen, former Head of Engineering at Broadcom
  • Michael Keslassy, former Head of R&D at Deep Instinct, one of the earliest adopters of generative AI in cybersecurity

Both spent years watching security and compliance teams struggle with the same thing: not the frameworks themselves, but the sheer slog of manual work around them.

Rather than trying to reinvent GRC, they made a simpler bet: What if AI handled all the repetitive stuff so the humans could focus on decisions, not document hunting?

Download the Report

A Value Proposition That Doesn’t Overpromise

One of the refreshing things about Vendict’s approach, according to the report, is how practical it is. We’re not claiming to replace Archer, ServiceNow, or any existing workflow tools. Instead, Vendict plugs into what you already have and does the one thing every TPRM team wants:

Make the work faster. A LOT faster.

It’s less “blow up your workflows” and more “what if this work took minutes instead of hours?” For companies already invested in large GRC ecosystems, that’s a dream scenario.

Document Automation: Where the Magic Happens

If there’s one thing the analyst report makes crystal clear, it’s this: Vendict’s superpower is turning messy documents into structured, reliable risk insights in minutes.

Think about the files your team collects every day:

  • SOC 2 reports
  • Security policies
  • Device management standards
  • Filled SIGs, CAIQs, custom questionnaires
  • Onboarding/offboarding procedures
  • Incident response plans

Normally, someone has to read all this. Manually. Slowly. Sometimes painfully.

Vendict just… reads them. Instantly. And then:

  • Extracts controls
  • Identifies gaps
  • Summarizes the important parts
  • Flags anything missing
  • Builds a structured, searchable record of everything

It’s like giving your TPRM team an extremely diligent and accurate analyst who actually likes reading PDFs.

Download the Report

Questionnaire Automation That Doesn’t Require Guesswork

The new report calls out another major value driver: Vendict’s ability to autofill questionnaires with evidence-backed responses.

This is where a lot of “AI” tools tend to fall apart. They hallucinate. They overconfidently make stuff up. They guess.

Vendict doesn’t guess. It only answers from the documents it processed. That means:

  • No hallucinated claims
  • No made-up controls
  • No gaps in context
  • Full traceability for every response
  • Analysts only need to review the flagged answers

And because the AI understands compliance language (thanks to being trained on 40+ frameworks like PCI, SOC 2, ISO 27001, GDPR, DORA, and others), it recognizes nuance and technical detail the way an experienced analyst would. This saves hours per vendor assessment and frees teams from the “PDF + Excel + pain” workflow everyone hates.

Features That Actually Make TPRM Easier

The analyst report highlights several differentiators that make Vendict stand out in a crowded market:

  1. The model is trained specifically for GRC language

This means the AI understands the vocabulary and patterns of compliance frameworks—not just generic English.

  1. SOC 2 summaries that don’t read like a textbook

Quick, clean summaries of 60–100 page documents? Yes, please.

  1. An audit trail for every answer

Every response ties back to source documentation. This is huge for trust and transparency.

  1. A structured scoring methodology

Vendict assigns:

  1. a score for each response
  2. an overall risk score
  3. a coverage metric that shows how much data was included

No more subjective, analyst-to-analyst variability.

  1. A lightning-fast search bar

Ask a question like, “Does this vendor use MFA?” and get an instant answer sourced directly from the vendor’s policies – no manual digging.

This is the kind of feature you can’t un-see. Once you’ve used it, going back feels like returning to dial-up internet.

Download the Report

Analyst Verdict: Vendict Solves a Real, Painful Problem

Info-Tech’s “Our Take” section is especially telling. The analysts call out something every practitioner knows:

Operational inefficiencies are often what destroy the value of a TPRM program.

You can have the right frameworks, the right intentions, and the right policies, but if your team is drowning in manual work, nothing moves.

Vendict solves that problem directly by:

  • strengthening existing GRC investments
  • accelerating vendor assessments
  • reducing manual labor
  • improving data consistency
  • centralizing evidence
  • increasing accuracy and transparency

Final Thoughts: A Much-Needed Upgrade for Security & Compliance Teams

After reading the Info-Tech Research Group report, one thing becomes obvious: Traditional TPRM processes simply don’t scale.

The volume of vendors is too high. The complexity of frameworks is too deep.
And the amount of documentation is too overwhelming.

AI-native tools like Vendict offer a new path, one where assessments are fast, evidence is clear, and most of the repetitive work is offloaded to systems built specifically for it.

It’s not hype. It’s not disruption-for-disruption’s-sake. It’s a very real, very practical evolution of the way TPRM gets done.

And based on the report, Vendict is leading the way. Want to learn more? Request a demo of Vendict’s Third-Party Risk Management solution; we’d love to show you the platform.

Download New Guide
Ready to Get Your Time Back?

Give us only 20 minutes and we will show you how to get 20 hours back.

Book a Demo

Recommended

blog thumbnail
author picture
Hen Amartely
12.15.2025

The Essential Buyers Guide to Security Questionnaire Response & TPRM Automation Platforms

A buyers guide to modern security review automation platforms. What to look for, what to avoid, and how to validate AI claims before you buy.

Read More
blog thumbnail
author picture
Kim Ann King
10.15.2025

See How Leading CISOs are Turning Compliance into a Competitive Advantage

Learn how Similarweb, Aidoc, and Telit scaled compliance with 100% evidence-backed answers.

Read More
blog thumbnail
author picture
Merav Vered
9.2.2025

Compliance Automation Tools That Fix the Security Questionnaire Headache

AI-powered automation is revolutionizing the way businesses handle security questionnaires. Learn how automation improves efficiency, reduces human error, and accelerates the compliance process, turning a time-consuming task into a strategic advantage for your business.

Read More

We use cookies to improve your experience, analyze site usage, and personalize content and ads. See our Privacy Policy for details.

DenyAcceptPreferences