FortifyData Revolutionizes Third-Party Risk Management with AI Auditor and AI Workflow Automation

January 6, 2026

New capabilities accelerate vendor due diligence, reduce manual review time of SOC 2 and other reports, and strengthen continuous monitoring amid rising supply chain threats

Atlanta, GA, January 6, 2026 – FortifyData, a leading cyber risk management platform, today announced significant AI enhancements to its Third-Party Risk Management (TPRM) application, including its AI Auditor that analyzes reports —soft-launched in late Q3 2025—and a preview of AI workflow automation features designed to streamline the vendor lifecycle process.

As organizations increasingly rely on third-party vendors, the attack surface expands dramatically. According to the 2025 Verizon DBIR, “30% of breaches were linked to third-party involvement, twice as much as last year, and  driven in part by vulnerability exploitation of all breaches” (up from 15% the prior year). FortifyData’s TPRM application already addresses this growing threat head-on with continuous monitoring powered by direct assessments supplemented with questionnaires, and with new advancements of the AI Auditor and vendor AI workflow automation FortifyData provides comprehensive visibility into vendor cyber risk that takes less time without compromising risk accuracy.

TPRM AI Auditor

The new AI Auditor enables TPRM teams to upload common vendor security reports—such as SOC 2, HECVAT, SIG, or other industry-specific documents—and receive an intelligent audit against selected frameworks (e.g., NIST, ISO 27001, CIS Controls). The AI generates an intuitive dashboard highlighting gaps, control deficiencies, and compliance status, complete with page-specific citations from the original report. This eliminates hours of manual review, allowing teams to evaluate more vendors faster while making more informed risk decisions.

“Manual review of vendor reports has long been a bottleneck for TPRM programs,” said Victor Gamra, CEO at FortifyData. “Our AI Auditor delivers immediate value by automating analysis with precision and transparency, helping clients scale their vendor oversight without sacrificing accuracy. Even I was surprised at some of the gaps it highlighted when evaluating our own SOC 2 report.”

Now with the AI Auditor we can get through multiple vendors per day while continuing to work on other tasks, between 1-2 hours. The original process took anywhere from 6 to 8 hours, depending on the completeness and thoroughness of the provided documentation and the review and it was standard to conduct one per day per analyst. The team spent approximately 10% of their time evaluating vendor reports. If I had to put a number to it, I would say that they have reduced that time to less than 2% now.

TPRM AI Workflow

Looking ahead, FortifyData will also release AI workflow capabilities that will autonomously communicate with vendors— guiding them through platform onboarding steps, requesting missing or additional documentation/evidence, highlighting non-compliance and sending status reminders. These features will further reduce administrative burden and accelerate vendor lifecycle management.

FortifyData’s TPRM application combines these AI innovations with its core strengths: ongoing risk monitoring through external attack surface assessments, vulnerability intelligence, and questionnaire-based insights—delivering a complete, proactive approach to third-party cyber risk.

Join an upcoming live session: Improve Your TPRM Program in 45 Days, on January 13, 2026 – 1:00pm ET, where examples of how AI helps TPRM will be presented.

About FortifyData

FortifyData empowers organizations to proactively manage and mitigate cybersecurity risks through its intelligent and automated Cyber GRC platform. Delivering actionable insights and streamlined workflows for risk assessment, vendor risk management, compliance automation, and continuous monitoring, FortifyData provides a unified view of security posture and risk management. Recognized with multiple industry awards for its innovative approach, FortifyData enables businesses to make informed decisions, strengthen their defenses, and build resilience against evolving cyber threats.

Learn more at the FortifyData website.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Platforms

Solutions

Industries

Company

Partners

Resources